Higgins ESE

924 views

Published on

Published in: Technology, Education
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
924
On SlideShare
0
From Embeds
0
Number of Embeds
16
Actions
Shares
0
Downloads
13
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Higgins ESE

  1. 1. ESE 2008: Higgins Markus Sabadello msabadello@parityinc.net 1: A species of Tasmanian long-tailed mouse 2: An open source identity framework being developed at the Eclipse Foundation
  2. 2. Higgins Identity Framework INTRODUCTION Copyright © 2008 Parity. Made available under EPL 1.0 2
  3. 3. Higgins Identity Framework Tries to 1) model and 2) create technologies for personal Identity on the Internet. Invents little, but implements existing standards. Copyright © 2008 Parity. Made available under EPL 1.0 3
  4. 4. Identity on the Internet Username, Password, Attributes… • Book club • eCommerce (e.g. Amazon, eBay) • Family • Social Networking (e.g. LinkedIn) •Banks • Professional networks •Mutual Funds • Dating networks •eGovernment • Healthcare System • Corporate Directories • Second Life • Croquet • WOW • SharePoint You 4
  5. 5. Each Identity in its own “silo” Username, Password, Attributes… • eCommerce (e.g. Amazon, eBay) • Book club • Social Networking (e.g. LinkedIn) • Family •Banks •Mutual Funds • Professional networks • eGovernment • Dating networks • Healthcare System • Corporate Directories • Second Life You • Croquet • WOW • SharePoint 5
  6. 6. Solutions • « Venn » of Identity: – OpenID – SAML – Information Cards • Goals: – Make life easier – …and more secure Copyright © 2008 Parity. Made available under EPL 1.0 6
  7. 7. End-users experience Higgins through the UI metaphor of Information Cards using an app called an Identity Selector Information Cards and selectors are just tip of the iceberg of what can be done with Higgins, but it’s a place to start… Copyright © 2008 Parity. Made available under EPL 1.0 7
  8. 8. Today you go from site to site filling in forms and passwords Websites… Type, type, type. Click, click. Here a password, there a password. Everywhere a password. Here a form, there a form, ... Copyright © 2008 Parity. Made available under EPL 1.0 8
  9. 9. Information Cards Put You in Control Each card is a slice of the digital you (or a friend of yours) held in some data silo. Any kind of information: your preferences, favorite songs, employee id numbers, This wallet-like thing is drivers licenses, affiliations, an app called an your health plan id, ...you Identity Selector get the idea, can be accessed using a card. Copyright © 2008 Parity. Made available under EPL 1.0 9
  10. 10. Identity Selector “Wallet” Click on a card to send it to a site Click Higgins is interoperable with Microsoft CardSpace™ shown here Copyright © 2008 Parity. Made available under EPL 1.0 10
  11. 11. i-cards Managed What someone (bank, government, etc.) says about you. Personal (aka self-issued) What you say about yourself. Relationship (under development) What you and Best Buy say about you right now. 11
  12. 12. Higgins Identity Framework DATA MODEL Copyright © 2008 Parity. Made available under EPL 1.0 12
  13. 13. Context Data Model (CDM) • Data sources are called Contexts – E.g. enterprise directories, social networks, RDF repositories • Contexts contain objects called Entities – Entities represent people, organizations, etc. • Entities have Attributes; Attributes have values • The core semantics of the model are based on RDF & OWL Copyright © 2008 Parity. Made available under EPL 1.0 13
  14. 14. Universal Data Identifiers (UDI) • Globally linked data – Higgins uses UDIs to point to Contexts, Entities and Attributes – UDIs may be globally resolved into a global object graph, others may be local • Different forms – URIs: http://dbpedia.org/resource/Berlin – XRIs: @parity*contexts/(+ldap) – Others Copyright © 2008 Parity. Made available under EPL 1.0 14
  15. 15. Universal Data Identifiers (UDI) Copyright © 2008 Parity. Made available under EPL 1.0 15
  16. 16. Higgins ARCHITECTURE Copyright © 2008 Parity. Made available under EPL 1.0 16
  17. 17. Architecture Identity Attribute Service Client Apps, Web Services, Web apps Identity Identity Selectors Identity Identity Identity Relying Selectors Providers Selectors Providers Parties Identity Services Identity Attribute Service Copyright © 2008 Parity. Made available under EPL 1.0 17
  18. 18. Extensible Identity Attribute Service IContext, IEntity, Identity Attribute Service (IdAS) IAttribute AuthnMaterials Plug-ins Google LDAP XML File RDF MySpace Contacts Key: IdAS Context Providers-Plugins Higgins 1.0 Connect to existing data sources Beyond Higgins 1.0 Copyright © 2008 Parity. Made available under EPL 1.0 18
  19. 19. Identity Attribute Service • The Context Data Model is implemented by the Identity Attribute Service • Abstraction Layer • IdAS API is implemented by Context Providers • Typical Usage: 1. Resolve a UDI to a Context 2. Open the Context with AuthnMaterials 3. Look up an Entity 4. Read/Write Attribute Values Copyright © 2008 Parity. Made available under EPL 1.0 19
  20. 20. Identity Attribute Service • Contexts, Entities, Attributes • Authentication Materials • Transactions • Filters • Access Control Copyright © 2008 Parity. Made available under EPL 1.0 20
  21. 21. Architecture Interoperability Points Client Apps, Web Services, Web apps Identity Identity Selectors Identity Identity Identity Relying Selectors Providers Selectors Providers Parties Identity Services Identity Attribute Service Copyright © 2008 Parity. Made available under EPL 1.0 21
  22. 22. Identity Selectors Cards and Tokens Flow Cards are generated and Tokens containing claim data downloaded from here. is requested and received here A local Token Service issues tokens as requested by Selector. Identity Selector Relying Party Website or App Browser Extension & Client App Identity Provider Cards are stored and selected here
