Mature Digital Trust Infrastructure - Are we there yet?
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share

Mature Digital Trust Infrastructure - Are we there yet?

  • 815 views
Uploaded on

Presented at the European e-Identity Management Conference 2011 in Tallinn, Estonia:...

Presented at the European e-Identity Management Conference 2011 in Tallinn, Estonia:
Reflections on current Government approaches to Trust, federation and identity management.  What needs to change as we move forward. We have come a long way with PKI, federation standards, trust frameworks, etc. but are we there yet? Where is there still work to be done and mindsets to be changed?

More in: Technology , Spiritual
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
815
On Slideshare
810
From Embeds
5
Number of Embeds
3

Actions

Shares
Downloads
8
Comments
0
Likes
0

Embeds 5

http://www.linkedin.com 3
http://paper.li 1
https://www.linkedin.com 1

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Mature Digital Trust Infrastructure Are we there yet? Søren Peter Nielsen, Chief IT Architect Danish National IT and Telecom Agency presented June 9th at European e-Identity Management Conference 2011 Tallinn, Estonia
  • 2. Identities in eGovernment - a look to the future
    • Mature Digital Trust Infrastructure - Are we there yet? Reflections on current Government approaches to Trust, federation and identity management.  What needs to change as we move forward. We have come a long way with PKI, federation standards, trust frameworks, etc. but are we there yet? Where is there still work to be done and mindsets to be changed?
  • 3. Conceptually – It seems simple
  • 4. Web SSO Model 1 4 5 6 3 Identity Provider “ Circle of Trust” Service Provider Authentication Authority Attribute Authority 7 2
  • 5. Federation Building Blocks Business & Operating Rules Operational Infrastructure Service Providers/ Identity Providers Policy Technical Standards Auditing / Accreditation
  • 6. Authentication Assurance Levels Factor Token Very High High Medium Low Employee Screening for a High Risk Job Obtaining Govt. Benefits Applying for a Loan Online Access to Protected Website PIN/User ID - Knowledge Strong Password - Based PKI/ Digital Signature Multi - Increased $ Cost Increased Need for Identity Assurance
  • 7. Areas that determine the Level of Assurance
    • Tokens (typically a cryptographic key or password) for proving identity,
    • Identity proofing, registration and the delivery of credentials which bind an identity to a token,
    • Remote authentication mechanisms, that is the combination of credentials,tokens and authentication protocols used to establish that a claimant is in fact the subscriber he or she claims to be,
    • Assertion mechanisms used to communicate the results of a remote authentication to other parties.
  • 8. EU eGov Benchmark 2010 Fundamental IT enablers Key Horizontal Enablers
  • 9. Have we crossed the chasm for eID?
  • 10. Do we have full adoption? Credit to: Simon Wardley
  • 11. Do we have the right assumptions? Intended Strategy Realised Strategy Fix This! Fixed! DeliberateStrategy IDM dev
  • 12. The world is not standing still Intended Strategy Realised Strategy Deliberate Strategy Unrealised Strategy Emergent Strategy Fixed! ???
  • 13. No organisation is an Island anymore
  • 14. But the approach to Identity and Access management is still rooted in industrial age thinking Architecture and mindsets are locked into the identification-oriented paradigm
  • 15. Areas with requirements determining Assurance level
    • Tokens (typically a cryptographic key or password) for proving identity ,
    • Identity proofing, registration and the delivery of credentials which bind an identity to a token ,
    • Remote authentication mechanisms, that is the combination of credentials,tokens and authentication protocols used to establish that a claimant is in fact the subscriber he or she claims to be,
    • Assertion mechanisms used to communicate the results of a remote authentication to other parties.
  • 16. Architecture and mindsets
    • Are locked into the identification-oriented paradigm
    • To grow adoption beyond what can be accomplished using current approaches an architecture that supports both the identification- and validation-oriented paradigms is needed
  • 17. Validation-oriented paradigm (i.e. the user can prove that he represents a pseudonym via a secret key). Instead of all applications identifying the users and coupling local data to the identity (e.g. SSN), data is coupled to virtual identities (pseudonyms), which are subject to validation
  • 18. Credit to: Simon Wardley
  • 19. Credit to: Simon Wardley
  • 20. Credit to: Simon Wardley identification- and validation- oriented paradigms identification- oriented paradigm
  • 21. Credit to: Simon Wardley Digital Trust Infrastructure
  • 22. Are We There Yet?
    • There is still a long way to go before we reach maturity
    • On the short run
      • We need to re-think our architecture to support a validation-orientated paradigm as well as an identification-oriented paradigm
    • On the long run
      • We need to be conscious that the world is not standing still while working on the Next Big IDM Thing
  • 23. Contact
    • Søren Peter Nielsen
    • Twitter.com/sorenp
    • [email_address]