Relationship Cards Iiw Nov 3 2009

1,991 views

Published on

Relationship Card Presentation at IIW.

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

Relationship Cards Iiw Nov 3 2009

  1. 1. From Information Cards to Relationship Cards IIW IX November 3, 2009 Paul Trevithick, paul@azigo.com
  2. 2. The Problem <ul><li>I have too many accounts and passwords </li></ul><ul><li>My personal information is spread all over the web </li></ul><ul><li>I have no way to control my digital footprint </li></ul><ul><li>Information about me (esp. social networks) isn’t portable </li></ul><ul><li>I have security and privacy concerns with today’s “cookie” model </li></ul>
  3. 3. Missing Identity Layer <ul><li>Controlled by the individual </li></ul><ul><li>Trusted, cloud-based, available anywhere </li></ul><ul><li>Synchronizes all of my identities, profiles and social networks </li></ul><ul><li>Gives me more control over updating and who has access to my own data </li></ul>Identity Layer
  4. 4. Higgins <ul><li>Began in 2003 in affiliation with Harvard’s Berkman Center </li></ul><ul><li>Invited to join the Eclipse Foundation in 2004 </li></ul><ul><li>IBM, Novell, and others contributed a dozen senior developers during 2005-2007 </li></ul><ul><li>Google and Oracle began contributing in 2007 </li></ul><ul><li>Higgins 1.0 was released in 2008 </li></ul><ul><li>Higgins code is part of commercial products from Novell, IBM, Google, Serena, Azigo, and others. </li></ul><ul><li>Higgins 1.1 is planned for Q1 2010 </li></ul><ul><li>http://higgins-project.org </li></ul>
  5. 5. Card Metaphor <ul><li>Information Cards –a digital version of the cards you carry in your purse or wallet today </li></ul><ul><li>You use them with a new kind of digital wallet called a selector </li></ul>
  6. 6. Act I: Regular Information Cards
  7. 7. Information Cards & Claims Data Portability: profile & social networking attributes are made portable by referencing them on Information Cards Any kind of information: your preferences, favorite songs, employee id numbers, drivers licenses, affiliations, your health plan id, etc., can be on a card. Cards from multiple sites are managed in a local Card Selector application (Microsoft CardSpace™ or Azigo™ or Novell DigitalMe™)
  8. 8. Card-based Login Click Higgins is interoperable with Microsoft CardSpace™ shown here
  9. 9. Card Types <ul><li>Managed </li></ul><ul><li>What somebody else says about you </li></ul><ul><li>Name </li></ul><ul><li>Address </li></ul><ul><li>Date of Birth </li></ul><ul><li>License number </li></ul><ul><li>Personal </li></ul><ul><li>What you say about you </li></ul><ul><li>Name </li></ul><ul><li>Gender </li></ul><ul><li>Like to rock climb, fly fish, mountain bike, play piano </li></ul><ul><li>No kids </li></ul><ul><li>Profession: Medical doctor </li></ul>
  10. 10. Actors A U r P p Identity Provider Relying Party User R
  11. 11. Personal Card A U r P p R Personal Card has
  12. 12. Personal Card: Data Flow A U r P p R Personal Card
  13. 13. Managed Card A U r P p R points to token generator Managed Card has
  14. 14. Managed Card: Data Flow A U r P p R points to token generator Managed Card has
  15. 15. Managed Card: Alice goes to site A U r P p R
  16. 16. Managed Card: Selector retrieves policy A U r P p R Required and Optional Claims
  17. 17. Managed Card: Display cards that match policy A U r P p R
  18. 18. Managed Card: Alice selects a card A U r P p R
  19. 19. Managed Card: Auth to IdP A U r P p R
  20. 20. Managed Card: Generate token A U r P p R
  21. 21. Managed Card: Browser sends token A U r P p R Set of Claims
  22. 22. Managed Card: Validate token A U r P p R
  23. 23. Managed Card: Alice accesses resource A U r P p R
  24. 24. Card-based Login Benefits <ul><li>Per-site passwords are eliminated </li></ul><ul><li>Strong anti-phishing protection </li></ul><ul><li>Site declares what claims it needs or desires </li></ul><ul><li>User reviews and consents to all release </li></ul><ul><li>Privacy enhancing minimal disclosure </li></ul>
  25. 25. Regular Cards <ul><li>Manual </li></ul><ul><li>Static “one shot” </li></ul><ul><li>Read only </li></ul><ul><li>Uni-directional </li></ul>
  26. 26. Act II: Relationship Cards
  27. 27. Personal Data Agent <ul><li>The agent is the advocate of the consumer/patient/citizen </li></ul><ul><li>Gives data ownership back to the individual </li></ul>Personal Data Agent Browser Add-on Permissioned data sharing
  28. 28. Relationship Cards: Sending a pointer claim value over the front channel A U r P p R Set of Claims & Ptr
  29. 29. Personal Relationship Cards: Sending a pointer over the front channel A U r P p R Set of Claims & Ptr Personal R-Card points to data has
  30. 30. Personal Relationship Cards: User managed data channel A U r P p R Any protocol
  31. 31. Managed Relationship Cards: Sending a pointer over the front channel A U r P p R Set of Claims & Ptr has Managed R-Card
  32. 32. Managed Relationship Cards: User managed data channel A U r P p R Managed R-Card has Kantara UMA Access Manager control control control Any protocol
  33. 33. Relationship Cards <ul><li>Manual  Automatic </li></ul><ul><li>Static “one shot”  Continuous </li></ul><ul><li>Read only  Read/Write </li></ul><ul><li>Uni-directional  Bi-directional </li></ul><ul><li>… data channels managed by the user </li></ul>

×