  23. 23. Identity Selectors Cards and Tokens Flow Some Higgins Identity Selectors rely on a hosted I-Card Service component Identity Selector Relying Party Browser Extension & Client App Identity Provider
  24. 24. Higgins Identity Selectors Client Apps, Web Services, Web apps Identity Identity Selectors Identity Identity Identity Relying Selectors Providers Selectors Providers Parties Identity Services Identity Attribute Service Copyright © 2008 Parity. Made available under EPL 1.0 24
  25. 25. Identity Selectors • Firefox-embedded Selector (Javascript) • GTK / Cocoa Selector (C++) • Eclipse RCP Selector (Java) • Adobe AIR Selector • iPhone Selector Copyright © 2008 Parity. Made available under EPL 1.0 25
  26. 26. Adobe AIR Selector Copyright © 2008 Parity. Made available under EPL 1.0 26
  27. 27. iPhone Selector Copyright © 2008 Parity. Made available under EPL 1.0 27
  28. 28. iPhone Selector Copyright © 2008 Parity. Made available under EPL 1.0 28
  29. 29. Architecture Identity Providers Client Apps, Web Services, Web apps Identity Identity Selectors Identity Identity Identity Relying Selectors Providers Selectors Providers Parties Identity Services Identity Attribute Service Copyright © 2008 Parity. Made available under EPL 1.0 29
  30. 30. Architecture Relying Party Website Client Apps, Web Services, Web apps Identity Identity Selectors Identity Identity Identity Relying Selectors Providers Selectors Providers Parties Identity Services Identity Attribute Service Copyright © 2008 Parity. Made available under EPL 1.0 30
  31. 31. Higgins Identity Framework ADVANCED COMPONENTS Copyright © 2008 Parity. Made available under EPL 1.0 31
  32. 32. Relationship Cards Relationship Card What you and Best Buy say about you Copyright © 2008 Parity. Made available under EPL 1.0 32
  33. 33. Relationship Cards Human Friendly Data References Data object (called an Entity) • Card holds a UDI reference: – A Context that identifies a data source, and – An Entity within the context Copyright © 2008 Parity. Made available under EPL 1.0 33
  34. 34. Relationship Cards Data Location and Authority • Best Buy issued card • Entity is stored in Best Buy’s data center • Best Buy is authoritative over some attributes • You are authoritative over some attributes (e.g. street address) Copyright © 2008 Parity. Made available under EPL 1.0 34
  35. 35. Relationship Cards Data Model • The Entity is described by the Higgins Context Data Model • Can be accessed using the Identity Attribute Service Copyright © 2008 Parity. Made available under EPL 1.0 35
  36. 36. Other New Card Types • Username/Password Card – To log in to traditional un/pw sites • SAML Card (aka S-card) [maybe] – Uses SAML protocol to retrieve token • Idemix card (aka Z-card) [maybe] – Support for a new privacy-enhancing token type based on zero-knowledge proofs – Improved support for selective disclosure Copyright © 2008 Parity. Made available under EPL 1.0 36
  37. 37. Identity Attribute Service XDI Protocol Support • XDI Engine provides a new binding for the IdAS Service – Allows any/all attribute data managed by IdAS to be exposed as an XDI data service • XDI Context Provider – Allows IdAS to read/write XDI-native data sources Copyright © 2008 Parity. Made available under EPL 1.0 37
  38. 38. Higgins Identity Framework ORIGINAL PROJECT GOALS Copyright © 2008 Parity. Made available under EPL 1.0 38
  39. 39. Goals: 1 of 5 • Provide a consistent user experience based on card icons for the management and release of identity data • This is needed in order to have a trusted mechanism for authentication and other interactions that is less vulnerable to phishing and other attacks and that works for a wide variety of users and systems • See Higgins 1.0 Identity Selector Copyright © 2008 Parity. Made available under EPL 1.0 39
  40. 40. Goals: 2 of 5 • Empower users with more convenience and control over personal information distributed across external information silos • Provide a single point of control over multiple identities, preferences and relationships • See Higgins 1.0 Identity Selector Copyright © 2008 Parity. Made available under EPL 1.0 40
  41. 41. Goals: 3 of 5 • Provide an API and data model for the virtual integration and federation of identity and security information from a wide variety of sources • See Higgins 1.0 Framework Copyright © 2008 Parity. Made available under EPL 1.0 41
  42. 42. Goals: 4 of 5 • Provide plug-in adapters to enable existing data sources including directories, communications systems, collaboration systems and databases each using differing protocols and schemas to be integrated into the framework • See Higgins 1.0 Identity Attribute Service and Context Providers (plugins) Copyright © 2008 Parity. Made available under EPL 1.0 42
  43. 43. Goals: 5 of 5 • Provide a social relationship data integration framework that enables these relationships to be persistent and reusable across application boundaries • It organizes relationships into a set of distinct social contexts within which a person expresses different personas and roles • See Higgins 1.0 Context Data Model (CDM) Copyright © 2008 Parity. Made available under EPL 1.0 43
  44. 44. Higgins Identity Framework GET INVOLVED Copyright © 2008 Parity. Made available under EPL 1.0 44
  45. 45. How to get involved • Website: http://eclipse.org/higgins • Mailing List: http://dev.eclipse.org/mailman/listinfo/hi ggins-dev • IRC Channel: #higgins at Freenode • Interop Events: RSA, OSIS • Me: msabadello@parityinc.net Copyright © 2008 Parity. Made available under EPL 1.0 45
  46. 46. Higgins Identity Framework THANK YOU… Copyright © 2008 Parity. Made available under EPL 1.0 46

×