internet identity and access control
play

Internet Identity and Access Control Dr Ken Klingenstein, Director, - PowerPoint PPT Presentation

Mar 18, 2023 •388 likes •499 views

Internet Identity and Access Control Dr Ken Klingenstein, Director, Middleware and Security, Internet2 Topics Whats happening/ impacts See lunch talk The Research Angle Researchers as users Security Researchers New

  1. Internet Identity and Access Control Dr Ken Klingenstein, Director, Middleware and Security, Internet2

  2. Topics • What’s happening/ impacts • See lunch talk • The Research Angle • Researchers as users • Security Researchers • New areas for Research kjk@internet2.edu

  3. Researchers as Users • Use your local login to access • NIH, NSF grant submission and management • CIlogon for CyberInfrastructure • GENI • Scholarly Identity • No local federation? Push for it… kjk@internet2.edu

  4. Security Research • Leveraging the trust fabric • SES as a model • Analytics beyond the border • http://www.ren-isac.net/ses/ • Federated security tools kjk@internet2.edu

  5. New Areas of Research • Anonymous Credentials • Scalable privacy management • UI, Correlation attacks, Contexts • Attribute Ecosystem • LOA, Revocation, Terms of use, Metadata kjk@internet2.edu

  6. Anonymous Credentials • Special credentials issued by attribute authorities • When queried by RP, will do minimal disclosure of encoded attributes • E.g. Over 18, True/False on specific sets of attributes, such as citizen, medical, etc. • Can be done so that IdP does not know either the values being released or the RP’s requesting information • Deep crypto techniques underlie – e.g. Idemix. • Ten year old research -> proprietary technology development ->open source capability • No use of SAML but heavy need for SAML metadata kjk@internet2.edu

  7. Anonymous Credentials Use Cases • Medical records • HMO can put attributes about patient medications into an IdP and have authorized RP query • Student health can store information restricted to RP with a need to know, protected from general IdP. • Citizen record • Answer general official queries such as over legal age queries, citizenship, etc. • Enable specific services such as parking by zones, privacy- preserving neighborhood discussions • Private access controls • By good and evil kjk@internet2.edu

  8. Key Directions in Anonymous Credentials • Radical new capabilities, but lacking any infrastructure at all to support deployment at scale • Delivering credentials to user and storing • Scalable query controls • Audit and policy issues • Metadata for informed consent • Others • Enter federated identity • Provides secure credential transport and storage • Provides framework for discussion on policy • Fills other deployment gaps kjk@internet2.edu

  9. Scalable privacy management • UI • Attack vectors • E.g. Correlation • Contexts kjk@internet2.edu

  10. Attributes • LOA • Revocation • Digital rights management • Use of metadata kjk@internet2.edu

Recommend

Internet Identity Initiatives Internet Identity Initiatives RL Bob Morgan University of

Internet Identity Initiatives Internet Identity Initiatives RL Bob Morgan University of

Internet Identity Initiatives Internet Identity Initiatives RL Bob Morgan University of Washington and Internet2 EMC2 Mlaga, S pain October 2006 Topics Topics Internet identity buzzwords/ proj ects: user-centric, sxip, dix,

395 views • 18 slides
Identity and Access Management Using Identity Management and Identity Governance to increase

Identity and Access Management Using Identity Management and Identity Governance to increase

Identity and Access Management Using Identity Management and Identity Governance to increase Automation and Security. Identity Management (IAM, IdM) defining and managing the roles and access privileges of individual network users, and the

2.89k views • 13 slides
Access Control Access Control 1 Access Control Access control : ensures that all direct

Access Control Access Control 1 Access Control Access control : ensures that all direct

Access Control Access Control 1 Access Control Access control : ensures that all direct accesses to object are authorized a scheme for mapping users to allowed actions Protection objects : system resources for which protection is

576 views • 21 slides
Access Control and Protection Overview Access control: What and Why Abstract Models of

Access Control and Protection Overview Access control: What and Why Abstract Models of

Access Control and Protection Overview Access control: What and Why Abstract Models of Access Control Discretionary acces control Mandatory access control Real systems: Unix Access Control Model Access control Access

817 views • 47 slides
Access Control for Smart Objects Access Control for Smart Objects Jan Janak, Hyunwoo Nam, Henning

Access Control for Smart Objects Access Control for Smart Objects Jan Janak, Hyunwoo Nam, Henning

IAB Workshop on Smart Object Security Paris, March 2012 Access Control for Smart Objects Access Control for Smart Objects Jan Janak, Hyunwoo Nam, Henning Schulzrinne I R T Columbia University Internet Real-Time Laboratory This work is

57 views • 5 slides
Access Control Jackson Argo Rackspace MO After-hours April 28, 2016 What is Access Control?

