0
WHAT IF IDENTITY WERE
PASS-BY-REFERENCE?
WHAT IF IDENTITY WERE
PASS-BY-REFERENCE?
A drama in text messages
HI, I'M BOB
I'M INTHE DRAMA
DEPARTMENT
I'M INTHE DRAMA
DEPARTMENT
At Citibank
WATCH THIS.
SHORT ATTENTION SPAN
SUMMARY
SHORT ATTENTION SPAN
SUMMARY
Passing a pointer to your identity
is a better idea
than passing your identity
TELL ME MORE...
TELL ME MORE...
I hear you cry
TEXTINGTHE CAR
DEALER
I'd like a car
I'd like a car
I have a Cadillac STS for
$32,000
I'd like a car
I have a Cadillac STS for
$32,000
I like the STS, but I'm only
willing to pay $27,000
I'd like a car
I have a Cadillac STS for
$32,000
I like the STS, but I'm only
willing to pay $27,000
OK, but you'll have t...
I'd like a car
I have a Cadillac STS for
$32,000
I like the STS, but I'm only
willing to pay $27,000
OK, but you'll have t...
I'd like a car
I have a Cadillac STS for
$32,000
I like the STS, but I'm only
willing to pay $27,000
OK, but you'll have t...
I'd like a car
I have a Cadillac STS for
$32,000
I like the STS, but I'm only
willing to pay $27,000
OK, but you'll have t...
I'd like a car
I have a Cadillac STS for
$32,000
I like the STS, but I'm only
willing to pay $27,000
OK, but you'll have t...
TEXTINGTHE CAR DEALER
TEXTINGTHE CAR DEALER
If Identity Architects sold cars
I'd like a car
I'd like a car
That will be $52,000
I'd like a car
That will be $52,000
Here you go
I'd like a car
That will be $52,000
Here you go
Here's your white Ford
Escort.
I'd like a car
That will be $52,000
Here you go
Here's your white Ford
Escort.
It comes with a vinyl wrap
advertisingThe G...
I'd like a car
That will be $52,000
Here you go
Here's your white Ford
Escort.
It comes with a vinyl wrap
advertisingThe G...
YOUTHINK I'M BEING MEAN
YOUTHINK I'M BEING MEAN
DON'TYOU?
I'd like a social media
account
I'd like a social media
account
Send me your name, email,
SSN, Credit Card, and phone
I'd like a social media
account
Send me your name, email,
SSN, Credit Card, and phone
Here you go
I'd like a social media
account
Send me your name, email,
SSN, Credit Card, and phone
Here you go
Here's your account.
I'd like a social media
account
Send me your name, email,
SSN, Credit Card, and phone
Here you go
Here's your account.
You...
I'd like a social media
account
Send me your name, email,
SSN, Credit Card, and phone
Here you go
Here's your account.
You...
I'd like a social media
account
Send me your name, email,
SSN, Credit Card, and phone
Here you go
Here's your account.
You...
I'd like a social media
account
Send me your name, email,
SSN, Credit Card, and phone
Here you go
Here's your account.
You...
WHAT DOESTHE CAR DEALER KNOW...
WHAT DOESTHE CAR DEALER KNOW...
THATTHE IDENTITY ARCHITECT DOESN'T?
I'd like a car
I have a Cadillac STS for
$32,000
I like the STS, but I'm only
willing to pay $27,000
OK, but you'll have t...
WHAT DOESTHE CAR DEALER KNOW...
THATTHE IDENTITY ARCHITECT DOESN'T?
The car dealer knows how to deal with counteroffers
TEXTINGTHE SERVICE PROVIDER
TEXTINGTHE SERVICE PROVIDER
If Identity Architects understood counteroffers
Identify me. Use this
@address and this #token
Identify me. Use this
@address and this #token
OK. Hang on
Identify me. Use this
@address and this #token
OK. Hang on
...
Hey @address! Some dude
says you can identify him
using this #token
Maybe. Who are you?
Hey @address! Some dude
says you can identify him
using this #token
Maybe. Who are you?
Hey @address! Some dude
says you can identify him
using this #token
My name is @WOPR
WAIT, WHAT?
Maybe. Who are you?
