next generation of identity aware applications
play

Next Generation of Identity Aware Applications. Fulup Ar Foll - PowerPoint PPT Presentation

Feb 13, 2024 •413 likes •605 views

Next Generation of Identity Aware Applications. Fulup Ar Foll Liberty Alliance Technical Expert Group Master Architect, Global Software Practice Sun Microsystems. Fulup.ArFoll@sun.com p 1 San Diego April 2007 e-Government Trend France :

  1. Next Generation of Identity Aware Applications. Fulup Ar Foll Liberty Alliance Technical Expert Group Master Architect, Global Software Practice Sun Microsystems. Fulup.ArFoll@sun.com p 1 San Diego April 2007

  2. e-Government Trend France : Service-public.fr is the French civil service's official gateway. It aims to give citizens access to all administrative information on-line. It has been developed as part of the government’s action plan known as "preparing France for entry into the information society". (Documentation française & Prime Minister's office and the Civil Service and State Reform Ministry. Norway : The Norwegian Government intends to take the necessary steps to achieve the potentials that are inherent in the ICT and the knowledge society. Stronger coordination, identification of clear areas of investment, and concrete, ambitious--while realistic--goals will create results that really make a difference. (Morten Andreas Meyer, Minister of Modernization 2005) Netherlands : Key government agencies and local governments are taking the initiative to develop a single Personal Internet page. Citizens and businesses can use this portal to view their personal data, submit corrections or changes, receive personalized information,and manage their affairs with government in one place. (Letter of the Minister to Parliament, 10th of April 2006) Fulup.ArFoll@sun.com p 2 San Diego April 2007

  3. eGovernment Problematic Nothing Exclusive, just problems accumulation.  Telco-grade scaling  Bank security requirements  Limited funding  Fix cost on five years plan  Little to no capabilities to impose choice  Must be vendor neutral  Any error is a potential political crisis Fulup.ArFoll@sun.com p 3 San Diego April 2007

  4. eGovt Architecture Target A Citizen-centric view across government  Information collected, maintained once by the most appropriate agency.  Information verified to the adequate level.  Information available electronically through a vendor neutral long-term standard.  Information exchange securely to whomever requires it, in a privacy-aware manner.  Significant benefit for people, businesses, agencies, government ... Fulup.ArFoll@sun.com p 4 San Diego April 2007

  5. Country as a foundation Netherlands as “typical” medium size country  16+ million inhabitants  800K businesses (60% less than 10 employees)  High level penetration of technology  Broadband ~50%  Mobile ~100%  High fragmentation of government services  480 municipalities  12 provinces  25 water authorities Fulup.ArFoll@sun.com p 5 San Diego April 2007

  6. Which standard for what • Global Connectivity  Across repository, domain, ... Applications  Seamless to User (complexity advert)  Want to be both consumer and provider • Increasing Demand for ID ID-WSF - SAML2  Everyone wants your identity..but do you Abstraction —the user—want it?  Need adequate privacy mechanisms before exposing it. SAML-1 WS-Security • Heterogeneous world SOAP TCP/IP  Multi vendors, services providers and Transport consumers are heterogeneous. Composability  Multi-channel, cross devices, cross networks, ... • ... Fulup.ArFoll@sun.com p 6 San Diego April 2007

  7. Waves of eGovt Applications  Silo application  anonymous services (document download, ...)  one identity, one application (ex: income tax, ...)  one time token (invoice, payment, ...)  Federated Single Sign On/Out  Citizen portal (France, Norway, Austria, ...)  Attributes exchange / Proxy authentication  Italy (drivers license)  Spain (e-prescription) Fulup.ArFoll@sun.com p 7 San Diego April 2007

  8. Anonymous Vote Scenario  Government Constraints  Must be 18+  Must not have any criminal record  Must be a citizen of “Lichtenstein”  Must only vote once  ...  Citizen Constraints  Government should not know what you vote for  Voting SP should not know who you are Fulup.ArFoll@sun.com p 8 San Diego April 2007

