Identity S Identity S tandards & tandards & U S D U.S - PowerPoint PPT Presentation

Identity S Identity S tandards & tandards & U S D U.S . Deployment l t Nate Klingenstein Nate Klingenstein ndk@ internet2.edu Internet2 / S Internet2 / S hibboleth Consortium hibboleth Consortium 24 February 2011, APAN 31, Hong Kong y , , g g

Why is Asia so Important? • Network effects( ネットワーク外部性 , 网 络 外部性 , Eksternalitas j aringan, नेटवक नटवक प्ऱभाव , 네트워크 효과 ) रॎ प्ऱभाव , 네트워크 효과 ) • If more people use S p p AML and S hibboleth, it becomes more powerful for everyone for everyone • Asia arrived at a lucky time, because a y , lot of hard work has been done already 2

Identity S tandards • The world is converging around OAuth 2.0(IETF I-D) and S AML 2.0(OAS IS S td.) • OAuth 2.0 is almost entirely Facebook OA th 2 0 i l t ti l F b k and Twitter • S AML 2.0 is largely organizational use • Here are some numbers from Drupal 3

4

5

Identity S tandards • New standards work is continuing, centered around S AML and OAuth • User interface work (Kantara) U i t f k (K t ) • Extension to non-web protocols (Abfab) Extension to non web protocols (Abfab) • Better integration with HTTP (KITN) • Tons of additional features (IETF, S S TC) • Cardspace is dead, and OpenID is unlikely to ever be revved unlikely to ever be revved 6

S S ocial and Organizational ocial and Organizational Identity Identity • S till unclear whether these worlds will ever meet • Th The services used are distinct; trust i d di ti t t t requirements, discovery requirements very different diff t • Ongoing attempts to leverage social • Ongoing attempts to leverage social applications and identities in universities i iti • • Lots of vague interest but no real needs Lots of vague interest, but no real needs 7

S S ocial and Organizational ocial and Organizational Identity Identity • No attempts to integrate trusted data with social applications or identities • NIH iTrust is the best example serving NIH iT t i th b t l i both successfully • Lots of logins from both sources 8

Attribute Consent • Ad-hoc collaboration is very difficult with current federated identity • Administrators, federations, and others Ad i i t t f d ti d th have to be involved • Consent might help this, but it might not be enough not be enough • https:/ / aai-demo switch ch/ secure- https:/ / aai demo.switch.ch/ secure uApprove/ 9

Zero-Knowledge Proof • Microsoft is pushing U-Prove aggressively now • IBM Zurich Labs working on attribute IBM Z i h L b ki tt ib t p predicates and zero-knowledge proof g p for S AML 2.0 • Zero-knowledge proof is cool, but maybe too cool y • We have trouble with cookies… 10

Inter-federation • PEER, funded by IS OC, is intended to generalize metadata distribution • Aggregators and registrars A t d i t • Transport information about the registrar Transport information about the registrar and the entity • Technical issues should be largely solved • Legal discovery and trust barriers • Legal, discovery, and trust barriers remain 11

Academic Federation Academic Federation Update Update • You’ ve already heard some updates from Asia • Europe has federations in virtually E h f d ti i i t ll every country y y • S hibboleth proj ect moving to a consortium phase • • Broaden funding and management base for Broaden funding and management base for sustainability; JIS C(UK), S WITCH (S (S witzerland) Internet2 (US witzerland), Internet2 (US A) A) 12

13

Federation Update • Deployment outside of academia is large and growing • B Banks and investment firms k d i t t fi • Health care Health care • Real Estate • Conglomerates • Telecoms • • And of course consumer sites And, of course, consumer sites 14

S hibboleth Futures • The Consortium will look for a permanent home, or create one • Participation by all stakeholders in the P ti i ti b ll t k h ld i th permanent home will be encouraged p g • That means you! • Proj ect development continues uninterrupted uninterrupted • New S New S hibboleth Community Calls, hibboleth Community Calls, sometimes scheduled for Asian time 15

U S Government & U.S . Government & Identity Identity • HS PD-12, Federal PKI, PIV Cards, soon more • ICAM for external identity ICAM f t l id tit • • S S AML OpenID Liberty Alliance AML, OpenID, Liberty Alliance, Cardspace(now dead), WS -Federation • OIX, Kantara, InCommon • https:/ / www.idmanagement.gov/ htt / / id g t g / 16

My Thanks to NII My Thanks to NII & the Middleware WG & the Middleware WG ndk@ internet2.edu http:/ / www.internet 2.edu/ http:/ / www.internet 2.edu/ http:/ / www.incommon.org/ http:/ / shibboleth.net/ 17