Identity Management. Rolf Blom Ericsson Research

Transcription

1 Identity Management Rolf Blom Ericsson Research

2 Identity Management Agenda What is a Digital Identity Why Identity Management Identity Management Roles and technology User attitudes User Requirements Standardization Ericsson AB (21)

3 Digital Identity What is it? Identity A set of claims someone makes about a principal(/person) (All) attributes related to a principal Digital Identity Linking real world attributes with cyber world identities Public identities Private identities Ericsson AB (21)

4 Digital Identity Types of attributes Identifiers allow us to refer to the identity Authenticators are issued by a relevant authority and allow us to determine the legitimacy of someone s claim to the identity Authorization used to establish the permission for the identity to do something. Preferences used to personalize service delivery Location, etc Example attributes Name Credit card numbers Social security number Bank ID Employee Card Smart Card / *SIM Passwords Bank services Employee authorization Drivers license Web access rights Notification preferences Entertainment preferences Location Business calendar Ericsson AB (21) 1

5 Identity Management Why User Convenience & Control Single Sign On -- Password fatigue Single Sign On Personalized services (Attributes) Limited data entry capabilities (small screens, small keypads) Privacy e-business Simple interfaces for service access and use. Controlled access to user data. Standardized business interfaces Government Trends e-government Privacy regulations Identity Theft Ericsson AB (21)

6 Identity Management Roles, SSO & Attribute sharing Circle of trust 1. Identity Provider Principal (Client) 2. n. SP SP Service SPSP Provider Attribute provider Ericsson AB (21)

7 Identity Providers and Technology mqgibefiuucrbacgdnz4hzzxwfidzwyvbchxgjv+dgxc/kei9fdp3f9ujxorz22k JFtF6n1r1+VNGYhnUlBUAgbnl1cQNSBKqVfRDSYY8kBcKHIGE+rS7WGPoKIhjGdE 7vZgZq0Bw4xWu4IEyElkEnpq3od2q/ImdEOyUNf3xSMoXsrJFI2rfdi6rwCg/TMO YwEd4hFqC8EwApb/WPKATNcD/2pwlcrTV98O2GWCYQIkRFFdFjFNHa8ZcNkJFzCW 84YAN44F+b90nsejLXr5YcB+HtbqT93nxjHlhNRvxNd8Rbu2Yx8iFtI1tmcpoujN MK9whkAyXX6adRTfKHfz612Qq9B9KEfZoZSyszT1MZX5ev9Ch5is4hqC1wbv/JG7 DFBkA/sEeqMqM0TUuS/7eszt7bS4kg7ZQWcxTBALyBcFNh1zWOE7VOXT9pCyHxzi X6VtSsUAE1Db4vYTE4zO6R/UWIU4YOTFWL8hn0IGrJHUQEBKS59yR1LghC5YWSj8 mxd9yglknm88dzpra2otyupzqhnke/4bh4dioqzmfmtx2y+mibqkum9szibcbg9t IDxyb2xmLmouYmxvbUBlcmljc3Nvbi5jb20+iFsEExECABsFAkFiuUcGCwkIBwMC AxUCAwMWAgECHgECF4AACgkQH2qQlrPcC6hCIgCgtY4JxxClKnc+yufY63hupSK7 O40An11N2UR2oJUbVJTzQ6TXsoiDC+nUuQHNBEFiuVMQBwDzol4NeFmzc4BsHhZu KcnsCTwEXJWwI/hMCaRvLAVttzhg2T9TrxBmk9h5XV8Rrjg3B1lzJVuBWF8QO9J3 gqvnv4qlmwew4sls1j1z/eleaczsy1falv69newmaffua7mjki8w+b1dw4ngnyji PAKf2orAPhlDWd2TPxiqiP9EMtpqD7iuEoOkKvJRkC7sW2gy0H1IQHDuXIf16e0N OejPVNLAdt621IB6G5zg1OsoLZroCRrREu1vNwO4aHYeZG86ov/41gbX7Ef6ZVNY KcFgKiYu4D6GcdB578ttnj10gwADBQcAhcg3Klw0Up7pkzj2HmfCvSpLDBJP715v nq+tk2e9bjuufhx0qnch2kd0f8usc347l9slyvjcav1xqflaojct4mdypfxhcigi IYgP8jQe703EnifER5A4DjJBuG1bxcROer6VItGjP1GloxxMsH+P9QZGP+Ln3JAe GrJFPVTRUegHAKS/RKu2LMIcaKxIq7hmqXlfWzYZL9wajqspnU0qtguARZJVNQbH bohphnd4kl4y2onnxriezbtxogtxgqp/ybsdfjlqnv8czmkyu+heoxhbywsli6dz 9xX04RzjvjKIRgQYEQIABgUCQWK5UwAKCRAfapCWs9wLqM0RAKDVgN8nRgf61f4H 3qxE/7enTyv9XQCfc1fBwbvOZlStvwuYDoGLRcPe/sc= Government PKI Banks PKI OTP Mobile Op. *SIM Enterprise Employees OTP Enterprise Customers PW Ericsson AB (21)

8 User attitudes An Ericsson Consumer & Enterprise Lab Investigation An investigation on user attitudes towards Digital Identity Management and different Identity Providers Ericsson AB (21)

9 One Identity Provider Mobile phone operator; Identity token in mobile phone Incorporating one s ID into the mobile. The SIM would be the ID s support, the element where all data are stored. It will be placed inside the handset, so that the phone itself serves as the container. Ericsson AB (21)

10 One Identity Provider Other identity provider; Other identity token As a necklace......or as a card. The user ID would be in a token, but it will be stored outside the phone on a necklace, or a card in one s wallet. The identity token becomes independent and loses its link with the mobile phone. Ericsson AB (21)

11 Multiple Identity Providers Independent Identity Providers; Different identities for different roles such as personal, commercial, entertainment would be stored separately in one or more identity tokens For instance, like different keys on a key chain. Ericsson AB (21)

12 User Requirements Conclusions Many identities Identity should match context Many Identity Providers Identity Provider should match context Usability Consistent appearance across contexts User control Release of attributes with minimal disclosure for defined use. Choice of Identity Provider for given service Privacy Unlinkability Anonymity Ericsson AB (21)

13 User interface Microsoft proposal Ericsson AB (21)

14 Standardization Liberty Alliance SSO, Attribute sharing User control, Privacy OASIS Web Services Security SAML (Liberty SSO) A toolbox OMA (Open Mobile Alliance) Liberty Web Services 3GPP GBA (Generic Bootstrapping Architecture) *SIM based IETF Protected OTP (EAP method) Microsoft Web Services Security Identity Meta System Ericsson AB (21)

15 The end Questions? Ericsson AB (21)

16 Ericsson AB (21)

17 The Laws of Identity User control and consent Minimal disclosure for a defined use Justifiable parties Directional Identity Pluralism of operators and technologies Human integration Consistent appearance across contexts Join the discussion at Ericsson AB (21)