  9. Anonymous Vote Flow IDP Justice SP 3 Municipality 2 SP 1 Citizen SP Voting SP SAML2 ID-WSF Contract Fulup.ArFoll@sun.com p 9 San Diego April 2007

  10. Delegation Scenario You create a company (QuickMoney)   Govt gives you a QuickMoney-ID  As citizen & owner, you act on behalf of QuickMoney  QuickMoney-ID is federateable (ex: with MyBank) You sign a contract with a MyLawyer SP   You allow MyLawyer to act on behalf of QuickMoney  You can control who can act on QuickMoney’s behalf  eGovt service asserts MyLawyer as “authorized lawyer” You sell QuickMoney to BigComp   BigComp can now act on behalf of QuickMoney  BigComp can establish new delegations Fulup.ArFoll@sun.com p 10 San Diego April 2007

  11. People Service Delegation Flow Other Personal Enterprise SP Bank Profile SP Authentication Discovery Personal Profile Enterprise Authentication Storage Revenu/TAX Enterprise SP Registry Citizen IDP Discovery people Service Citizen Lawyer Lawyer Lawer IDP Registry Discovery Authentication Fulup.ArFoll@sun.com p 11 San Diego April 2007

  12. Architecture Requirements  Internet-Centric  Cheap, fast moving (no special network, like it or trash it, ...)  Based on current Internet “day to day” user experience  No difference between citizens, employees, companies  Peer-to-Peer (scalable, efficient, data directly from source, ...)  Distributed (multiple authority, discovery, flexible, ...)  No central system, no “Big Brother”  User-Centric  User in control of his global identity  Multiple personalities  Consent aware (nothing without my consent)  Strong privacy & security  Simple & intuitive Fulup.ArFoll@sun.com p 12 San Diego April 2007

  13. Why not a Unique Authority (The Holy Grail !!!)  Super everything , high level of complexity in one place tends to create super project & super failure.  Significant negative privacy issues , bringing together attributes in one place goes against best practice and ignores lessons learned from the past.  Poor data quality , central system requires complex synchronization from authoritative sources that best case are expensive and worse case present obsolete data as valid.  Never unique , like mushrooms, independent of the amount of time/money spent, smaller authority/repositories will pop up. Fulup.ArFoll@sun.com p 13 San Diego April 2007

  14. Federated Citizen Authority  Should be:  a shield to allow citizen to interact with “untrusted” parties.  a trusted intermediary to find and exchange attributes in a peer to peer mode with a high level of confidence.  a friend that diminishes government process complexity.  a referent that guarantees user to keep control of its own identity.  Should not be : a governmental version of “Google Yahoo”, a Big Brother, a new problem for citizen, something expensive, .... Fulup.ArFoll@sun.com p 14 San Diego April 2007

  15. Which Authority's Components  Basic Authority Services  Authentication Framework  Common definition of risk  Common authentication confidence for a given risk  Federation framework  Multi-authority (proxy IDP model)  Multi-personality  Discovery Mechanism  Where to find services (in a user contextual mode)  Security Mechanism (Attributes shared 1 st policy decision point)  Identity mapping (peer to peer in privacy aware mode)  Social networking  Should support delegation  Capability to create informal group of people  Interaction Service  Should allow user to be in control at any time  Advanced Services: Personal Profile, Document Exchange, ... Fulup.ArFoll@sun.com p 15 San Diego April 2007

  16. General Federated Architecture SP SP IDP SP SP SP 3 A B SP IDP C 2 1 IDP D IDP SP SP SAML2 SP ID-WSF Contract Fulup.ArFoll@sun.com p 16 San Diego April 2007

