Higgins active clients and personal data stores v2


Published on

Published in: Technology
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Higgins active clients and personal data stores v2

  1. 1. Higgins, Active Clients, & Personal Data Stores<br />Paul Trevithick<br />http://project-higgins.org <br />September 2010<br />v2<br />
  2. 2. “On the Internet, nobody knows you’re a dog”<br />2<br />Copyright (c) 2010 Paul Trevithick<br />
  3. 3. Why is this?<br />3<br />Copyright (c) 2010 Paul Trevithick<br />
  4. 4. Our user agents don’t know us<br />Silo A<br />Silo B<br />Silo C<br />Browser<br />Browser<br />Browser<br />4<br />Copyright (c) 2010 Paul Trevithick<br />
  5. 5. Silo A<br />Silo B<br />Silo C<br />Browser<br />Browser<br />Browser<br />We all experience the result<br />Type, type, type. Click, click, click. Endless form filling as we populate each silo with descriptions of ourselves<br />5<br />Copyright (c) 2010 Paul Trevithick<br />
  6. 6. Implications<br />Personal information is spread across all these silos<br />No way to control my digital footprint<br />Information about me (esp. my social graph) isn’t portable<br />My personal data is no longer mine (from a rights POV)<br />No way to move verified attributes from A to B<br />Privacy concerns (e.g. tracking cookies, correlatable identifiers)<br />6<br />Copyright (c) 2010 Paul Trevithick<br />
  7. 7. Missing: an agent of the user<br />What goes here?<br /> Something that:<br />Centralizes control (by me) over my data whereever it lives<br />Supports my multiple identities and attribute authorities<br />Moves data (preferences, affiliations, ids, healthcare records, etc.) between the silos and between people <br />Allows me to control who has access to my data<br />7<br />Copyright (c) 2010 Paul Trevithick<br />
  8. 8. Enter the active client<br />Portability: profile & social networking attributes are made portable by Information Cards<br />Any kind of information:<br />your preferences, friends, favorite songs, employee id numbers, drivers licenses, affiliations, your health plan id, etc., can be on a card.<br />Cards are managed in a local active client “wallet” (aka Selector) such as Microsoft CardSpace™, Higgins, Azigo™, etc. running on your desktop or mobile device and integrated with your browser<br />8<br />Copyright (c) 2010 Paul Trevithick<br />
  9. 9. Information Cards and first generation active clients<br />2007: Microsoft CardSpace (built into Windows 7 & Vista) <br />2008: Higgins and OpenInfocard open source projects<br />2008: June: Information Card Foundation founded<br />2009: OASIS IMI Standard<br />9<br />Copyright (c) 2010 Paul Trevithick<br />
  10. 10. Higgins history<br />Began in 2003 in affiliation with Harvard’s Berkman Center<br />Moved to the Eclipse Foundation in 2004<br />IBM, Novell, and others contributed developers during 2005-2008<br />Google and Oracle began contributing in 2007<br />Higgins 1.0 was released in 2008<br />Higgins code is part of commercial products from Novell, IBM, Google, Serena, Azigo, and others<br />Higgins 1.1 (Adobe AIR & iPhone) Q4 2010<br />http://higgins-project.org <br />10<br />Copyright (c) 2010 Paul Trevithick<br />
  11. 11. Higgins goals<br />User-centered design <br />Shift control to the user over their own digital identity<br />Enhance privacy and security<br />Provide a simple, consistent, card-based user experience<br />Active client-based architecture<br />Data integration<br />Integrate user’s profiles & social networks across data silos and apps<br />Develop a common data model<br />Distributed cross-silo linking of data<br />Extensible architecture based on frameworks & plugins<br />Designed for interoperability<br />Cross-protocol (Infocard, OpenID, SAML, un/pw…)<br />Authentication-technology agnostic<br />Cross-platform (Windows, Mac, Linux, Mobile…)<br />Open source, community-based project<br />Business model friendly EPL license<br />11<br />Copyright (c) 2010 Paul Trevithick<br />