Hey @address! Some dude
says you can identify him
using this #token
Maybe. Who are you?
Hey @address! Some dude
says you can identify him
using this #token
My name is @WOPR
What do you want ...
Maybe. Who are you?
Hey @address! Some dude
says you can identify him
using this #token
My name is @WOPR
What do you want ...
Maybe. Who are you?
Hey @address! Some dude
says you can identify him
using this #token
My name is @WOPR
What do you want ...
LIKE, ZOMG, RIGHT?
Maybe. Who are you?
Hey @address! Some dude
says you can identify him
using this #token
My name is @WOPR
What do you want ...
Maybe. Who are you?
Hey @address! Some dude
says you can identify him
using this #token
My name is @WOPR
What do you want ...
MIND. BLOWN.
Maybe. Who are you?
Hey @address! Some dude
says you can identify him
using this #token
My name is @WOPR
What do you want ...
Maybe. Who are you?
Hey @address! Some dude
says you can identify him
using this #token
My name is @WOPR
What do you want ...
Maybe. Who are you?
Hey @address! Some dude
says you can identify him
using this #token
My name is @WOPR
What do you want ...
How do I know the guy who
sent me the token is really
Falken?
Send him this #challenge.
if he replies with this
#response, it's him.
How do I know the guy who
sent me the token is real...
Send him this #challenge.
if he replies with this
#response, it's him.
How do I know the guy who
sent me the token is real...
Identify me. Use this
@address and this #token
OK. Hang on
Answer this #challenge
...
Identify me. Use this
@address and this #token
OK. Hang on
Answer this #challenge
#response
...
Identify me. Use this
@address and this #token
OK. Hang on
Answer this #challenge
#response
Greetings, Professor Falken.
....
Identify me. Use this
@address and this #token
OK. Hang on
Answer this #challenge
#response
Greetings, Professor Falken.
....
API
IDENTITY
CONSUMER
identify_me()
IDENTITY
CONSUMER
identify_me()
IDENTITY
PRODUCER
identify_subject()
IDENTITY
CONSUMER
identify_me()
IDENTITY
PRODUCER
identify_subject()
SUBJECT
challenge()
PROTOCOL
IDC.identify_me
(*IDP, subject_token)
IDC.identify_me
(*IDP, subject_token)
IDP.identify_subject
(subject_token, IDPname,
requested_subject_attrs,
requested_use...
IDC.identify_me
(*IDP, subject_token)
IDP.identify_subject
(subject_token, IDPname,
requested_subject_attrs,
requested_use...
IDC.identify_me
(*IDP, subject_token)
IDP.identify_subject
(subject_token, IDPname,
requested_subject_attrs,
requested_use...
IDC.identify_me
(*IDP, subject_token)
IDP.identify_subject
(subject_token, IDPname,
requested_subject_attrs,
requested_use...
IDC.identify_me
(*IDP, subject_token)
IDP.identify_subject
(subject_token, IDPname,
requested_subject_attrs,
requested_use...
USE CASES
IDP =
subject
IDC
FIRST-PARTY REGISTRATION
IDP =
subject
IDC
FIRST-PARTY AUTHENTICATION
subject IDC
THIRD-PARTY REGISTRATION
IDP
subject IDC
THIRD-PARTY AUTHENTICATION
IDP
BENEFITS
No identity information is exchanged
until terms of use are negotiated
Both users and Identity Consumers
can state terms and negotiate
Phishing defense
via authentication of Identity Consumers
Simple, minimal "webdevified" API and protocol
Anonymity, pseudonymity, and "real names"
are supported using a single API and protocol
First- and third-party identity producers
are supported using a single API and protocol
Registration and authentication
are supported using a single API and protocol
BOB.BLAKLEY @ CITI.COM
THANK YOU
I'LL BE HAPPYTO ANSWERYOUR QUESTIONS
Upcoming SlideShare
Loading in...5
×