  17. Mature and Evolving Fulup.ArFoll@sun.com p 17 San Diego April 2007

  18. Pa zo Echu, Echu eo (1) ! Disclaimer: I won't claim the ideas presented in this presentation to be exclusively personal or even original. Here are a few names of people I somehow trust (2) and from whom I stole one or more ideas that appear directly or indirectly in this presentation: Andreas.Hamnes(Norway) Britta.Glade(USA) Colin.Wallis(New-Zealand) Conor.P.Cahil(USA) Efjestad.Dag(Norway) Eve.L.Maler(USA) George.Fletcher(USA) Hubert.Le-Van-Gong(France) Ignacio Alamillo(Spain) Ingrid.Melve(Norway) Jean-Severin.Lair(France) Lasse.Andresen(Norway) Lauren.Wood(Canada) Louise.Thiboutot (Canada) Mira.Nivala(Finland) Myriam.Cyr(Canada) Orhan.Alkan(Turquie) Ovidiu.Constantin(Italy) Paul.Madsen(Canada) Paul.Zeef(Netherland) Sampo.Kellomaki(Portugal) Søren.Peter- Nielsen(Danemark)Tanguy.Mercier(France) Tisserant.Alexandre(France) Victor.Ake(Finland) Fulup@sun.com (1) “When it is finish, Finish it is” in Breton Language (2) Which does not mean they would agree with me Fulup.ArFoll@sun.com p 18 San Diego April 2007

Recommend

Toolkit to Support Intelligibility in Context Aware Applications Context-Aware Applications P

Toolkit to Support Intelligibility in Context Aware Applications Context-Aware Applications P

Toolkit to Support Intelligibility in Context Aware Applications Context-Aware Applications P Presented by Mary Salinas t d b M S li What problem are they trying to solve? l ? Context-aware applications are great for Context aware

164 views • 13 slides
Intelligent Networks with a Owner-Centric design. ENABLING NEXT THE GENERATION INTERNET IoT is

Intelligent Networks with a Owner-Centric design. ENABLING NEXT THE GENERATION INTERNET IoT is

Intelligent Networks with a Owner-Centric design. ENABLING NEXT THE GENERATION INTERNET IoT is not a Cloud game It is a Network game What is IoT? Non-Legal Identity Legal Identity Legal Identity Non-Legal Identity IAM Legal Identity

248 views • 22 slides
Location-Aware Computing Definition: Location-aware applications generate outputs/behaviors

Location-Aware Computing Definition: Location-aware applications generate outputs/behaviors

CS 528 Mobile and Ubiquitous Computing Lecture 5b : Mobile and Location-Aware Computing Emmanuel Agu Location-Aware Computing Definition: Location-aware applications generate outputs/behaviors that depend on a users location Examples:

879 views • 53 slides
Interconnect Delay Aware RTL Verilog Bus Architecture Generation for an SoC Kyeong Ryu,

Interconnect Delay Aware RTL Verilog Bus Architecture Generation for an SoC Kyeong Ryu,

Interconnect Delay Aware RTL Verilog Bus Architecture Generation for an SoC Kyeong Ryu, Alexandru Talpasanu, Vincent Mooney and Jeffrey Davis School of Electrical and Computer Engineering Georgia Institute of Technology August 2004 Outline

472 views • 21 slides
Websites. Applications. Identity. Culture of trend creation Since 2011, Belarusian art studio

Websites. Applications. Identity. Culture of trend creation Since 2011, Belarusian art studio

Websites. Applications. Identity. Culture of trend creation Since 2011, Belarusian art studio PRAS has been focusing on the development of all types of websites, mobile applications for iOS, Android and Windows, as well as on graphic design: from

782 views • 20 slides
Next Next Generation Sequencing: an overview of Generation Sequencing: an overview of

Next Next Generation Sequencing: an overview of Generation Sequencing: an overview of

Next Next Generation Sequencing: an overview of Generation Sequencing: an overview of technologies and applications technologies and applications Matthew Tinning Australian Genome Research Facility July 2012 History of Sequencing

