Download Slide

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
Document related concepts

URL redirection wikipedia , lookup

Transcript 
www.incommon.org
A View into the Mi$t
RL "Bob" Morgan
University of Washington
Co-chair, InCommon Technical Advisory Committee
1
www.incommon.org
The 2 Poles of Identity
Accountability
Expression
www.incommon.org
Big Data: Whose Data?
www.incommon.org
Consumer-scale
• Number of Google Apps domains: 2 million?
• Number of Facebook Connect RPs: 3 million?
• An inconvenient truth: the consumer web is
supported by the aggregation, processing, and sale
of the personal information of billions of people.
• Consumerization of web identity technology driven by
consumer services industry
www.incommon.org
NSTIC Vision and Strategy
• Individuals and organizations utilize secure, efficient,
easy-to-use, and interoperable identity solutions to
access online services in a manner that promotes
confidence, privacy, choice, and innovation.
• An Identity Ecosystem of solutions that are
– privacy-enhancing and voluntary
– secure and resilient
– interoperable
– cost-effective and easy to use
• Public/private partnership
www.incommon.org
NSTIC Operations and Governance
• NSTIC Steering Group
– promote creation, maintenance of Identity Ecosystem consistent
with Strategy
– privately-led, all stakeholders represented
– promote standards adoption
– accredit ecosystem components
– bids out now for secretariat organizations
– forming of Steering Group may involve some ... politics
– will it rule a realm that anyone is interested in?
www.incommon.org
Open Identity Exchange - OIX
• Formed in 2009 as federation for consumer IdPs
– participating in FICAM TFP certification
• Now supporting general Trust Framework development
• Representing industry in NSTIC deliberations
• Offering alternative views on ecosystem ...
• Attribute Exchange Network WG
– create trust framework for AX, policies and tech pilots
– separate IdPs from Attribute Providers, via brokers
– support monetizing providing of attributes, brokering
www.incommon.org
A World of Web Services
• A WWW of browsers -> a world of software
• Every web/cloud-based company has "API"
• Design patterns emerge: REST, JSON, OAuth
www.incommon.org
OAuth 2.0
• Authorization or "valet key" protocol
– eliminate "password anti-pattern": web sites asking for your
password to act as you to get to your stuff
– you ("resource owner") authorize something ("client") to access
your stuff ("resources") somewhere ("server")
– client can be web app, desktop/phone app, JS in browser
– right-to-access represented as access token
• Right to access ... what?
– very easy for user to grant access to gmail inbox, say, to many
sites/apps
– limited scopes? who wants to have limits?
www.incommon.org
OpenID Connect
• OpenID 1.0 (2006) promoted simple, web-based SSO
– a little too simple, too geeky, too idealistic
• OpenID 2.0 (2008) better, more complex
– widely deployed by consumer IdPs, not so many SPs,
not very interoperable, generating proxy industry
– large consumer IdPs became only IdPs ...
• OpenID Connect (2012)
– focus on simplicity for SPs; based on OAuth 2.0;
supports data channel
– finally FTW? supported by all the big (consumer) players
still consumer-IdP focused: bilateral, no metadata (yet)
www.incommon.org
Account Chooser
• OpenID Foundation project (formerly Google)
– "An open standard and interface guidelines for the next
generation of web sign in"
– provide transition-from/coexistence-with local signon and
federation; easy to deploy JavaScript
– visual representation of accounts, handle multiple accounts per
client machine; protocol-agnostic (OIDC, SAML, other)
– similar to work in federated space: ULX, DiscoJuice
– could support federated IdP discovery/search? Could ...
– best experience depends on centralized service ...
www.incommon.org
www.incommon.org
UMA
• Kantara initiative project to support controlled sharing of
personal info: person-self, person-other, person-org, in a
fully multi-lateral way
• element (perhaps) of "personal data ecosystem"
• driven by many use cases
– consumer sharing (e.g. photos, calendar)
– health/financial personal data management
– employer/employee data sharing
• profile, extension of OAuth2
• open-source implementations; any deployments?
www.incommon.org
www.incommon.org
Brave New World?
• Web service access will happen ... via OAuth
– and be enabled in the context of existing federation;
OAuth2 includes spec for SAML tokens
– develop enterprise OAuth infrastructure services,
OAuth support in federations, use in apps e.g. LMSes
• More use of, integration with consumer identities
– HE already good at providing attributes ...
• HE/VO support of "personal" data management
– combine user and institutional control?
– will involve consumer services, will still require community-based
trust, standards (Net+, yes!)
Related documents
No Slide Title
No Slide Title
i2 dcn dragon
i2 dcn dragon
The Climate Lab
The Climate Lab
GO 1_1 Biodiversity Introduction 1
GO 1_1 Biodiversity Introduction 1
Ecology Ch 3
Ecology Ch 3
課程PTT下載
課程PTT下載
Climate Change: Global Risks, Challenges and Decisions
Climate Change: Global Risks, Challenges and Decisions
The Various Challenges in Urban Ecosystem Research
The Various Challenges in Urban Ecosystem Research
Ecology/Botany with
Ecology/Botany with
All the living and non-living things in an area
All the living and non-living things in an area
The importance of ecosystems
The importance of ecosystems
Meadow Food Web, Ecology pp
Meadow Food Web, Ecology pp
jeopardy Unit 1
jeopardy Unit 1
Interactions and Ecosystems Review JEOPARDY
Interactions and Ecosystems Review JEOPARDY
Open_Id
Open_Id