This is from the SD Forum on Interoperability January 31, 2006.
Prateek Mishra – Oracle
What is the identity problem?
It is stuck in a few places at employwer, bank and you want to
how does your identity get from your identity provider – the places were you have defined your identity to all these business processes and services.
We want to do this across the internet. There is the protocol piece – we know how to transmit identity from point a to point b this is solved…
Governence models how to transfer identity in trusted ways from point a to point b. Folks like Liberty Alliance have white papers and frameworks for this. This is a non-trivial problem. How you maintain and create governance?
How do you have normal folks sitting at their computers manage their identities in intuitive ways. How do they have a tool
Identity is stuck it wants to be free.
Protocol – Token Representaiton – solved
Governence and Infrastructure – somewhat solved
How does a person leverage these multiple identities?
Kim Cameron – fan of SAML and Liberty
As we move to more interconnected set of systems we need an identity layer. When you have an architectural whole of this magnitude you have a huge number of kludges.
Meta System
Users have no way of predicting how they should work – knowing when they are in danger.
old days fighting over token rings vs. ethernet – we got TCP/IP that encapsulated both.
We need a metasystem (I got a tiny bit distracted here, sorry. So the transcription is not perfect)
Karen Wendel, Identrus
Metasystem – single interface from an identity perspective.
Everyone has a visa card – that folks each having a card for each store. The industry would be stuck without interoperable.
Rules used consistently throughout the world.
VISA would take responsibility for legal, technical and policy issues.
Identrus was owned by the banks. Your identity will be given to you. It takes responsibility around the policy stuff. Legal aspects of your identity – dispute resolution. Liability of relying party who maintains it and lifecycle. We run this network and commonality on global basis.
(from there website) Identrus provides the global standard for identity authentication.
As communications expand and the world shrinks, knowing who’s who in the electronic universe becomes vital.
Identrus offers a full range of technology and services that support every aspect of safe eTransactions.
Rena Mears, Deloitte
Access – from a privacy point of view is different from access from a security point of view
Assertions and Claims are different
Kim Cameron..
Claims are assertions which are in doubt
everything being claimed has to be doubted so we can establish trust.
They considered using Claims but it would have become SCML (scammel)
It is to the benefit to the SAML make things secure in the browser. Shibboleth the hardest thing is home site discovery – infocards visual representation and
pick one of the 5000 higher education institutions…
or pick ‘your’ university identity.
Identrus: This is what we would call an identity provider.
Kim:
SAML is the transport language
SAML is used between a portal and services to the portal.
I propose we have new ways of the user authenticating to the portal.
The systems still exist.
Karen:
What constitutes and identity and the needs for security.
How does language play in this space – there are a lot of different models – identity is not the same as authentication or security.
problem blending identity and security – PKI
you get these people
Kim:
anyone who works with a protocol they get infected by the protocol and their vision blurs and and narrows.
We need more fanatics about protocols
Identrus:
one of the challenges for us as a community – identity does more then authenticate – sign things and create legal contracts – engage in business transactions, incur liability and regulatory transactions.
you can’t look at the papers and not see an inherent relationship between identity and security.
Rena:
Who has stepped up to be the binder of identity to the individual.
Prateek:
there is not such thing as single monlithic identity
there are multiple notions of identity useful for different contexts
Shibolith context higher education
Identrus is a context and a governance model
We like Infocards if we could use it when we get to the line in the spec it says Identity provider discovery – out of band
authentication is out of band for SAML
Karen:
everyone is bound by
the bank that issues the identity to the person
the bank binds to the person – labile to up to 10 million dollars
issued within all the legal requirements
there all these pockets of identity – the level of binding – between issuer and relying party – it does not transfer through the bridge structure.
A lot of the federated model you don’t have that level of binding between the parties.
We will work with the bridges and it is a different element.
Kim:
The government – thinking of itself as the ‘binding’ authority – reasons for relative autonomy.
Belgium a national identity card – but no card readers
One group was the association of mayors – they were now being asked to sign their legal documents with their individual citizen identity – they used to sign their documents with a stamp of their office – we must think of roles.
Kim:
The issue is PRIVACY.
the characteristics that really respects privacy are the characteristics of a system that really is difficult to penetrate.
All of the identity issues – any initiative that takes this forward we should all applaud.