698 views • 53 slides
An Architecture for Distributed Spatial Configuration of Context Aware Applications 2nd

An Architecture for Distributed Spatial Configuration of Context Aware Applications 2nd

An Architecture for Distributed Spatial Configuration of Context Aware Applications 2nd International Conference on Mobile and Ubiquitous Multimedia Martin Wagner and Gudrun Klinker Augmented Reality Group Institut fr Informatik Technische

511 views • 28 slides
Some applications and protocols Internet Casino Identity-based encryption Commitment

Some applications and protocols Internet Casino Identity-based encryption Commitment

Some applications and protocols Internet Casino Identity-based encryption Commitment Functional encryption Shared coin flips Fully-homomorphic encryption APPLICATIONS AND PROTOCOLS Threshold cryptography Searchable

399 views • 11 slides
Towards system-scale optimisation of HPC applications TADaaM : Topology-Aware System-Scale Data

Towards system-scale optimisation of HPC applications TADaaM : Topology-Aware System-Scale Data

Towards system-scale optimisation of HPC applications TADaaM : Topology-Aware System-Scale Data Management for High-Performance Computing Applications Emmanuel Jeannot October 2016 INTRODUCTION Optimize application execution at system-scale

336 views • 21 slides
Query-aware Test Generation Using a Relational Constraint Solver SHADI ABDUL KHALEK, BASSEM

Query-aware Test Generation Using a Relational Constraint Solver SHADI ABDUL KHALEK, BASSEM

Query-aware Test Generation Using a Relational Constraint Solver SHADI ABDUL KHALEK, BASSEM ELKARABLIEH, YAI O. LALEYE, SARFRAZ KHURSHID ASE08 PRESENTED BY: YUSHAN ZHANG 1 http://ieeexplore.ieee.org/document/4639327/ 2020/10/8 Blackbox

434 views • 18 slides
Identity Theft Identity Theft Identity theft occurs when your personal information is stolen

Identity Theft Identity Theft Identity theft occurs when your personal information is stolen

Identity Theft Identity Theft Identity theft occurs when your personal information is stolen and used without your knowledge to commit fraud or other crimes Identity theft can cost you time and money. Tips for Preventing Identity Theft

322 views • 10 slides
Secure Scuttlebutt: An Identity-Centric Protocol for Subjective and Decentralized Applications

Secure Scuttlebutt: An Identity-Centric Protocol for Subjective and Decentralized Applications

Secure Scuttlebutt: An Identity-Centric Protocol for Subjective and Decentralized Applications Dominic Tarr (SSB, New Zealand) Erick Lavoie (McGill University, Montreal) Aljoscha Meyer (TU Berlin, Germany) Christian Tschudin (U of

501 views • 18 slides
A Context-aware Natural Language Generation Dataset for Dialogue Systems Ondej Duek and Filip

A Context-aware Natural Language Generation Dataset for Dialogue Systems Ondej Duek and Filip

. . . . . . . . . . . . . . A Context-aware Natural Language Generation Dataset for Dialogue Systems Ondej Duek and Filip Jurek Institute of Formal and Applied Linguistics Charles University in Prague May 28, 2016 LREC

911 views • 49 slides
Sparsity-aware sampling theorems and applications Rachel Ward University of Texas at Austin

Sparsity-aware sampling theorems and applications Rachel Ward University of Texas at Austin

Sparsity-aware sampling theorems and applications Rachel Ward University of Texas at Austin November, 2014 Sparsity-aware sampling: motivating example N = 100 , 000 soldiers should be screened for syphilis. Problem: Syphilis is rare (only

516 views • 29 slides
Energy Aware Scheduling and Queue Management for Next Generation Wi-Fi Routers Husnu S aner

Energy Aware Scheduling and Queue Management for Next Generation Wi-Fi Routers Husnu S aner

Energy Aware Scheduling and Queue Management for Next Generation Wi-Fi Routers Husnu S aner Narman Mohammed Atiquzzaman School of Computer Science University of Oklahoma, USA. husnu@ou.edu http://students.ou.edu/N/Husnu.S.Narman-1 March

513 views • 22 slides
Identity and Access Management Using Identity Management and Identity Governance to increase

Identity and Access Management Using Identity Management and Identity Governance to increase

Identity and Access Management Using Identity Management and Identity Governance to increase Automation and Security. Identity Management (IAM, IdM) defining and managing the roles and access privileges of individual network users, and the

2.89k views • 13 slides
Web Technologies and Impact Applications Babyboomer after the WWII, generation X late 60s.

