Fundamentals of Federated Iden0ty Infrastructure

Transcription

1 Fundamentals of Federated Iden0ty Infrastructure Sal D Agos0no IDmachines LLC

2 Federate fed er ate Verb past tense: federated; past participle: federated ˈfedəәˌrāt/ 1. (with reference to a number of states or organizations) form or be formed into a single centralized unit, within which each state or organization keeps some internal autonomy. "In 1901 the six colonies federated to form the Commonwealth of Australia" synonyms: confederate, combine, unite, unify, merge, amalgamate, integrate, join (up), band together, team up "several tribes federated in an alempt to stem the 0de of white colonial expansionism" October 2013 IDmachines - Smart Card

3 Federa0on [ˌfɛdəˈreɪʃən]n 1. the act of federa0ng 2. (Government, Poli0cs & Diplomacy) the union of several provinces, states, etc., to form a federal union 3. (Government, Poli0cs & Diplomacy) a poli0cal unit formed in such a way 4. (Government, Poli0cs & Diplomacy) any league, alliance, or confederacy 5. a union of several par0es, groups, etc. 6. any associa0on or union for common ac0on October 2013 IDmachines - Smart Card

4 La0n and Indo- European roots Foederre, foedert-, to ra'fy an agreement, from foedus, foeder-, league, treaty; see bheidh- in Indo- European roots. The words descended from bheidh- include verbs meaning to bide, abide, expect, confide, await, trust, have confidence in, request, compel, expect, endure, promise, and so on, and also in nega0ve forms to distrust, challenge, dare someone, trouble, hurt, prevent, oppress, cause pain, and so on. As adjec0ves, the meanings of the derived words include guilty, distrusaul, unbelieving, faithful, faithless, pagan. As nouns, the derived words mean abode, delay, confidence, fidelity, treachery, disloyalty, expecta0on, faithfulness, perfidy, trouble, misfortune, misery, hardship, necessity, confederate, oath, damage, injury, faith. hlp://wri0ng- arts- blog.northwestern.edu/tag/indo- european/

5 Federated Governments and Networks

6 Network Federa0on A Federa2on is mul0ple compu0ng and/or network providers agreeing upon standards of opera0on in a collec0ve fashion. The term may be used when describing the inter- opera0on of two dis0nct, formally disconnected, telecommunica0ons networks that may have different internal structures. [1] The term may also be used when groups alempt to delegate collec0ve authority of development to prevent fragmenta0on. In a telecommunica0on inter- connec0on, the internal modus operandi of the different systems is irrelevant to the existence of a federa0on hlp://en.wikipedia.org/wiki/federa0on_ %28informa0on_technology%29

7 More than..

8 Windows 2012 Windows Server 2012 Federated Single Sign On hlp://technet.microsok.com/en- us/library/dd aspx

9 Evolve in many shapes and stages hlp://evan.prodromou.name/files/sxsw2012/sxsw2012.html

10 Federal Bridge

11 Again

12 Levels of Assurance hlp:// to- rest- assured/

13 Levels of Assurance hlps:// Week- in- Iden0ty- - Killing- IAM- in- Order- to- Save- It.html

14 Lifecycle Assurance and Federa0on October 2013 IDmachines Smart Card Alliance 12th Conference Workshop

15 Kantara IAF Overview Kantara IAF Glossary Kantara IAF Levels of Assurance Kantara IAF Assurance Assessment Scheme Kantara IAF Service Assessment Criteria Kantara IAF Assessor Qualifica0ons and Requirements Kantara IAF Rules Governing Assurance Assessments Trust Framework Provider to Accredit Assessors and Approve CSPs at Levels 1, 2 & non- crypto Level 3 under the Open Iden0ty Solu0ons for Open Government program. The Iden0ty Assurance Framework (IAF) was developed with input from members of the global financial services, government, healthcare, IT and telecom sectors. The Iden0ty Assurance Framework describes the 4 Assurance Levels and Service Assessment Criteria which a Creden0al Service Provider (CSP or IdP) would be assessed against to become Kantara Ini0a0ve Service Approved.

16 InCommon, operated by Internet2, provides a secure and privacy- preserving trust fabric for research and higher educa0on, and their partners, in the United States. InCommon operates an iden0ty management federa0on, a related assurance program, and offers cer0ficate and mul0factor authen0ca0on services. 258 subscribers to the InCommon Cert Service hlps://incommon.org/

17 The mission of REFEDS is to be the voice that ar0culates the mutual needs of research and educa0on iden0ty federa0ons worldwide. The group represents the requirements of research and educa0on in the ever- growing space of access and iden0ty management, working with and influencing the direc0on of organisa0ons such as Kantara, OIX and Iden0ty Commons on behalf of our par0cipants. hlps://refeds.org/about.html

18 The Open Iden2ty Exchange (OIX) is a non- profit trade organiza0on focused on internet iden0ty solu0ons. OIX is a "team of rivals", with a membership of industry players represen0ng a cross- sec0on of private and public sectors e.g. the internet (Google, PayPal, etc.), data aggrega0on (Equifax, Experian, etc.), telecommunica0ons (AT&T, Verizon, etc.) and government (UK Cabinet Office). The OIX's goal is to enable the expansion of online services and adop0on of new online products through the development and registra0on of trust frameworks and sharing of domain exper0se, joint research and pilot projects to test real- world use cases. OIX is building OIXnet, an authorita0ve registry for online iden0ty trust to enable global interoperability among iden0ty federa0ons. openiden0tyexchange.org

19 Trust Frameworks Enable Federa0on

20 Federa0on BLT Business Have to have a reason Legal Need a common legal understanding and recourse Technology Needs to address usability and security (maybe) Can leverage standards to achieve network effect

21 Standards to help

22 Ques0ons