Access Control Jackson Argo Rackspace MO After-hours April 28, 2016 What is Access Control?

Access Control Jackson Argo Rackspace MO After-hours April 28, 2016 What is Access Control? How Is Access Determined? Who Determines Access? Forms of Access Control SELinux Booleans iptables File Access Control Lists Apache Access Control

711 views • 36 slides
1 General Access Control General Access Control Control of access to memory relatively easy:

1 General Access Control General Access Control Control of access to memory relatively easy:

Role of Access Control Before closing back doors we need to close front doors Access control: determines access to files & processes in OS Fall 2008 We will return to these themes throughout the course Fall 2008 CS

512 views • 6 slides
SYSTEM DIAGRAMS Door Entry & Access Control ACCESS CONTROL ACCESS CONTROL Allowing

SYSTEM DIAGRAMS Door Entry & Access Control ACCESS CONTROL ACCESS CONTROL Allowing

SYSTEM DIAGRAMS Door Entry & Access Control ACCESS CONTROL ACCESS CONTROL Allowing residents / staff access to site areas Main entrance Vehicle entrances Pedestrian entrances Gate / Barrier entrance Bin / Bike / Refuge

336 views • 14 slides
Overview Basic Principles Access Control Methodologies Controls Access Control Designs

Overview Basic Principles Access Control Methodologies Controls Access Control Designs

Overview Basic Principles Access Control Methodologies Controls Access Control Designs Access Control Administration Accountability Chapter 2 Access Control Models Identification and Authentication Methods Lecturer:

708 views • 9 slides
Medium Access Control and WPAN Technologies 01204525 Wireless Sensor Networks and Internet of

Medium Access Control and WPAN Technologies 01204525 Wireless Sensor Networks and Internet of

Medium Access Control and WPAN Technologies 01204525 Wireless Sensor Networks and Internet of Things Chaiporn Ja Jaikaeo (c (chaiporn.j@ku.ac.th) Department of f Computer Engineering Kasetsart University Materials taken from lecture slides

597 views • 42 slides
Internet Identity Workshop IIW 2008b Introduction Johannes Ernst NetMesh Inc.

Internet Identity Workshop IIW 2008b Introduction Johannes Ernst NetMesh Inc.

Internet Identity Workshop IIW 2008b Introduction Johannes Ernst NetMesh Inc. http://netmesh.info/jernst Johannes Ernst Modern Identity History Facebook Proprietary et al. Yadis URL-based Age of identity Card-based interop

1.01k views • 24 slides
Internet congestion control: TCP Internet congestion control: TCP 1988: "Congestion

Internet congestion control: TCP Internet congestion control: TCP 1988: "Congestion

Internet congestion control: TCP Internet congestion control: TCP 1988: "Congestion Avoidance and Control" (Jacobson/Karels) Combined congestion/flow control for TCP Goal: stability - in equilibrum, no packet is sent into the

482 views • 24 slides
To the moon and back Customer Identity and Access Management in a global Drupal setup Ground

To the moon and back Customer Identity and Access Management in a global Drupal setup Ground

Drupal Business Days, Frankfurt, 19.05.17 To the moon and back Customer Identity and Access Management in a global Drupal setup Ground Control ETECTURE in a Nutshell We support and advise customers with consultancy, customized software

642 views • 30 slides
Identity and Access Management with the INDIGO IAM service Andrea Ceccanti

Identity and Access Management with the INDIGO IAM service Andrea Ceccanti

Identity and Access Management with the INDIGO IAM service Andrea Ceccanti andrea.ceccanti@cnaf.infn.it EOSC-Hub AAI Tech Talk Europe, Earth, June 15th 2018 INDIGO Identity and Access Management service Flexible authentication support (SAML,

