19. World Bank Experience
• “Information system projects appear to
have an alarmingly high failure rate, even
in developed countries — half of large
implementations fail, half suffer disputes.”
• “It is estimated that more than 80 percent
of World Bank projects have an
informatics component. Many of these
components meet essential development
needs. It is vital therefore, that they are
planned and implemented to bring lasting
benefit.”
World Bank, 2004
21. some challenges
• governance
• competing needs of many diverse stakeholders
• more demands than capacity
• everyone is an IT expert
• architecture
• rapidly increasing systems complexity
• delivering new services increases complexity
• operations and maintenance budget growing
• procurement
• severe budget and cost control pressures
• procurement cycles not responsive to
organisational need
22. why governments should lead in
effective use of IT
• IT is an important enabler of
improved service delivery and
effectiveness
• government use of IT can
drive private sector adoption
and capacity building
• effective use of IT drives local
market for IT skills and service
provision
• in the UK, government
accounts for around 55% of all
IT expenditure ….
23. the GAP principles
Governance
• IT is a service provider to the business - business units and
information technology organisations need to be intimately linked
through managed engagement processes.
• the Chief Information Officer (CIO) requires real authority - CIOs
need effective authority to mandate architecture standards across
organisational boundaries.
Architecture
• the future of business is networked – adoption of architectures
based on XML and underlying internet standards maximise flexibility
and improve speed of delivery of new services.
Procurement
• architecture is the foundation - a long term strategic model is
required for core architecture procurement
• service orientation in architecture enables flexibility – shorter term
tactical models can be used to procure from smaller, local or
specialized suppliers
• Service Level Agreements alone do not guarantee success – good
governance and architecture are required to enable effective
operations outsourcing
24. IT governance
IT governance is about assigning decision rights
and creating an accountability framework that
encourages desirable behaviour in the use of IT
(Source: CISR (Center for information Systems Research)
Sloan School of Management, MIT and Gartner EXP)
CISR also states that IT governance should cover five IT
domains:
• IT ‘maxims’ or policies
• IT infrastructure strategy
• IT architecture
• Business application portfolio management
• IT investment and prioritisation.
Source: CISR & Gartner EXP
25. assessing IT governance
Your total score Status of your governance
00 to 08 Poor, needs serious attention
09 to 16 Good start, could be improved
17 to 24 Good, keep improving
25 to 32 Very good, little room for improvement
Score yourself for 1 to 4 (1 = not at all, 4 = completely) for:
– We follow a set of agreed IT policies
– We follow an agreed IT infrastructure strategy
– We enforce agreed architecture standards
– Applications are managed to an agreed portfolio strategy
– IT investment is prioritized according to a government policy framework
– We follow an agreed procurement policy
– We follow a standard project management methodology
– We carry out post implementation benefits analysis and review
26. characteristics of effective governance
• an agreed definition of architecture and
its associated minimum standards
adopted across the entire organisation
• CIO and IT organisations empowered to
enforce architecture and standards
• government ministers and internal IT
leaders must be co-stakeholders to
collaborate and have voice on long
term IT strategy
• change management processes ensure
rigour in operations
• financial models and budgets adopted
• opportunity to provide shared services
and / or outsourced
28. effective procurement
• encourage a diverse supply-side marketplace
– avoid over-dependency on a limited number of
big suppliers
• distinct architecture / procurement models:
– core architecture services
– operational infrastructure services
– applications and application services
• effective enterprise architecture creates:
– new approach to supplier selection, time
horizons and selection criteria for each
– reduced dependence on the classic challenge
of outsourcing the end to end infrastructure
– lower complexity allowing for smaller, local
suppliers, lower costs and improved flexibility
and versatility.
29. applying the GAP principles in
government
• Governance
– IT is a service provider to government and the citizen.
– agencies and information technology organisations need to be
intimately linked to national policy priorities through managed
engagement processes.
– the Chief Information Officer (CIO) requires real authority. A pan-
government CIO role must exist and needs effective authority to
mandate information and architecture standards across government.
• architecture
– the future of government is networked. Adoption of architectures
based on XML and underlying internet standards maximise flexibility
and improve speed of delivery of new government services.
• procurement
– architecture is the foundation. A long term strategic model is required
for core architecture procurement
– Service orientation in architecture enables flexibility. Shorter term
tactical models enhance opportunities for local technology providers
– Service Level Agreements alone do not guarantee success – good
governance and architecture are required to enable effective shared
service models
30. recommended changes
• establish:
– an IT investment council as a component of the
government executive office
– an applications committee, as a subset of the IT
investment council, to prioritise and maintain
applications portfolio
– an architecture advisory group to ensure compliance
– a technical advisory group to advise on technical
matters, including infrastructure strategy compliance
– a programme-project management office to ensure
PPM compliance
– a project review board for each major project
32. ... could do better?
