0
Mature Digital Trust Infrastructure  Are we there yet? Søren Peter Nielsen, Chief IT Architect Danish National IT and Tele...
Identities in eGovernment - a look to the future <ul><li>Mature Digital Trust Infrastructure - Are we there yet? Reflectio...
Conceptually – It seems simple
Web SSO Model 1 4 5 6 3 Identity Provider “ Circle of Trust” Service Provider Authentication Authority Attribute Authority...
Federation Building Blocks Business & Operating Rules Operational  Infrastructure Service Providers/   Identity Providers ...
Authentication Assurance Levels Factor Token Very  High High Medium Low Employee  Screening  for a High  Risk Job Obtainin...
Areas that determine the  Level of Assurance <ul><li>Tokens (typically a cryptographic key or password) for proving identi...
EU eGov Benchmark 2010 Fundamental IT enablers Key Horizontal Enablers
Have we crossed the chasm for eID?
Do we have full adoption? Credit to: Simon Wardley
Do we have the right assumptions? Intended Strategy Realised Strategy Fix This! Fixed! DeliberateStrategy IDM dev
The world is not standing still Intended Strategy Realised Strategy Deliberate Strategy Unrealised  Strategy Emergent Stra...
No organisation is an Island anymore
But the approach to Identity and Access management is still rooted in industrial age thinking Architecture and mindsets ar...
Areas with requirements determining Assurance level <ul><li>Tokens (typically a cryptographic key or password) for  provin...
Architecture and mindsets <ul><li>Are locked into the  identification-oriented paradigm </li></ul><ul><li>To grow adoption...
Validation-oriented paradigm (i.e. the user can prove that he represents a pseudonym via a secret key).  Instead of all ap...
Credit to: Simon Wardley
Credit to: Simon Wardley
Credit to: Simon Wardley identification-  and validation- oriented  paradigms  identification-  oriented  paradigm
Credit to: Simon Wardley Digital Trust  Infrastructure
Are We There Yet? <ul><li>There is still a long way to go before we reach maturity </li></ul><ul><li>On the short run </li...
Contact <ul><li>Søren Peter Nielsen </li></ul><ul><li>Twitter.com/sorenp </li></ul><ul><li>[email_address] </li></ul>
Upcoming SlideShare
Loading in...5
×

Mature Digital Trust Infrastructure - Are we there yet?

699

Published on

Presented at the European e-Identity Management Conference 2011 in Tallinn, Estonia:
Reflections on current Government approaches to Trust, federation and identity management.  What needs to change as we move forward. We have come a long way with PKI, federation standards, trust frameworks, etc. but are we there yet? Where is there still work to be done and mindsets to be changed?

Published in: Technology, Spiritual
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
699
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
9
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Mature Digital Trust Infrastructure - Are we there yet?"

  1. 1. Mature Digital Trust Infrastructure Are we there yet? Søren Peter Nielsen, Chief IT Architect Danish National IT and Telecom Agency presented June 9th at European e-Identity Management Conference 2011 Tallinn, Estonia
  2. 2. Identities in eGovernment - a look to the future <ul><li>Mature Digital Trust Infrastructure - Are we there yet? Reflections on current Government approaches to Trust, federation and identity management.  What needs to change as we move forward. We have come a long way with PKI, federation standards, trust frameworks, etc. but are we there yet? Where is there still work to be done and mindsets to be changed? </li></ul>
  3. 3. Conceptually – It seems simple
  4. 4. Web SSO Model 1 4 5 6 3 Identity Provider “ Circle of Trust” Service Provider Authentication Authority Attribute Authority 7 2
  5. 5. Federation Building Blocks Business & Operating Rules Operational Infrastructure Service Providers/ Identity Providers Policy Technical Standards Auditing / Accreditation
  6. 6. Authentication Assurance Levels Factor Token Very High High Medium Low Employee Screening for a High Risk Job Obtaining Govt. Benefits Applying for a Loan Online Access to Protected Website PIN/User ID - Knowledge Strong Password - Based PKI/ Digital Signature Multi - Increased $ Cost Increased Need for Identity Assurance
  7. 7. Areas that determine the Level of Assurance <ul><li>Tokens (typically a cryptographic key or password) for proving identity, </li></ul><ul><li>Identity proofing, registration and the delivery of credentials which bind an identity to a token, </li></ul><ul><li>Remote authentication mechanisms, that is the combination of credentials,tokens and authentication protocols used to establish that a claimant is in fact the subscriber he or she claims to be, </li></ul><ul><li>Assertion mechanisms used to communicate the results of a remote authentication to other parties. </li></ul>
  8. 8. EU eGov Benchmark 2010 Fundamental IT enablers Key Horizontal Enablers
  9. 9. Have we crossed the chasm for eID?
  10. 10. Do we have full adoption? Credit to: Simon Wardley
  11. 11. Do we have the right assumptions? Intended Strategy Realised Strategy Fix This! Fixed! DeliberateStrategy IDM dev
  12. 12. The world is not standing still Intended Strategy Realised Strategy Deliberate Strategy Unrealised Strategy Emergent Strategy Fixed! ???
  13. 13. No organisation is an Island anymore
  14. 14. But the approach to Identity and Access management is still rooted in industrial age thinking Architecture and mindsets are locked into the identification-oriented paradigm
  15. 15. Areas with requirements determining Assurance level <ul><li>Tokens (typically a cryptographic key or password) for proving identity , </li></ul><ul><li>Identity proofing, registration and the delivery of credentials which bind an identity to a token , </li></ul><ul><li>Remote authentication mechanisms, that is the combination of credentials,tokens and authentication protocols used to establish that a claimant is in fact the subscriber he or she claims to be, </li></ul><ul><li>Assertion mechanisms used to communicate the results of a remote authentication to other parties. </li></ul>
  16. 16. Architecture and mindsets <ul><li>Are locked into the identification-oriented paradigm </li></ul><ul><li>To grow adoption beyond what can be accomplished using current approaches an architecture that supports both the identification- and validation-oriented paradigms is needed </li></ul>
  17. 17. Validation-oriented paradigm (i.e. the user can prove that he represents a pseudonym via a secret key). Instead of all applications identifying the users and coupling local data to the identity (e.g. SSN), data is coupled to virtual identities (pseudonyms), which are subject to validation
  18. 18. Credit to: Simon Wardley
  19. 19. Credit to: Simon Wardley
  20. 20. Credit to: Simon Wardley identification- and validation- oriented paradigms identification- oriented paradigm
  21. 21. Credit to: Simon Wardley Digital Trust Infrastructure
  22. 22. Are We There Yet? <ul><li>There is still a long way to go before we reach maturity </li></ul><ul><li>On the short run </li></ul><ul><ul><li>We need to re-think our architecture to support a validation-orientated paradigm as well as an identification-oriented paradigm </li></ul></ul><ul><li>On the long run </li></ul><ul><ul><li>We need to be conscious that the world is not standing still while working on the Next Big IDM Thing </li></ul></ul>
  23. 23. Contact <ul><li>Søren Peter Nielsen </li></ul><ul><li>Twitter.com/sorenp </li></ul><ul><li>[email_address] </li></ul>
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×