  12. 12. Timeline<br />Information Card Foundation Launched <br />June 2008<br />Higgins 1.1<br />Q4 2010<br />Higgins 1.0<br />Feb 2008<br />CardSpace™Jan 2007<br />2004<br />2005<br />2006<br />2007<br />2008<br />2009<br />2010<br />12<br />Copyright (c) 2010 Paul Trevithick<br />
  13. 13. Multiple, partial identities<br />Verified Claims<br />Loyalty<br />Payment<br />eGov<br />13<br />Copyright (c) 2010 Paul Trevithick<br />
  14. 14. Managed vs. personal<br />Managed: What another says about you<br /><ul><li>Name
  15. 15. Address
  16. 16. Date of Birth
  17. 17. License number</li></ul>Personal: What you say about you<br /><ul><li>Name
  18. 18. Gender
  19. 19. Like to rock climb, fly fish, mountain bike, play piano
  20. 20. No kids
  21. 21. Profession: Medical doctor</li></ul>14<br />Copyright (c) 2010 Paul Trevithick<br />
  22. 22. Card-based login UX <br />Click<br />15<br />Copyright (c) 2010 Paul Trevithick<br />
  23. 23. Card-based login benefits<br />Per-site passwords are eliminated<br />Anti-phishing protection<br />Site declares what claims (attributes) it needs or desires<br />User reviews and consents to all release<br />Privacy enhancing minimal disclosure<br />16<br />Copyright (c) 2010 Paul Trevithick<br />
  24. 24. Platform support for Infocard<br />Windows<br />Microsoft CardSpace™, Higgins AIR, OpenInfocard (Firefox)<br />Mac<br />Novell DigitalMe™, Higgins AIR, OpenInfocard (Firefox)<br />iPhone<br />Higgins<br />Browsers<br />Firefox: Higgins, OpenInfocard<br />IE: CardSpace, Higgins<br />Chrome: Higgins (1.1)<br />Safari: Higgins (1.1) <br />17<br />Copyright (c) 2010 Paul Trevithick<br />
  25. 25. Interoperability demo at RSA 2008<br />18<br />Copyright (c) 2010 Paul Trevithick<br />
  26. 26. Interoperability demo at RSA 2008<br />19<br />Copyright (c) 2010 Paul Trevithick<br />
  27. 27. Infocard actors<br />P<br />R<br />Identity Provider (Card Issuer)<br />Relying Party <br />(Card Accepter)<br />B<br />Browser<br />S<br />Selector (Active Cient)<br />User<br />20<br />Copyright (c) 2010 Paul Trevithick<br />
  28. 28. Personal card data flow<br />P<br />R<br />B<br />S<br />Personal<br />Card<br />21<br />Copyright (c) 2010 Paul Trevithick<br />
  29. 29. Managed card data flow<br />P<br />R<br />points to security token service<br />B<br />S<br />has<br />Managed<br />Card<br />22<br />Copyright (c) 2010 Paul Trevithick<br />
  30. 30. Infocard: the good news<br />Infocard IMI protocol is an OASIS specification<br />First gen clients/selectors are available for multiple desktop and mobile platforms and for IE, Firefox, Safari and Chrome<br />Major firms have stood up card issuing sites (Equifax, Acxiom, PayPal, etc.)<br />Infocards adopted as part of the US eGov “ICAM” program<br />Infocard and OpenID foundations worked together to found the OpenIdentityExhange.org and have been instrumental in putting forward the notion of Trust frameworks. Trust frameworks are a key part of the forthcoming US government NSTIC strategy<br />23<br />Copyright (c) 2010 Paul Trevithick<br />
  31. 31. Infocard: a work in progress<br />There remain great hopes for the emergence of medium-scale “lighthouse” relying party websites (e.g. agencies of the US Federal government) that will demonstrate the business value of infocards and drive understanding and adoption<br />Information Card Foundation is structurally transforming itself to better support its mission in the next phase<br />We’ve learned from our first generation products<br />There’s room for improvement in the UX, the implementations, and working more collaboratively with other identity technologies<br />These learnings are driving the next generation…<br />24<br />Copyright (c) 2010 Paul Trevithick<br />
  32. 32. Higgins 2.0 and next gen Active Clients<br />