430 views • 24 slides
Outline Unix-style access control, contd CSci 5271 Multilevel and mandatory access control

Outline Unix-style access control, contd CSci 5271 Multilevel and mandatory access control

Outline Unix-style access control, contd CSci 5271 Multilevel and mandatory access control Introduction to Computer Security Access control, contd Announcements intermission Stephen McCamant Capability-based access control University

380 views • 7 slides
Conference 2018 Shift into the future with predictions for Identity & Access Management BCNET

Conference 2018 Shift into the future with predictions for Identity & Access Management BCNET

Conference 2018 Shift into the future with predictions for Identity & Access Management BCNET Identity & Access Management Community of Practice Panelists: Corey Scholefield Vera Merkusheva Isabel Wong Sabrina da Silva 2 Conference

622 views • 19 slides
Agenda Identity & Access management About company midPoint Clients &

Agenda Identity & Access management About company midPoint Clients &

Agenda Identity & Access management About company midPoint Clients & partners Conclusion Identity management System Requester Users admin Approver Application Application Provisioning system Identity A

826 views • 45 slides
D2: Access Control #2: Access cess Contr trol ol Similar to OWASP Top 10 Insufficient

D2: Access Control #2: Access cess Contr trol ol Similar to OWASP Top 10 Insufficient

D2: Access Control #2: Access cess Contr trol ol Similar to OWASP Top 10 Insufficient access control and authentication checks Insecure access control methods Private, internal functions and data are accessible through a

547 views • 11 slides
Incident of the Week New logging functionality with insufficient access control Accessible

Incident of the Week New logging functionality with insufficient access control Accessible

Incident of the Week New logging functionality with insufficient access control Accessible to any application with internet access (i.e., almost all of them) Patching the issue is delayed because the patch needs to be tested with

765 views • 53 slides
Smart.Net-IP NETWORKED ACCESS CONTROL Smart.Net-IP NETWORKED ACCESS CONTROL Smart.Net-IP is a

Smart.Net-IP NETWORKED ACCESS CONTROL Smart.Net-IP NETWORKED ACCESS CONTROL Smart.Net-IP is a

Smart.Net-IP NETWORKED ACCESS CONTROL Smart.Net-IP NETWORKED ACCESS CONTROL Smart.Net-IP is a simple, modular approach to networked access control with scalability in mind. Easy management from a central location PC from anywhere with an

196 views • 9 slides
Access Control Chester Rebeiro Indian Institute of Technology Madras Access Control (the tao of

Access Control Chester Rebeiro Indian Institute of Technology Madras Access Control (the tao of

Access Control Chester Rebeiro Indian Institute of Technology Madras Access Control (the tao of achieving confiden5ality and integrity) Who can access What Objects : Subjects : Files/ Programs/ Sockets/ User/ process/ applica5on Hardware/

985 views • 46 slides
Outline Basics of access control Unix-style access control CSci 5271 Introduction to Computer

Outline Basics of access control Unix-style access control CSci 5271 Introduction to Computer

Outline Basics of access control Unix-style access control CSci 5271 Introduction to Computer Security Announcements intermission Day 10: OS security: access control Multilevel and mandatory access control Stephen McCamant University of

324 views • 10 slides
Access Control Chester Rebeiro Indian Institute of Technology Madras Access Control (the tao of

Access Control Chester Rebeiro Indian Institute of Technology Madras Access Control (the tao of

Access Control Chester Rebeiro Indian Institute of Technology Madras Access Control (the tao of achieving confidentiality and integrity) Who can access What Objects : Subjects : Files/ Programs/ Sockets/ User/ process/ application

1.31k views • 50 slides
Internet Congestion Control Research Group Mark Handley UCL Congestion Control The Internet

Internet Congestion Control Research Group Mark Handley UCL Congestion Control The Internet

Internet Congestion Control Research Group Mark Handley UCL Congestion Control The Internet only functions because TCPs congestion control does an effective job of matching traffic demand to available capacity. TCPs Window Time

628 views • 14 slides

More recommend