Successfully reported this slideshow.

Workshop Personalization

602 views

Published on

Slides for a workshop on personalization, authorization and authentication.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Workshop Personalization

  1. 1. q.o.t.d. "Besides the noble art of getting things done, there is the noble art of leaving things undone. The wisdom of life consists in the elimination of non essentials." - Lin Yutang
  2. 2. workshop topic AuthN AuthZ Personalization
  3. 3. rules 1) religion is not a subject 2) “celebrate the differences” 3) fail and learn
  4. 4. goal Personalization with the exchange of the least possible identity related information. (is this user-centric identity management?)
  5. 5. definitions <ul><li>Authentication: “ The act of proving who you are, and ” </li></ul><ul><li>Authorization: “ the act of getting what you need, ” </li></ul><ul><li>Personalization: “ the way you want it. ” </li></ul><ul><li>Persona: mask </li></ul><ul><li>Identity: formed by context </li></ul><ul><li>Attributive use of descriptions: context information </li></ul><ul><li>Referential use of descriptions: definiteness on the persona. 1) 2) </li></ul>
  6. 6. things done Een SAML front-end voor DigID test tussen Buza en rijksoverheid.nl
  7. 7. things done Een OpenID + Ax test tussen BZK en FaSam.
  8. 8. show hands OpenID/Oauth SAMLv2 Infocards/Cardspace XACML/PIP, PEP, PAP, PDP Attribute/Claims Based Access Control
  9. 9. Tools Identity Stores (You) Network (Maurice) Wisdom (everyone)
  10. 10. semantics anyone? Epistemology Ontology
  11. 11. backup
  12. 13. everything is a file
  13. 14. user centric
  14. 15. Notes <ul><li>Van den Hoven first suggested that Keith Donellan (1966) distinguished between referential use of descriptions and attributive use of descriptions. </li></ul><ul><li>Huits-Manders suggests that better privacy protection can be achieved by using this difference. Both types represent identity-relevant information . (Searl: 'de re'/'de dicto' and 'rev'/'att' have primary v. secondary aspects as real distinctions) </li></ul><ul><li>From 1) + 2) the question follows: how does this difference influence Identity & Access Management? </li></ul><ul><li>Derived principle (1): an authoritative IdP does not send referential descriptions. </li></ul><ul><li>Derived principle (2): an authoritative IdP can relay questions on referential descriptions. </li></ul>
  15. 16. Authentication (AuthN) <ul><li>user-id/ww </li></ul><ul><ul><li>token voor de gebruiker/ </li></ul></ul><ul><ul><li>token van de gebruiker (“They can read minds nowadays, you know that? Only numbers so far, because that's all they could test on mice.”) </li></ul></ul><ul><li>pas </li></ul><ul><ul><li>token voor de gebruiker/ </li></ul></ul><ul><ul><li>token van de gebruiker (the mind-read mice!, cloning!) </li></ul></ul><ul><li>Consume </li></ul><ul><li>Provide </li></ul>
  16. 18. Authorization (AuthZ) <ul><li>getting what you need versus offering what you have? </li></ul><ul><li>Line of thought: in a network everything of value is a controlled endpoint. </li></ul><ul><li>Access is granted based upon proof </li></ul><ul><li>Proof can be anything that is agreed upon. </li></ul><ul><li>Trust is irrelevant. </li></ul><ul><li>Resistance is not. </li></ul>
  17. 19. Personalisation <ul><li>Is this 'Context Delivery Architecure'? </li></ul><ul><li>Attributes? </li></ul><ul><li>Who you are, what you do, with whom, where and when, and with what... anything else? </li></ul><ul><li>TweakUI? </li></ul><ul><li>What You Need Is What You get. (WYNIWYG 2.0) </li></ul><ul><li>This is not a webpage. </li></ul>
  18. 20. Diagram (via Jeroen, Anoigo)
  19. 21. but first
  20. 22. success
  21. 24. or

×