  33. 33. Higgins 2.0<br />UX: <br />A less “in your face” UI WRT privacy & security. Rely more on trust frameworks.<br />Faster, smoother browser add-on UX for download and installation<br />Brokered authentication: Reduce per-IdP (per-card) passwords/challenges<br />Adopt a cross-protocol “better with” strategy <br />Embrace and add value to OpenID, SAML, WebID?, userid-passwords?<br />Track MozillaLabs work on Account Manager<br />Harmonize UX with UX from OpenID, Facebook Connect, etc. (See Kantara ULX WG), and also with “cloud-based identity selection agents”<br />New desktop architecture: browser add-on + OS service + “dashboard” UI<br />iPhone and (hopefully) Android implementations<br />Personal Data Store<br />Blinded data store (using Nigori technology)<br />Interoperability from Persona data model 2.0<br />Relationship cards: build continuous bi-directional connection<br />App-cards: Javascript-bearing cards; active client as a platform <br />26<br />Copyright (c) 2010 Paul Trevithick<br />
  34. 34. Interests<br />Searches<br />Purchases<br />Passwords<br />Addresses<br />Payment cards<br />Location<br />Social graph<br />Active client as “digital me”<br />27<br />Copyright (c) 2010 Paul Trevithick<br />
  35. 35. Even tighter (and lower latency) integration with browsers & apps <br />Browser or Appr<br />Browser or App<br />Browser<br />Form fill<br />Data capture<br />Active Client<br />28<br />Copyright (c) 2010 Paul Trevithick<br />
  36. 36. General purpose Personal Data Store sync & backup; not just a “card roaming” service<br />Browser or App<br />App<br />Active Client<br />Active Client<br />PDS<br />Blinded data<br />29<br />Copyright (c) 2010 Paul Trevithick<br />
  37. 37. Rich Personal Data Store(s)<br />30<br />Copyright (c) 2010 Paul Trevithick<br />
  38. 38. Persona Data Model 2.0<br />A vocabulary of attributes to describe a person<br />Card metaphor<br />Profiles (e.g. “what amazon knows about you”)<br />Reusable personas/roles (e.g. “work”, “anonymous”)<br />RDF/OWL based. Builds on existing vocabularies:<br />FOAF<br />vCARD<br />geoLocation<br />SKOS<br />http://wiki.eclipse.org/Persona_Data_Model_2.0<br />31<br />Copyright (c) 2010 Paul Trevithick<br />
  39. 39. PDS API <br />XDI<br />Read/write attributes using OASIS XDI messages<br />RESTful-ish: GET, ADD, MOD, DEL messages tunneled within POST<br />OAuth <br />Authentication/Authorization<br />ActivityStreams (end of 2010)<br />Atom feed to indicate “data update” events<br />PubSubHubBub (end of 2010)<br />Allows client apps to proactively receive notification of “data update” events in the ActivityStream<br />SPARQL/Update (Q2 2011)<br />Proposed alternative to XDI <br />32<br />Copyright (c) 2010 Paul Trevithick<br />
  40. 40. Relationship-cards<br /> What they are<br />Attributes can be “by reference” instead of just “by value”<br />Card conveys a “UDI” (Linked Data or XRI) URI reference<br />UDIs assume dynamic discovery (XRDS or Linked Data 303)<br /> Benefits<br />Continuous data feed is established (vs. static one shot)<br />Read/Write (vs. read only, unidirectional)<br />33<br />Copyright (c) 2010 Paul Trevithick<br />
  41. 41. Javascript bearing app-cards<br />Cards link to a Javascript program<br />Javascript can be injected into the browser to perform<br />Supports client-side mashups, aka “web augmentation”, aka browser overlays<br />Supports Kynetx.com KNS service<br />34<br />Copyright (c) 2010 Paul Trevithick<br />
  42. 42. App-card admin UI mockup<br />35<br />Copyright (c) 2010 Paul Trevithick<br />
  43. 43. Active client as platform<br />Javascript from an app-card can be injected into browser can call Client API<br />Browser<br />Mobile or Desktop App<br />Javascript from an app-cards can be injected into Dashboard can provide “admin UI” via PDS Cient API <br />Dashboard (UI)<br />Native call to Client API<br />PDS Client API<br />PDS Client<br />Web apps can access PDS via XDI or SPARQL + ActivityStreams + PSHB<br />PDS<br />36<br />Copyright (c) 2010 Paul Trevithick<br />
