Your SlideShare is downloading. ×
Mature Digital Trust Infrastructure - Are we there yet?
Mature Digital Trust Infrastructure - Are we there yet?
Mature Digital Trust Infrastructure - Are we there yet?
Mature Digital Trust Infrastructure - Are we there yet?
Mature Digital Trust Infrastructure - Are we there yet?
Mature Digital Trust Infrastructure - Are we there yet?
Mature Digital Trust Infrastructure - Are we there yet?
Mature Digital Trust Infrastructure - Are we there yet?
Mature Digital Trust Infrastructure - Are we there yet?
Mature Digital Trust Infrastructure - Are we there yet?
Mature Digital Trust Infrastructure - Are we there yet?
Mature Digital Trust Infrastructure - Are we there yet?
Mature Digital Trust Infrastructure - Are we there yet?
Mature Digital Trust Infrastructure - Are we there yet?
Mature Digital Trust Infrastructure - Are we there yet?
Mature Digital Trust Infrastructure - Are we there yet?
Mature Digital Trust Infrastructure - Are we there yet?
Mature Digital Trust Infrastructure - Are we there yet?
Mature Digital Trust Infrastructure - Are we there yet?
Mature Digital Trust Infrastructure - Are we there yet?
Mature Digital Trust Infrastructure - Are we there yet?
Mature Digital Trust Infrastructure - Are we there yet?
Mature Digital Trust Infrastructure - Are we there yet?
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Mature Digital Trust Infrastructure - Are we there yet?

689

Published on

Presented at the European e-Identity Management Conference 2011 in Tallinn, Estonia: …

Presented at the European e-Identity Management Conference 2011 in Tallinn, Estonia:
Reflections on current Government approaches to Trust, federation and identity management.  What needs to change as we move forward. We have come a long way with PKI, federation standards, trust frameworks, etc. but are we there yet? Where is there still work to be done and mindsets to be changed?

Published in: Technology, Spiritual
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
689
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
9
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Mature Digital Trust Infrastructure Are we there yet? Søren Peter Nielsen, Chief IT Architect Danish National IT and Telecom Agency presented June 9th at European e-Identity Management Conference 2011 Tallinn, Estonia
  • 2. Identities in eGovernment - a look to the future
    • Mature Digital Trust Infrastructure - Are we there yet? Reflections on current Government approaches to Trust, federation and identity management.  What needs to change as we move forward. We have come a long way with PKI, federation standards, trust frameworks, etc. but are we there yet? Where is there still work to be done and mindsets to be changed?
  • 3. Conceptually – It seems simple
  • 4. Web SSO Model 1 4 5 6 3 Identity Provider “ Circle of Trust” Service Provider Authentication Authority Attribute Authority 7 2
  • 5. Federation Building Blocks Business & Operating Rules Operational Infrastructure Service Providers/ Identity Providers Policy Technical Standards Auditing / Accreditation
  • 6. Authentication Assurance Levels Factor Token Very High High Medium Low Employee Screening for a High Risk Job Obtaining Govt. Benefits Applying for a Loan Online Access to Protected Website PIN/User ID - Knowledge Strong Password - Based PKI/ Digital Signature Multi - Increased $ Cost Increased Need for Identity Assurance
  • 7. Areas that determine the Level of Assurance
    • Tokens (typically a cryptographic key or password) for proving identity,
    • Identity proofing, registration and the delivery of credentials which bind an identity to a token,
    • Remote authentication mechanisms, that is the combination of credentials,tokens and authentication protocols used to establish that a claimant is in fact the subscriber he or she claims to be,
    • Assertion mechanisms used to communicate the results of a remote authentication to other parties.
  • 8. EU eGov Benchmark 2010 Fundamental IT enablers Key Horizontal Enablers
  • 9. Have we crossed the chasm for eID?
  • 10. Do we have full adoption? Credit to: Simon Wardley
  • 11. Do we have the right assumptions? Intended Strategy Realised Strategy Fix This! Fixed! DeliberateStrategy IDM dev
  • 12. The world is not standing still Intended Strategy Realised Strategy Deliberate Strategy Unrealised Strategy Emergent Strategy Fixed! ???
  • 13. No organisation is an Island anymore
  • 14. But the approach to Identity and Access management is still rooted in industrial age thinking Architecture and mindsets are locked into the identification-oriented paradigm
  • 15. Areas with requirements determining Assurance level
    • Tokens (typically a cryptographic key or password) for proving identity ,
    • Identity proofing, registration and the delivery of credentials which bind an identity to a token ,
    • Remote authentication mechanisms, that is the combination of credentials,tokens and authentication protocols used to establish that a claimant is in fact the subscriber he or she claims to be,
    • Assertion mechanisms used to communicate the results of a remote authentication to other parties.
  • 16. Architecture and mindsets
    • Are locked into the identification-oriented paradigm
    • To grow adoption beyond what can be accomplished using current approaches an architecture that supports both the identification- and validation-oriented paradigms is needed
  • 17. Validation-oriented paradigm (i.e. the user can prove that he represents a pseudonym via a secret key). Instead of all applications identifying the users and coupling local data to the identity (e.g. SSN), data is coupled to virtual identities (pseudonyms), which are subject to validation
  • 18. Credit to: Simon Wardley
  • 19. Credit to: Simon Wardley
  • 20. Credit to: Simon Wardley identification- and validation- oriented paradigms identification- oriented paradigm
  • 21. Credit to: Simon Wardley Digital Trust Infrastructure
  • 22. Are We There Yet?
    • There is still a long way to go before we reach maturity
    • On the short run
      • We need to re-think our architecture to support a validation-orientated paradigm as well as an identification-oriented paradigm
    • On the long run
      • We need to be conscious that the world is not standing still while working on the Next Big IDM Thing
  • 23. Contact
    • Søren Peter Nielsen
    • Twitter.com/sorenp
    • [email_address]

×