Distributed Systems Application Architecture

1
(No Transcript)
2
Epstein
Eve

• Executive Editor, CTO MediaInfoWorld

3
(No Transcript)
4
Pugh
Simon

• VP, Standards InfrastructureMasterCard
• Member of the Management Board of the Liberty
  Alliance

5
Overcoming Weak Security Strategies and the
Role of Identity Management
6
Agenda

• What is identity and network identity?
• Passport, the Liberty Alliance and Federation
• Alliance Mission and Objectives
• Adoption Highlights
• Q A

7
What Is Identity?

• An identity consists of traits, attributes, and
  preferences upon which one may receive
  personalized services. Such services could exist
  online, on mobile devices, at work, or in many
  other places.

8
Who Owns Your Identity Customer and Employee
Views

• Think about how many cards you have in your
  wallet or purse each is a separate identity
• Drivers license, credit cards, ATM cards, auto
  insurance cards, motor club cards, membership
  cards, long distance cards, frequent flyer or
  hotel cards, etc.

9
What is Network Identity?

• A Network Identity is
• a users overall global set of attributes
  constituting
• their various accounts

10
What Are the Challenges of Managing With Network
Identity?
Multiple, disconnected
identities scattered across isolated Internet
sites

• User Name John Smith
• Email jsmith2_at_freemail.com
• PIN js_at_abc.com

• Inconvenient and frustrating
• for users

• Credit card number
• Social security number
• Drivers license
• Passport

• Distributed identity-services are not possible

• Entertainment preferences
• Notification preferences
• Employee authorization
• Business calendar
• Dining preferences
• Education history
• Medical history
• Financial assets

• Continual re-authentication to disparate systems

10
11
Agenda

• What is identity and network identity?
• Passport, the Liberty Alliance and Federation
• Alliance Mission and Objectives
• Adoption Highlights
• Q A

12
Liberty Passport Comparison
How do Liberty Alliance and Microsoft Passport
Contrast and Compare?

• Microsoft Passport is a product/service
  supported by one company
• Uses a global PUID (Passport User ID) for
  authentication
• Limited flexibility in authentication methods
  (i.e. user name/password)
• Microsoft has committed to Kerberos and to
  support SAML

• Liberty Alliance is providing specifications
  supported by many companies
• Offers a non-repeating unique identifier for
  authentication
• Does not dictate authentication method (i.e.
  biometrics, smartcard, etc.)
• Liberty Alliance has committed to use SAML, and
  can also support Kerberos

13
Centralized Model

• Network identity and user information in single
  repository
• Centralized control
• Single point of failure
• Links similar systems

14
Open Federated Model

• No centralized control
• No single point of failure
• Network identity and user information in
  various locations
• Links similar and disparate systems

15
Evolution of Federated Network Identity
Seamless Access Across all Networks
Separate Cards with Each Bank
Linked Cards within Bank Networks
16
Network Identity Circles of Trust
CarRental
John Smith
Johnny
John Smith
CarRental
Bank
Bank
CarRental
Bank
Airline
Airline
Bank
Airline
Airline
J Smith
J Smith
Hotel
CarHire 2
17
Agenda

• What is identity and network identity?
• Passport, the Liberty Alliance and Federation
• Alliance Mission and Objectives
• Adoption Highlights
• Q A

18
Mission of the Liberty Alliance
Establish an open standard for federated network
identity through open technical specifications
that will

• Support a broad range of identity-based products
  and services
• Allow for consumer choice of identity provider(s)
  and the ability to link accounts through account
  federation
• Provide the convenience of simplified sign-on,
  when using any network of connected services and
  devices
• Enable organizations to realize new revenue and
  cost saving opportunities
• Allow organizations to economically leverage
  relationships with customers, business partners,
  and employees
• Improve ease of use for e-commerce

