internet identity workshop iiw 2008b introduction
play

Internet Identity Workshop IIW 2008b Introduction Johannes Ernst - PowerPoint PPT Presentation

Internet Identity Workshop IIW 2008b Introduction Johannes Ernst NetMesh Inc. http://netmesh.info/jernst Johannes Ernst Modern Identity History Facebook Proprietary et al. Yadis URL-based Age of identity Card-based interop


  1. Internet Identity Workshop IIW 2008b – Introduction – Johannes Ernst NetMesh Inc. http://netmesh.info/jernst Johannes Ernst

  2. Modern Identity History Facebook Proprietary et al. Yadis URL-based Age of identity Card-based interop Invisible 1999 2001 2003 2005 2007 2009 IIW Johannes Ernst

  3. Identity’s Three Pillars URL- based user- centric Digital Identity Card- Invisible based Proprietary Source: http://netmesh.info/jernst/Digital_Identity/updating-three-standards.html Johannes Ernst

  4. The Basic User-Centric Flow Relying Party Relying Party Relying Party Is this true? Identity Yes. Identity Identity Provider Authentication Johannes Ernst

  5. Comparison: Non-User-Centric Flow Relying Party Relying Party Relying Party Tell me about this user. Identity Authentication Identity Provider Johannes Ernst

  6. Comparison: Stovepiped Identity Relying Party Relying Party Identity Provider Identity Provider Authentication … ? Johannes Ernst

  7. The Basic User-Centric Flow Relying Party Relying Party Relying Party Is this true? Identity Yes. Identity Identity Provider Authentication Johannes Ernst

  8. Who is this guy speaking right now? Please enter your OpenID here: http://netmesh.info/jernst • globally unique user name, no name conflicts • is also a link Johannes Ernst

  9. Johannes Ernst

  10. Who is this guy speaking right now? Please enter your OpenID here: http://netmesh.info/jernst • globally unique user name, no name conflicts • is also a link • many value-added services a springing up, example: ‣ Technorati ‣ del.icio.us ‣ Identity aggregators like claimid.com ‣ Google social graph API Johannes Ernst

  11. Johannes Ernst

  12. Source: http://socialgraph-resources.googlecode.com/svn/trunk/samples/findyours.html Johannes Ernst

  13. About Myself • Founder/CEO NetMesh Inc. • Pioneered URL-based digital identity with LID™ • Board member, OpenID Foundation blog • Co-initiator, Open-Source Identity System (OSIS) http://netmesh.info/jernst • Co-initiated Yadis, the first user-centric identity convergence project • Advisory board member, Health 2.0 conference • Contributor to UML; initiator of the Object Management Group’s RT-AD effort • BMW, FZI, MSR, Integrated Systems, Aviatis • World Economic Forum “Technology Pioneer” • Doctorate, EE • Frequent speaker: Digital ID World, European Identity Conference, Comdex, PC Forum, Mix, OSCON, ETel, SDForum, UML World, Emerging Communications, Harvard, World Econonic Forum… Johannes Ernst

  14. “My users will keep entering all the information that I ask for.” “They always have, I don’t see the need to do anything.” Johannes Ernst

  15. Johannes Ernst

  16. “Users in Charge” (Esther Dyson) Industrial mass production model Web 2.0, user-centric model Johannes Ernst

  17. Kim Cameron’s Laws of Identity 1. User Control & Consent 5. Pluralism of Operators & Technologies • …only reveal information identifying a user with the user’s consent • …enable the interworking of multiple identity technologies run by multiple 2. Minimal Disclosure for a identity providers. Constrained Use 6. Human Integration • …discloses the least identifying information • …human user to be a component of the distributed system integrated through 3. Fewest/Justifiable Parties unambiguous human-machine • …disclosure of identifying information is communication limited to necessary and justifiable parties. 7. Consistent Experience 4. Directed Identity Across Contexts • …both “omnidirectional” and • …simple, consistent experience while “unidirectional” identifiers, thus facilitating enabling separation of contexts through discovery while preventing unnecessary multiple operators and technologies. release of correlation handles Source: http://www.identityblog.com/stories/2004/12/09/thelaws.html Johannes Ernst

  18. Customer Trust Traditional marketing User-centric (future) VRM VRM They do something I choose how … and I can take it with my identity much information back and “switch it behind my back to reveal off” at any time No Trust Trust Johannes Ernst

  19. Net Result: More Business } Do we want [hopeless] them as customers? With user-centric Won’t or can’t fill out identity you can forms or log on, but get them! will do Potential Your website customers Successfully filled out forms and logged on Johannes Ernst

  20. Competitive Effects } [hopeless] { Your Competitor’s website website $ $ $ $ $ $ $ $ Johannes Ernst

  21. User-Centric “Sweet Spot” Do we want them as customers? Do we want them as repeat customers? Do we want them to do business with us or the competition? Enterprise internal Tier 0 1 2 3 4 Close business partners (<10) Affiliates (100’s) Affiliates (100’s) Customers Customers Everybody else (1000’s and more) (1000’s and more) Johannes Ernst Source: http://netmesh.info/jernst/Digital_Identity/concentric-circles-2008.html

  22. Outsource Authentication Relying Party Relying Party Relying Party Relying Party Identity Provider Yes. Authentication Identity Is this true? Identity Identity Provider Authentication Cost (old-style): Cost (user-centric): Password management Key/secret management + Password reset + Password reset + Anti-phishing + Anti-phishing + Backup tape risk / management + Backup tape risk / management + free authentication from major IdP $$$ or €€€ $$ or €€ Johannes Ernst

  23. Affording Strong Authentication Relying Party Relying Party Relying Party … Relying Party Relying Party Identity Provider Identity Provider Strong Strong Identity Authentication Authentication … Identity Provider Strong Authentication “Shared token” • All relying parties benefit from the added security of the same token • Higher security at lower cost through cost sharing, enabled by internet-scale common protocols • Much more convenient for the user: one token, not N • Works the same for other strong auth: ✦ voice, ✦ biometrics, ✦ client certs etc. Johannes Ernst

  24. Internet Identity Workshop IIW 2008b Thank you for your time! Johannes Ernst NetMesh Inc. http://netmesh.info/jernst Johannes Ernst

Recommend


More recommend