pki, idm, & federations
DESCRIPTION
PKI, IdM, & Federations. Triumvirate for Security with Privacy David L. Wasley net@edu 2006. Outline. Why PKI Why identity management Why identity federations Why am I saying this?. What’s the problem?. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: PKI, IdM, & Federations](https://reader036.vdocument.in/reader036/viewer/2022083007/568140a1550346895dac59f8/html5/thumbnails/1.jpg)
PKI, IdM, & Federations
Triumvirate for Securitywith Privacy
David L. Wasley
net@edu 2006
![Page 2: PKI, IdM, & Federations](https://reader036.vdocument.in/reader036/viewer/2022083007/568140a1550346895dac59f8/html5/thumbnails/2.jpg)
Outline Why PKI Why identity management Why identity federations Why am I saying this?
![Page 3: PKI, IdM, & Federations](https://reader036.vdocument.in/reader036/viewer/2022083007/568140a1550346895dac59f8/html5/thumbnails/3.jpg)
What’s the problem? We need to manage access to certain
resources for our campus communities within & across organizations
We need to protect privacy We need to do this with sufficient
reliability We need this to scale
![Page 4: PKI, IdM, & Federations](https://reader036.vdocument.in/reader036/viewer/2022083007/568140a1550346895dac59f8/html5/thumbnails/4.jpg)
Why PKI PKI supports reliable, trustworthy digital
credentials Issued by a trusted authority Difficult to forge Difficult to “share” if on a smart-chip device
Also supports Document security, e.g. encryption Document validation, e.g. digital signatures
![Page 5: PKI, IdM, & Federations](https://reader036.vdocument.in/reader036/viewer/2022083007/568140a1550346895dac59f8/html5/thumbnails/5.jpg)
Why identity management Appropriate access management can
require different reliable information about individuals
What an organization needs to know about an individual is context specific
A rich set of information is hard to manage while maintaining policy and privacy
![Page 6: PKI, IdM, & Federations](https://reader036.vdocument.in/reader036/viewer/2022083007/568140a1550346895dac59f8/html5/thumbnails/6.jpg)
Why identity federation
Separates the meaning of a credential from the identity associated with it
Allows authoritative source to assert up-to-date identity information about a user
Streamlines user experience across a wide variety of resources
Can protect privacy by releasing only what information is appropriate & allowed
![Page 7: PKI, IdM, & Federations](https://reader036.vdocument.in/reader036/viewer/2022083007/568140a1550346895dac59f8/html5/thumbnails/7.jpg)
Triumvirate Credential asserts
binding between physical person and identity information
Identity Management ensures trustworthy information
Identity Federation supports privacy and appropriate access
![Page 8: PKI, IdM, & Federations](https://reader036.vdocument.in/reader036/viewer/2022083007/568140a1550346895dac59f8/html5/thumbnails/8.jpg)
To Buy or Build PKI Devil is in the details, e.g. -
Do you requiring broad distribution of a Trust Anchor? Do you require flexibility and generality in your PKI?
Minimizing the need for inter-organization PKI trust can affect the build/buy choice PKI “policy” is based on local business rules Federation rules and, where needed, bilateral
agreements define trust for IdP and SP
![Page 9: PKI, IdM, & Federations](https://reader036.vdocument.in/reader036/viewer/2022083007/568140a1550346895dac59f8/html5/thumbnails/9.jpg)
What’s the real problem We haven’t yet made it usable by the
average person We’ve insisted on a complex trust model Slow adoption discourages vendors
and results in awkward workarounds Some potential uses do not yet have
complete standards
![Page 10: PKI, IdM, & Federations](https://reader036.vdocument.in/reader036/viewer/2022083007/568140a1550346895dac59f8/html5/thumbnails/10.jpg)
What needs to be done Every computer should be able to read any
smart-chip device (at least of a given type) Standards are needed (these are emerging) Biometric PINs might be nice ...
Every O/S needs crypto API (this is happening) User interfaces need much improvement
and users need better education and training Functions need to be standardized Federation technology needs to be used ...