• The UK is “apparently a world leader in ineffective IT
schemes for government”
• Dunleavy et al observe that:
– “.... a large number of projects have been scrapped in the last
decade, with significant losses of complete investments or with
partial write-offs of investment. This record is closely associated
with a pattern of price rises in contracts over implementation
periods and of significantly less functionality for implemented
systems than initially expected.”
(Source: Dunleavy, P., Margetts, H., Bastow, S., Tinkler, J. Digital Era Governance. Oxford
University Press, 2008)
33. ... could do better?
• “... the greater the power of the IT industry,
the less effective the performance of
government IT has been.”
– (Source: Dunleavy, P., Margetts, H., Bastow, S., Tinkler, J. Digital Era Governance. Oxford
University Press, 2008 (p130))
• just 11 companies provide 80% of public
sector business in the ICT sector
– (Source: House of Commons Public Accounts Committee, Twenty-Seventh Report,
Session 2004-05, 6 April 2005)
• 2010 … just 1 company with c. 60% of all
public sector IT business …?
34. • in the digital age, you don't need
to own or hold everything
new yourself in order to provide an
integrated service
realities of – you can exploit each other's
investments (across
the public/private sectors – and the
“personal sector”): the outcome,
“intelligent for once, can be greater than the
sum of the parts ...
state” – ... and the citizen lives at the
centre
37. the evolving Internet
Personal
Transactional
Informational
“Are social computing themes like user-
generated content and communication
fundamentally changing the rules of
business? We think they are—in a big
way.”
Forrester Research
38. the Internet as grid
• it’s not just the Web
• the Internet drives
services, not Web sites
• the Internet as grid
changes everything
39. enabled by Internet evolution
Xbox Live
evolution Web Services and APIs are evolving 1st party web sites into rich, serious
development platforms for next generation Internet applications
• shorter time to delivery • broader, more compelling experiences
benefits • better reliability • support for multiple devices
• wider syndication
42. the existing focus
• server consolidation
• the development of a common structure for servers
and applications
• automating the deployment of servers and
applications within that common structure
• improving overall security, data protection and
privacy practices (including at the local, regional or
branch office level)
• improving security through improved identity
management
• virtualisation and rationalisation in the data centre
• desktop and mobile platform optimisation
• driving down the 76% of IT budget costs spent on IT
services
43. Government
(provider/producer centric
view
Education Tax Welfare Health ...etc
citizen
44. Government
(provider/producer centric
view
Education Tax Welfare Health ...etc
citizen
45. From To
• Function oriented • Process oriented
• Build to last • Build to change
• Prolonged • Incrementally built
development cycles and deployed
• Internal focus • External and internal focus
• Application silos • Orchestrated solutions
• Tightly coupled • Loosely coupled
• Object oriented • Message oriented
• Known implementation • Abstraction
Source: “Building the Agile Department: a Service Oriented Architecture for Government”. Jerry Fishenden, April 2004. Report for Inland
Revenue and the Cabinet Office.
46. Current Focus Internal User
Future Focus
Business Business Business Business
Function Function Function Function
A B C X
User
Process A
User External User
Process B
User
Process C
Source: “Building the Agile Department: a Service Oriented Architecture for Government”. Jerry Fishenden, April 2004. Report for Inland
Revenue and the Cabinet Office.
48. Local
Government
Central
Government
Government
Gateway
Businesses
Voluntary
Organisations
49. Local
Government
Central
Government
Government
Gateway
Businesses
Voluntary
Organisations
51. the architecture in 2004 ...
applications
aggregate the
services into a
presentation channel
the GSI and the
for specific business
Users Internet provide
processes
presentation PC the common
web site helpdesk
layer application message bus
a growing number of
“headless” web
services message bus (Internet/GSI)
Gateway Gateway Gateway secure
payments
STS A&A TxE messaging
the Gateway provides
mediation for the non- Gateway Gateway Gateway
web services world, via DIS DIS DIS
the hub and spoke
transactional model
Dept Dept Dept
Source: “Building the Agile Department: a Service Oriented Architecture for Government”. Jerry Fishenden, April 2004. Report for Inland
Revenue and the Cabinet Office.
52. ... the proposed next step
new services
are added into departments
the pool directly
Users expose their
presentation PC
own services
web site helpdesk rules Dept
layer application onto the bus
message bus (Internet/GSI)
Gateway Gateway Gateway secure
payments Dept
STS A&A TxE messaging
the Gateway continues
to provide mediation for
Gateway Gateway
the non-web services DIS DIS
world, via the hub and
spoke model
Dept Dept
Source: “Building the Agile Department: a Service Oriented Architecture for Government”. Jerry Fishenden, April 2004. Report for Inland
Revenue and the Cabinet Office.
