Identity SystemsJim Fenton
“Defining identity is like nailing Jell-O® to the wall.”– Source Uncertain                                                ...
Terminology  Subject            The person (usually) whose identity is involved            Sometimes called the User  Re...
A Basic Identity System                                                                                      Government   ...
A Basic Identity System                                                                                                Gov...
A Basic Identity System                                                                                                   ...
Elements of Identity Management                                                           Percent   Authentication        ...
User Trust  User trust in their Identity Provider is fundamental            Not all users trust any one entity           ...
Authentication                                                                        Flickr photo by shannonpatrick17Fent...
Authentication Methods  Methods useful for user authentication are   situation-specific            Type of endpoint being...
Authentication Strength  Authentication strength should depend on   transaction value            iTunes purchase (99 cent...
Authentication Endpoint Diversity  The Web is pervasive, but not everything is a   browser  Examples            Vending ...
Security Opportunities  Users that authenticate frequently at a given service   are more likely to detect anomalies      ...
CredentialManagementFenton 091120   © 2009 Cisco Systems, Inc. All rights reserved.   Cisco Public   Imagery supplied by P...
Credential Management: Functions  Act as a “key cabinet” for the user            Each relying party has its own credentia...
Directed Identity  It should not necessarily be possible for different   Relying Parties to correlate identifiers        ...
Security and Availability Issues  Security            The credential store is a very high-value target            Credent...
AttributeManagementFenton 091120   © 2009 Cisco Systems, Inc. All rights reserved.   Cisco Public   18
Distributed Attributes  Self-asserted attributes have limited utility  Authoritative sources for different attributes co...
Attribute Distribution: Example                                                                           Healthcare      ...
Attribute Distribution: Example                                                                           Healthcare      ...
Attribute Distribution: Example                                                                     Healthcare            ...
Attribute Distribution: Example                                                                      Healthcare           ...
Attribute Trust  Federation: Prearranged trust relationships            Personnel Security Clearances among Federal agenc...
Identity Provider Trust  Identity Provider has a fiduciary responsibility  To the Subject:            Must use credentia...
SummaryFenton 091120   © 2009 Cisco Systems, Inc. All rights reserved.   Cisco Public   26
Observations  Scaling is critical            Technical (protocol) aspects of scaling are a solved            problem     ...
Identity systems
Upcoming SlideShare
Loading in...5
×

Identity systems

420

Published on

Published in: Technology, Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
420
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
12
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Identity systems

