Note: Not verbatim or in exact order; any errors are mine alone.
We’re at the tipping point. But can we withstand success?
The emphasis must be on claims because it’s necessary to contemplate that aspects of a system may be suspect, corrupt, untrustworthy.
Goal: reusable identities which can cross boundaries.
Enterprise perimeters are under pressure, becoming permeable, as cloud computing, outsourcing etc reduce the costs of IT.
How to make applications available across boundaries, allow people into resources from the outside, take identity from one context and use it in another?
Identity federation components:
- Federation server – allow exchange of claims using SAML etc
- Framework – ubiquitous, consistent way to build apps that are claims-aware
- Infocard selectors – federation clients that put users in control. Home realm discovery, missing browser protocols.
Example – Microsoft’s Geneva, coming out in H2 2009, supports WS-Federation, WS-Trust, SAML 2.0, IMI standards, infocards; works with any federation software / service that supports these standards. No marginal cost with Active Directory which is widely adopted and deployed.
Cloud providers are adopting the same technology to exchange info – cloud identity federation gateways.
Platforms will have claims as built in feature; products will increasingly accept this infrastructure.
(Current standards are more enterprise focused. We may need more lightweight http / REST standards to emerge.)
(Added note: see the Information Card Foundation’s white paper “The Information Card Ecosystem: The Fundamental Leap from Cookies and Passwords to Cards and Selector” (abstract) for a good overview of the joint industry initiative to “advance the use of the Information Card metaphor as a key component of an open, interoperable, royalty-free, user-centric identity layer spanning both the enterprise and the Internet”. Launch FAQ.)
The framework is in place but there are non-technical hurdles such as untested business models, and governance & legal frameworks – a real barrier; we must try to get templates / mechanisms so it’s not so expensive to set up digital relationships.
User acceptance will gate success. End user acceptance is king. They must use it and want to use it – know and understand the paradigm, that the technology is safe and will survive adoption (e.g. scale as the numbers of ID providers and relying parties increase). User acceptance has to include acceptance of developers to work in the area.
Application developers are only beginning to understand how claims can benefit them. It’s important to get developers to make supporting products – they won’t if things are silo’d. There are opportunities for related products – tokens etc.
Privacy and security
Importance of privacy & security – impact of personalised marketing, breaches if technological choices are not right.
Multilateral security – the 3 biggest threats are:
- insider attacks
- social engineering
- organised crime.
Connecting systems is good, sharing vulnerabilities is bad.
Systems should fundamentally distrust systems with which they interact – build systems on the assumption that there will be breaches, and figure out how to limit the damage.
“Need to know” internet – minimal disclosure is fundamental in a federated world. Release as little as possible.
The military is the primary adopter of such technologies – learn from them.
It should be the minimum needed for the process at hand – notion of proportionality.
Example: go to site, prove your age; use the same ID token and card, but only release gender and the fact that you’re over 21 (not exact age). But it’s verifiable, not anonymous.
“Common sense” is not good enough. We need to debug self evident fallacies, and go forward on the basis that:
- Privacy is not opposed to security – it is a precondition of multilateral security.
- Identifying the masses is not likely to identify professional criminals, who already know how to get around it. Identification will be most useful for non-criminals and is not a panacea.
- We can prove we are not on (or on?) a list without revealing who we are.
- We can audit without creating privacy and security vulnerabilities.
We need a framework for raising understanding of what is achievable – see the paper proposing a common identity framework: a user centric identity metasystem coauthored by Kim Cameron, Dr. Kai Rannenberg and Dr. Reinhard Posch.
©WH. This work is licensed under a Creative Commons Attribution Non-Commercial Share-Alike England 2.0 Licence. Please attribute to WH, Tech and Law, and link to the original blog post page. Moral rights asserted.