Cis 2013 blakley keynote

1,904

Published on

Published in: Business, Economy & Finance
3 Comments
9 Likes
Statistics
Notes
No Downloads
Views
Total Views
1,904
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
26
Comments
3
Likes
9
Embeds 0
No embeds

No notes for slide

Transcript of "Cis 2013 blakley keynote"

  1. 1. WHAT IF IDENTITY WERE PASS-BY-REFERENCE?
  2. 2. WHAT IF IDENTITY WERE PASS-BY-REFERENCE? A drama in text messages
  3. 3. HI, I'M BOB
  4. 4. I'M INTHE DRAMA DEPARTMENT
  5. 5. I'M INTHE DRAMA DEPARTMENT At Citibank
  6. 6. WATCH THIS.
  7. 7. SHORT ATTENTION SPAN SUMMARY
  8. 8. SHORT ATTENTION SPAN SUMMARY Passing a pointer to your identity is a better idea than passing your identity
  9. 9. TELL ME MORE...
  10. 10. TELL ME MORE... I hear you cry
  11. 11. TEXTINGTHE CAR DEALER
  12. 12. I'd like a car
  13. 13. I'd like a car I have a Cadillac STS for $32,000
  14. 14. I'd like a car I have a Cadillac STS for $32,000 I like the STS, but I'm only willing to pay $27,000
  15. 15. I'd like a car I have a Cadillac STS for $32,000 I like the STS, but I'm only willing to pay $27,000 OK, but you'll have to get the LE package with 4 cylinders
  16. 16. I'd like a car I have a Cadillac STS for $32,000 I like the STS, but I'm only willing to pay $27,000 OK, but you'll have to get the LE package with 4 cylinders OK. I'll take the red one. I'd like to finance over 4 years
  17. 17. I'd like a car I have a Cadillac STS for $32,000 I like the STS, but I'm only willing to pay $27,000 OK, but you'll have to get the LE package with 4 cylinders OK. I'll take the red one. I'd like to finance over 4 years That loan is at 6.25%
  18. 18. I'd like a car I have a Cadillac STS for $32,000 I like the STS, but I'm only willing to pay $27,000 OK, but you'll have to get the LE package with 4 cylinders OK. I'll take the red one. I'd like to finance over 4 years That loan is at 6.25% I want 5.5%
  19. 19. I'd like a car I have a Cadillac STS for $32,000 I like the STS, but I'm only willing to pay $27,000 OK, but you'll have to get the LE package with 4 cylinders OK. I'll take the red one. I'd like to finance over 4 years That loan is at 6.25% I want 5.5% I can do that
  20. 20. TEXTINGTHE CAR DEALER
  21. 21. TEXTINGTHE CAR DEALER If Identity Architects sold cars
  22. 22. I'd like a car
  23. 23. I'd like a car That will be $52,000
  24. 24. I'd like a car That will be $52,000 Here you go
  25. 25. I'd like a car That will be $52,000 Here you go Here's your white Ford Escort.
  26. 26. I'd like a car That will be $52,000 Here you go Here's your white Ford Escort. It comes with a vinyl wrap advertisingThe Gap.
  27. 27. I'd like a car That will be $52,000 Here you go Here's your white Ford Escort. It comes with a vinyl wrap advertisingThe Gap. And the radio plays Fox News
  28. 28. YOUTHINK I'M BEING MEAN
  29. 29. YOUTHINK I'M BEING MEAN DON'TYOU?
  30. 30. I'd like a social media account
  31. 31. I'd like a social media account Send me your name, email, SSN, Credit Card, and phone
  32. 32. I'd like a social media account Send me your name, email, SSN, Credit Card, and phone Here you go
  33. 33. I'd like a social media account Send me your name, email, SSN, Credit Card, and phone Here you go Here's your account.
  34. 34. I'd like a social media account Send me your name, email, SSN, Credit Card, and phone Here you go Here's your account. You want cheapViagra?
  35. 35. I'd like a social media account Send me your name, email, SSN, Credit Card, and phone Here you go Here's your account. You want cheapViagra? You'll be hearing from the FISA Court
  36. 36. I'd like a social media account Send me your name, email, SSN, Credit Card, and phone Here you go Here's your account. You want cheapViagra? You'll be hearing from the FISA Court But you didn't hear that from me. Tell them Snowden told you.
  37. 37. I'd like a social media account Send me your name, email, SSN, Credit Card, and phone Here you go Here's your account. You want cheapViagra? You'll be hearing from the FISA Court But you didn't hear that from me. Tell them Snowden told you. Seriously.
  38. 38. WHAT DOESTHE CAR DEALER KNOW...
  39. 39. WHAT DOESTHE CAR DEALER KNOW... THATTHE IDENTITY ARCHITECT DOESN'T?
  40. 40. I'd like a car I have a Cadillac STS for $32,000 I like the STS, but I'm only willing to pay $27,000 OK, but you'll have to get the LE package with 4 cylinders OK. I'll take the red one. I'd like to finance over 4 years That loan is at 6.25% I want 5.5% I can do that
  41. 41. WHAT DOESTHE CAR DEALER KNOW... THATTHE IDENTITY ARCHITECT DOESN'T? The car dealer knows how to deal with counteroffers
  42. 42. TEXTINGTHE SERVICE PROVIDER
  43. 43. TEXTINGTHE SERVICE PROVIDER If Identity Architects understood counteroffers
  44. 44. Identify me. Use this @address and this #token
  45. 45. Identify me. Use this @address and this #token OK. Hang on
  46. 46. Identify me. Use this @address and this #token OK. Hang on ...
  47. 47. Hey @address! Some dude says you can identify him using this #token
  48. 48. Maybe. Who are you? Hey @address! Some dude says you can identify him using this #token