  1. 1. Identity SystemsJim Fenton
  2. 2. “Defining identity is like nailing Jell-O® to the wall.”– Source Uncertain Flickr photo by stevendepoloFenton 091120 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 2
  3. 3. Terminology  Subject The person (usually) whose identity is involved Sometimes called the User  Relying Party The entity the Subject is interacting with Sometimes called the Service Provider  Attribute A piece of information about the Subject Sometimes called a ClaimFenton 091120 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 3
  4. 4. A Basic Identity System Government Identity Provider Authentication Request Commerce Social MediaFenton 091120 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 4
  5. 5. A Basic Identity System Government Identity User Provider User Credentials Authentication Commerce Social MediaFenton 091120 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 5
  6. 6. A Basic Identity System Government Identity Authorize Info Provider Attribute Request/ Release Response Commerce Social MediaFenton 091120 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 6
  7. 7. Elements of Identity Management Percent Authentication Credential ManagementEstablish who the Subject is Prove to Relying Parties who the Subject is Attribute Management Provide information about the SubjectFenton 091120 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 7
  8. 8. User Trust  User trust in their Identity Provider is fundamental Not all users trust any one entity Most likely to trust entities they do business with and strong, trusted brands Different trusted entities in different cultures  An ecosystem of identity providers is required Users need to choose their own identity provider Need to consider ability to migrate to a different provider if requiredFenton 091120 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 8
  9. 9. Authentication Flickr photo by shannonpatrick17Fenton 091120 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 9
  10. 10. Authentication Methods  Methods useful for user authentication are situation-specific Type of endpoint being used Required authentication strength (transaction value, etc.)  Problem: Many existing identity systems are bound tightly to specific authentication methodsFenton 091120 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 10
  11. 11. Authentication Strength  Authentication strength should depend on transaction value iTunes purchase (99 cents) vs. vehicle purchase  NIST Special Pub 800-63 defines 4 levels: Level 1: Minimal challenge/response Level 2: Single-factor identity proofing Level 3: Multi-factor identity proofing Level 4: Hardened multi-factor  Relying party specifies the required strength to the identity management systemFenton 091120 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 11
  12. 12. Authentication Endpoint Diversity  The Web is pervasive, but not everything is a browser  Examples Vending Machines Set-top boxes Doors (physical security)  Modular approaches to authentication needed to consider a wide range of use casesFenton 091120 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 12
  13. 13. Security Opportunities  Users that authenticate frequently at a given service are more likely to detect anomalies More likely to be suspicious about, for example, lack of a certificate Browsers can be configured to specially flag “chosen” identity providers  Identity providers can detect anomalous user behavior Similar to detection of fraudulent credit card transactions Business/policy framework should encourage thisFenton 091120 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 13
  14. 14. CredentialManagementFenton 091120 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public Imagery supplied by Photodisc/Getty Images 14
  15. 15. Credential Management: Functions  Act as a “key cabinet” for the user Each relying party has its own credentials  Support Directed Identity Prevent undesired release of correlation handles Identifiers to Relying Parties are opaque by default  Enforce secure use of credentials Require use of secure channel (e.g., SSL)Fenton 091120 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 15
  16. 16. Directed Identity  It should not necessarily be possible for different Relying Parties to correlate identifiers Insurance company vs. supermarket account Pseudonymous identifiers for tip hotlines  Users may still choose to link relying parties’ identifiers  Attributes may also provide correlation handles  Credential manager can be subpoenaed if appropriateFenton 091120 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 16
  17. 17. Security and Availability Issues  Security The credential store is a very high-value target Credentials can be distributed to diffuse attack High-level physical security is also required  Availability Failure of an Identity Manager may have severe impact on its Subjects Solvable problem, but needs to be addressedFenton 091120 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 17
  18. 18. AttributeManagementFenton 091120 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 18
  19. 19. Distributed Attributes  Self-asserted attributes have limited utility  Authoritative sources for different attributes come from different places FICO scores from a credit bureau Driving record from state Motor Vehicle Department Proof of employment from employer  Identity system has a role in locating trustable sources of attributes  Attributes delivered as signed assertionsFenton 091120 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 19
  20. 20. Attribute Distribution: Example Healthcare Provider Identity Provider Authorization “Is subject 21?” Request Request Wine Merchant Motor Vehicle DepartmentFenton 091120 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 20
  21. 21. Attribute Distribution: Example Healthcare Provider Identity Provider Release Trust Negotiation Authorization Wine Merchant Motor Vehicle DepartmentFenton 091120 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 21
  22. 22. Attribute Distribution: Example Healthcare Provider Identity Provider “Is subject 21?” Request Wine Merchant Motor Vehicle DepartmentFenton 091120 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 22
  23. 23. Attribute Distribution: Example Healthcare Provider Identity Provider “Subject is 21 or over” –DMV Wine Merchant Motor Vehicle DepartmentFenton 091120 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 23
  24. 24. Attribute Trust  Federation: Prearranged trust relationships Personnel Security Clearances among Federal agencies Business partners  Accreditation: Indirect federation Financial institutions, schools Scales much better than direct federationFenton 091120 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 24
  25. 25. Identity Provider Trust  Identity Provider has a fiduciary responsibility  To the Subject: Must use credentials only for the proper Subject  To Relying Parties: Must associate attribute requests and responses reliably  Identity Provider may coincidentally function as an Attribute Provider Functions should be considered separate to maintain privacyFenton 091120 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 25
  26. 26. SummaryFenton 091120 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 26
  27. 27. Observations  Scaling is critical Technical (protocol) aspects of scaling are a solved problem Scaling of trust relationships is the real limitation  Chosen technologies need to consider a very wide range of use cases  An ecosystem of identity and attribute providers is needed Need business models for these functions Public policy should encourage constructive behavior and help these entities manage liability exposureFenton 091120 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 27
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×