18
19
What We Do

• Vision A networked world in which individuals
  and businesses can more easily interact with one
  another while respecting the privacy and security
  of shared identity information
• Strategic Objectives
• All digital identity management products
  services will interoperate (like all ATM machines
  read my ATM card)
• Satisfy user demands for secure control of their
  own identity information and thus ensure the
  integrity of online privacy
• Achieve one, best-of-breed, open standard with
  ubiquitous adoption to reduce risk for early ID
  management deployments

20
Interoperability

• Objective Interoperability
• Organizational
• Define and document organizational needs in the
  network identity management services space
• Develop business frameworks, guidelines and best
  practices (for example mutual authentication
  practices, customer service practices, templates
  for managing liability flow within circles of
  trust, etc.)
• Technical
• Develop and maintain open technical
  specifications enabling network identity
  solutions
• Partner with other relevant organizations to
  drive interoperability and convergence of
  emerging and existing network identity-related
  specifications
• Demonstrate and prove interoperability between
  implementations

21
Privacy

• Objective Privacy
• Collaborate with policy makers and influencers to
  ensure the Liberty specifications and guidelines
  support the range of fair information practices
  required within different jurisdictions and
  industries
• Educate opinion leaders, implementers, and policy
  makers, regarding our mission and progress in the
  network identity space
• Develop and maintain a range of privacy
  guidelines for implementers of network identity
  management solutions

22
The Complete Liberty Architecture
23
Liberty Architecture Phase 2
24
Roadmap to Interoperable Federated Identity
Services
25
Agenda

• What is identity and network identity?
• Passport, the Liberty Alliance and Federation
• Alliance Mission and Objectives
• Adoption Highlights
• Q A

26
Adoption Highlights

• Recent poll of sponsors
• 70 plan to implement our specifications
• 59 are implementing this year
• 52 will initially focus within the enterprise
• The Liberty Alliance plans to repeat the member
  poll including Associates and Affiliates in Q2.
• EU Article 29 Working Party report
• Further announcements of Liberty enabled products
  and services
• Implementations
• SecuritiesHub
• GM
• Niteo
• Forthcoming Public Interoperability Event

27
Liberty Enabled products and services

• Cavio Corporation
• Communicator Inc HubID shipping
• Entrust 1st half 03
• Neustar 1st half 03
• Novell 1st half 03
• Oblix Netpoint shipping
• Phaos Technology Liberty toolkit shipping
• Ping ID SourceID SSO available now
• RSA Security 1st half 03
• Sun Microsystems- Identity Server shipping
• Waveset Technologies Lighthouse Virtual ID Mgr
  shipping

28
Implementations

• General Motors
• MySocrates employee intranet
• Currently under test for access to health
  benefits, 401K, etc
• SecuritiesHub
• Consortium of financial institutions
• Managed service based on HubID
• Enables access to proprietary bond research and
  trading information
• Niteo
• Consulting to largest U.S. cash management banks
  and the Financial Services Technology Consortium
  (FSTC)
• Bank-to-bank network for securely exchanging
  customer account, transaction and credential data
  via a set of interoperable web services

29
Agenda

• What is identity and network identity?
• Passport, the Liberty Alliance and Federation
• Alliance Mission and Objectives
• Adoption Highlights
• Q A

30
(No Transcript)
31
Wayne RashSenior Contributing Editor, InfoWorld

• Assert Your Right(s) The Relationships Between
  Identity and Security

Moderator
Scott DinsdaleExecutive VP, Digital Strategy,
Motion Picture Assoc. of America Brian
OHigginsCTO, Entrust Julie St. JohnExecutive
VP and CTO, Fannie Mae Peter TippettChief
Technologist, TruSecure Navarrow WrightCTO, BET
Interactive
32
(No Transcript)
33

• Sponsored Case Studies

34
(No Transcript)
35
(No Transcript)
36
(No Transcript)
37
Keynote Slides

• Most of the presentations are at
• www.infoworld.com/ctoslides
• To obtain Rick Careys slides, send an email to
• mwinter_at_exchange.ml.com