53. ... the end goal?
depts adopt
busses
internally
message bus
Users
presentation PC
web site helpdesk rules Dept
layer application
other trusted
message bus (Internet/GSI)
credentials
are supported
Gateway Gateway secure Trusted
payments Dept
STS A&A messaging STS
message bus
legacy hub and
spoke is
deprecated
Source: “Building the Agile Department: a Service Oriented Architecture for Government”. Jerry Fishenden, April 2004. Report for Inland
Revenue and the Cabinet Office.
60. key issues
• how do we get public sector IT to where it
needs to be?
• how do we keep “lights on” while ensuring
new projects are conceived and delivered in
new ways?
• how do we do things in new ways without
risking failures in the transition period?
67. subscribes to
shops at
Vodaphone
(source: mobile phone) Morrisons
(source: loyalty card and
credit card)
overweight
(source: connected
bathroom scales)
alcoholic
(source: The Red Lion
EPOS)
iPod owner
(source: RFID tag
fashion victim
(source: street CCTV)
68. we need trust in our digital lives
• any systems – private or public sector –
need to:
– recognise the importance of the rule of
law, security, and privacy and other core
democratic freedoms in contributing to
trustworthiness
– honour European values such as privacy,
freedom of expression, protection of
minorities, freedom of association, and
freedom of belief
• the public sector has a key role in
overall governance and compliance in
support of these important values
72. security
• high public awareness of security
issues
• the Internet is a great medium
for committing crime
• global reach
• anonymity
• lack of traceability
• profits for committing crimes are
going up
• time to exploit is decreasing
73. not a great model either …
your name, bank account
number, sort code number
… (conveniently embossed
for easy skimming)
… your signature, 234
“security code” and
“automated hacking
magnetic strip”
78. time to exploit
Most attacks
occur here
(why does this
gap exist?)
Product Vulnerability Vulnerability Fix Fix deployed
ship discovered made public/ deployed at customer
Component fixed site
79. an evolving threat
Largest segment by
$ spent on defence
National Interest Spy
Largest area by $ lost
Personal Gain Thief Fastest
growing
Largest area segment
by volume Trespasser
Personal Fame
Curiosity Vandal Author
Script-Kiddy Undergraduate Expert Specialist
80. botnets
• “botnets serve various purposes, including denial-of-service
attacks, creation or misuse of SMTP mail relays for spam, click
fraud, and the theft of application serial numbers, login IDs,
and financial information such as credit card numbers. The
botnet owner community features a constant and continuous
struggle over who has the most bots, the highest overall
bandwidth, and the largest amount of "high-quality" infected
machines (commonly university, corporate, and even
government machines).”
Wikipedia
83. forensics of a virus
July 1 July 16 July 25 Aug 11
vulnerability bulletin & patch
reported to us / available exploit code in public worm in the wild
patch in progress no exploit
Report Bulletin Exploit Worm
Vulnerability in MS03-026 delivered X-focus (Chinese Blaster worm
RPC/DDOM reported to customers group) published discovered –; variants
MS activated highest (7/16/03) exploit tool and other viruses hit
level emergency Continued outreach MS heightened efforts simultaneously (i.e.
response process to analysts, press, to get information to “SoBig”)
community, partners, customers
government agencies
Blaster shows the complex
interplay between security
researchers, software
companies, and hackers
Source: Microsoft
84. honeypot projects
• six computers attached to Internet
– different versions of Windows, Linux and Mac OS
• over the course of one week
– machines were scanned 46,255 times
– 4,892 direct attacks
• no up-to-date, patched operating systems
succumbed to a single attack
• all down rev systems were compromised
– Windows XP with no patches
– infested in 18 minutes by Blaster and Sasser
– within an hour it became a "bot"
Source: StillSecure,
see http://www.denverpost.com/Stories/0,1413,36~33~2735094,00.html
85. example security engineering
response: the Security Development
Lifecycle
Requirements Design Implementation Verification Release Response
Guidelines & Best Practices
Coding Standards
Testing based on threat Security
models Final Security Review (FSR) Response
Tool usage Review threat models Feedback loop
Product Inception Penetration Testing - Tools/
Assign resource Threat Modeling Archiving of Compliance Info Processes
Security plan Models created - Postmortems
Mitigations in design Security Docs & - SRLs
and functional specs Tools Security Push
Customer deliverables Security push training RTM &
for secure deployment Review threat models Deployment
Design
Design guidelines applied Review code Signoff
Security architecture Attack testing
Security design review Review against new threats
Ship criteria agreed upon Meet signoff criteria
86. a technology framework
• secure infrastructure
– safeguards that protect against malware, intrusions and unauthorised
access to personal information, and help protect systems from evolving
threats
• identity and access control
– systems that help protect personal information from unauthorised
access or use, and provide management controls for identity access and
provisioning
• data encryption
– safeguards that protect sensitive personal information by converting
data into incomprehensible code that requires a key held by an
authorised recipient to decode
• document protection
– protection of personal information stored in documents throughout the
entire life cycle of the document
• auditing and reporting
– monitoring to verify the integrity of systems and data in compliance
with business policies
88. phishing & phraud
Source: http://www.antiphishing.org
The number of unique phishing The number of unique phishing
reports submitted in the third quarter websites detected during the
of 2009 reached an all-time high of third quarter of 2009 reached a
40,621 new record in August with 56,362
90. the impact of phishing
• most people are spoofed
– over 60% have visited a fake or spoofed site
• people are tricked
– over 15% admit to having provided personal
data
• target for spoofing attacks
– banks, credit card companies, Web retailers,
online auctions (e-bay) and mortgage
companies.