  49. 49. Maybe. Who are you? Hey @address! Some dude says you can identify him using this #token My name is @WOPR
  50. 50. WAIT, WHAT?
  51. 51. Maybe. Who are you? Hey @address! Some dude says you can identify him using this #token
  52. 52. Maybe. Who are you? Hey @address! Some dude says you can identify him using this #token My name is @WOPR What do you want to know?
  53. 53. Maybe. Who are you? Hey @address! Some dude says you can identify him using this #token My name is @WOPR What do you want to know? #name and #address
  54. 54. Maybe. Who are you? Hey @address! Some dude says you can identify him using this #token My name is @WOPR What do you want to know? #name and #address What will you use it for?
  55. 55. LIKE, ZOMG, RIGHT?
  56. 56. Maybe. Who are you? Hey @address! Some dude says you can identify him using this #token My name is @WOPR What do you want to know? #name and #address What will you use it for? FedEx. AndViagra ads.
  57. 57. Maybe. Who are you? Hey @address! Some dude says you can identify him using this #token My name is @WOPR What do you want to know? #name and #address What will you use it for? FedEx. AndViagra ads. That'll be $50
  58. 58. MIND. BLOWN.
  59. 59. Maybe. Who are you? Hey @address! Some dude says you can identify him using this #token My name is @WOPR What do you want to know? #name and #address What will you use it for? FedEx. AndViagra ads. That'll be $50 Whoa. Just FedEx?
  60. 60. Maybe. Who are you? Hey @address! Some dude says you can identify him using this #token My name is @WOPR What do you want to know? #name and #address What will you use it for? FedEx. AndViagra ads. That'll be $50 Whoa. Just FedEx? Deal. Stephen Falken,Tiny Island, Oregon
  61. 61. Maybe. Who are you? Hey @address! Some dude says you can identify him using this #token My name is @WOPR What do you want to know? #name and #address What will you use it for? FedEx. AndViagra ads. That'll be $50 Whoa. Just FedEx? Deal. Stephen Falken,Tiny Island, Oregon OK, but...
  62. 62. How do I know the guy who sent me the token is really Falken?
  63. 63. Send him this #challenge. if he replies with this #response, it's him. How do I know the guy who sent me the token is really Falken?
  64. 64. Send him this #challenge. if he replies with this #response, it's him. How do I know the guy who sent me the token is really Falken? KTHXBAI
  65. 65. Identify me. Use this @address and this #token OK. Hang on Answer this #challenge ...
  66. 66. Identify me. Use this @address and this #token OK. Hang on Answer this #challenge #response ...
  67. 67. Identify me. Use this @address and this #token OK. Hang on Answer this #challenge #response Greetings, Professor Falken. ...
  68. 68. Identify me. Use this @address and this #token OK. Hang on Answer this #challenge #response Greetings, Professor Falken. ... Would you like to play a game?
  69. 69. API
  70. 70. IDENTITY CONSUMER identify_me()
  71. 71. IDENTITY CONSUMER identify_me() IDENTITY PRODUCER identify_subject()
  72. 72. IDENTITY CONSUMER identify_me() IDENTITY PRODUCER identify_subject() SUBJECT challenge()
  73. 73. PROTOCOL
  74. 74. IDC.identify_me (*IDP, subject_token)
  75. 75. IDC.identify_me (*IDP, subject_token) IDP.identify_subject (subject_token, IDPname, requested_subject_attrs, requested_uses)
  76. 76. IDC.identify_me (*IDP, subject_token) IDP.identify_subject (subject_token, IDPname, requested_subject_attrs, requested_uses) subject_attrs, restrictions, challenge_token, response_token
  77. 77. IDC.identify_me (*IDP, subject_token) IDP.identify_subject (subject_token, IDPname, requested_subject_attrs, requested_uses) subject_attrs, restrictions, challenge_token, response_token subject.challenge (challenge_token)
  78. 78. IDC.identify_me (*IDP, subject_token) IDP.identify_subject (subject_token, IDPname, requested_subject_attrs, requested_uses) subject_attrs, restrictions, challenge_token, response_token subject.challenge (challenge_token) response_token
  79. 79. IDC.identify_me (*IDP, subject_token) IDP.identify_subject (subject_token, IDPname, requested_subject_attrs, requested_uses) subject_attrs, restrictions, challenge_token, response_token subject.challenge (challenge_token) response_token RINSE AND REPEAT FOR NEGOTIATION
  80. 80. USE CASES
  81. 81. IDP = subject IDC FIRST-PARTY REGISTRATION
  82. 82. IDP = subject IDC FIRST-PARTY AUTHENTICATION
  83. 83. subject IDC THIRD-PARTY REGISTRATION IDP
  84. 84. subject IDC THIRD-PARTY AUTHENTICATION IDP
  85. 85. BENEFITS
  86. 86. No identity information is exchanged until terms of use are negotiated
  87. 87. Both users and Identity Consumers can state terms and negotiate
  88. 88. Phishing defense via authentication of Identity Consumers
  89. 89. Simple, minimal "webdevified" API and protocol
  90. 90. Anonymity, pseudonymity, and "real names" are supported using a single API and protocol
  91. 91. First- and third-party identity producers are supported using a single API and protocol
  92. 92. Registration and authentication are supported using a single API and protocol
  93. 93. BOB.BLAKLEY @ CITI.COM
  94. 94. THANK YOU
  95. 95. I'LL BE HAPPYTO ANSWERYOUR QUESTIONS
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×