  44. 44. PDS and active clients: related work<br />User-centric identity (2005)<br />Letting people control their own identities, identifiers. OpenID, Infocard, WebID, OAuth 2.0<br />Data Portability.org (2007)<br />A “borderless experience”<br />VRM (Vendor Relationship Management) (2008)<br />Shifting more control to the customer<br />Mozilla Labs: (2009)<br />Identity in the browser: Weave; Account Manager<br />Federated Social Networks (2010)<br />Distributed Facebook (e.g. Diaspora & many others)<br />David Siegel: Pull: “Personal Data Locker” (2010)<br />World Economic Forum (2010): Personal Data Management Initiative<br />37<br />Copyright (c) 2010 Paul Trevithick<br />
  45. 45. Appendix AHow managed cards work<br />
  46. 46. Managed Card:Alice goes to site<br />P<br />R<br />B<br />S<br />39<br />Copyright (c) 2010 Paul Trevithick<br />
  47. 47. Managed Card: Selector retrieves policy<br />P<br />R<br />Required and Optional Claims<br />B<br />S<br />40<br />Copyright (c) 2010 Paul Trevithick<br />
  48. 48. Managed Card: Display cards that match policy<br />P<br />R<br />B<br />S<br />41<br />Copyright (c) 2010 Paul Trevithick<br />
  49. 49. B<br />S<br />Managed Card: Alice selects a card<br />P<br />R<br />42<br />Copyright (c) 2010 Paul Trevithick<br />
  50. 50. Managed Card: Auth to IdP<br />P<br />R<br />B<br />S<br />43<br />Copyright (c) 2010 Paul Trevithick<br />
  51. 51. Managed Card: Generate token<br />P<br />R<br />B<br />S<br />44<br />Copyright (c) 2010 Paul Trevithick<br />
  52. 52. Managed Card: Browser sends token<br />P<br />R<br />Set of Claims<br />B<br />S<br />45<br />Copyright (c) 2010 Paul Trevithick<br />
  53. 53. Managed Card: Validate token<br />P<br />R<br />B<br />S<br />46<br />Copyright (c) 2010 Paul Trevithick<br />
  54. 54. Managed Card: Alice accesses resource<br />P<br />R<br />B<br />S<br />47<br />Copyright (c) 2010 Paul Trevithick<br />
  55. 55. Appendix BHow relationship cards work<br />
  56. 56. Personal r-card: first time flow<br />Personal Data Agent/Store<br />(in the cloud)<br />A<br />R<br />P<br />Set of Claims & Ptr<br />B<br />S<br />Personal R-Card<br />49<br />Copyright (c) 2010 Paul Trevithick<br />
  57. 57. Personal r-card steady state<br />A<br />Continuous connection (RDF, XDI, etc.)<br />R<br />P<br />B<br />S<br />50<br />Copyright (c) 2010 Paul Trevithick<br />
  58. 58. Managed r-card initial flow<br />A<br />R<br />P<br />Set of Claims & Ptr<br />B<br />S<br />has<br />Managed<br />R-Card<br />51<br />Copyright (c) 2010 Paul Trevithick<br />
  59. 59. Managed r-card steady state<br />Kantara UMA Authorization Manager<br />A<br />control<br />control<br />control<br />Continuous connection<br />R<br />P<br />B<br />S<br />has<br />Managed<br />R-Card<br />52<br />Copyright (c) 2010 Paul Trevithick<br />
  60. 60. Appendix CExample PDS Client API<br />
  61. 61. Active client API<br />getExAttributes (string rp, string audience, Attribute attributes, Where where, function responseCallback)<br />rp: string identifier of the "next hop" attribute data sink. It is expressed in as detailed a form as possible. <br />audience: string. Must match either the agent or the rp parameter value or be nil. If not nil, then indicates whether to encrypt tokens for the agent or the rp. <br />attributes: set of (attribute, optional, authorities) tuples where: <br />attribute is a URI indicating the attribute type<br />optional is a boolean (if true then this attribute is desired but not required)<br />authorities is a list of domains that are considered by the caller as authoritative WRT this attribute and thus must be used as the source of the attribute, if this list is nil then self asserted values are acceptable. If authority == dev (where dev is the developer of app-card) then only the "host" card of that app will be allowed as the source of attributes.<br />where: is a set of (attribute, value-expression) tuples where: <br />attribute: is the attribute URI<br />value-expression: regex expression<br />responseCallback: Represents event listener (name of the JS function). If the value of 'onready' is an empty string, then browser extension executes an synchronous query, otherwise extension does an asynchronous query. The result will be passed as a parameter to the function responseCallback<br />54<br />Copyright (c) 2010 Paul Trevithick<br />