Web Technologies and Impact Applications Babyboomer after the WWII, generation X late 60s.

Web Technologies and Impact Applications Babyboomer after the WWII, generation X late 60s. Winter 2001 I have the incline to call the last generation: generation Internet due to the impact on their lives. CMPUT 499: Internet and WWW

380 views • 7 slides
IDENTITY What is the Relationship Between Identity and the College Experience? What Role

IDENTITY What is the Relationship Between Identity and the College Experience? What Role

2/15/2019 Jordan Truex Agenda or Summary Layout The Road to SelfAuthorship NonTraditional Students Effective Interview Strategies Meeting the Student Where They Are IDENTITY What is the Relationship Between Identity and the

367 views • 10 slides
Dynamic request allocation and scheduling for context aware applications subject to a percentile

Dynamic request allocation and scheduling for context aware applications subject to a percentile

Dynamic request allocation and scheduling for context aware applications subject to a percentile response time SLA in a distributed cloud Keerthana Boloor , Rada Chirkova , Tiia Salo and Yannis Viniotis Department of

526 views • 19 slides
Localization: Algorithms and System Applications of Location Information Location aware

Localization: Algorithms and System Applications of Location Information Location aware

Localization: Algorithms and System Applications of Location Information Location aware information services e.g., E911, location-based search, target advertisement, tour guide, inventory management, traffic monitoring, disaster

912 views • 44 slides
Supporting the Construction of Context-Aware Applications Anind K. Dey Intel Berkeley Lab

Supporting the Construction of Context-Aware Applications Anind K. Dey Intel Berkeley Lab

Supporting the Construction of Context-Aware Applications Anind K. Dey Intel Berkeley Lab Intel Research How UbiComp is Different from Traditional GUI Not only direct interaction for input and output Need to use RANGE of explicit

1.1k views • 98 slides
Let Me Know What to Ask: Interrogative-Word-Aware Question Generation Junmo Kang Haritz Puerto

Let Me Know What to Ask: Interrogative-Word-Aware Question Generation Junmo Kang Haritz Puerto

Let Me Know What to Ask: Interrogative-Word-Aware Question Generation Junmo Kang Haritz Puerto San Roman Sung-Hyon Myaeng School of Computing, KAIST Daejeon, Republic of Korea { junmo.kang, haritzpuerto94, myaeng } @kaist.ac.kr Abstract

372 views • 9 slides
CS 528 Mobile and Ubiquitous Computing Lecture 4b: Location-Aware Computing Emmanuel Agu

CS 528 Mobile and Ubiquitous Computing Lecture 4b: Location-Aware Computing Emmanuel Agu

CS 528 Mobile and Ubiquitous Computing Lecture 4b: Location-Aware Computing Emmanuel Agu Location-Aware Computing Definition: Location-aware applications generate outputs/behaviors that depend on a users location Examples: Map of

1.32k views • 53 slides
Exploiting Environmental Properties for Wireless Localization and Location Aware Applications

Exploiting Environmental Properties for Wireless Localization and Location Aware Applications

Exploiting Environmental Properties for Wireless Localization and Location Aware Applications Presenter: Yingying Chen Joint w ork w ith Shu Chen* and W ade Trappe* * W I NLAB, Rutgers University Dept. of ECE, Stevens I nstitute of

419 views • 19 slides

More recommend