• economic loss for a small number of people
– slightly more than 2%
– average cost of $115 dollars
Source: TRUSTe
91. outcome of social engineering
typical information posted on hacker forum
First name: XXXXXXXXXX
Lastname: XXXXXXXXXXX
Address: XXXXXXXXXXX
City: BALTIMORE
State: MD
Zipcode: 21211
Phone: 410-XXXX-XXXX
SSN: XXX-XX-XXXX
Driver's license: XXXXXXXXXXXXX
DOB: X-XX-19XX
Cardnumber: XXXXXXXXXXX
Expiry Date: XX-XXXX
CVV2: XXX
ATM Pin: XXXX
Paypal email: XXXXXX@yahoo.com
Paypal Password :XXXXXXXXXXX
IP address: XXX.XXX.XXX.XXX
92. some issues ...
• the economics of computing makes the
collection, storage, analysis and
dissemination of data cost effective (e.g.,
spam)
• there is often a tension between
government and regulatory requirements,
business strategies, and citizen/customer
expectations
– Security and Privacy can be both synergistic
and antagonistic
• new technologies raise important privacy
concerns (e.g., biometrics, GPS)
• what constitutes an “invasion of privacy”
may be unclear and may be dependent on
local laws and customs
93. privacy technologies
• Anti-Spam and Anti-Spyware
• Rights Management
• Filtering Technologies
• Authentication Technologies
• Parental Controls, Pop Up
Blockers, Phorm-blocker, Junk
Email, Ad Blockers, etc.
94. today - commonplace
• fingerprints
– commonplace: from Disney to your
PocketPC to US Visit to your home
PC keyboard and mouse
– increasingly a commodity item
95. today – less common
• iris recognition
– working in limited contexts:
• airports
• UAE
96. tomorrow?
• commoditised
biometrics–
from our gait to
our DNA ...?
98. reminder - outcome of social engineering
typical information posted on hacker forum
First name: XXXXXXXXXX
Lastname: XXXXXXXXXXX
Address: XXXXXXXXXXX
City: BALTIMORE
State: MD
Zipcode: 21211
Phone: 410-XXXX-XXXX
SSN: XXX-XX-XXXX
Driver's license: XXXXXXXXXXXXX
DOB: X-XX-19XX
Cardnumber: XXXXXXXXXXX
Expiry Date: XX-XXXX
CVV2: XXX
ATM Pin: XXXX
Paypal email: XXXXXX@yahoo.com
Paypal Password :XXXXXXXXXXX
IP address: XXX.XXX.XXX.XXX
99. • so will biometrics be any different from
biographics… ?
Internet hacker forum
RH Index Finger Image (JPEG2000): XXXXXXXXXXX
L Eye Iris Image (JPEG2000) : XXXXXXXXXXX
L Eye Iris Image (RAW): XXXXXXXXXXX
…..
• … if using our biometrics becomes routine,
they become open to universal capture by
third parties
– not just technology – “protocols” too
» who is entitled to take and store our biometrics?
» what happens when “everyone” has them ?
100. criminalisation of the Internet
• greater use and greater value attract
professionalised international
criminal fringe
– dysfunctional, ad-hoc nature of
identity patchwork
– phishing and pharming (“phraud”) at
1000% CAGR
• the ad hoc nature of internet
identity cannot withstand the
growing assault of professionalised
attackers
– we can predict a deepening public
crisis
101. towards an identity metasystem
• diverse needs of players mean integrating
multiple constituent technologies
• not the first time we’ve seen this in computing
– think back to things as basic as abstract display
services made possible through device drivers
• we need a unifying “identity metasystem”
– protect applications from complexities of systems
– allow digital identity to be loosely coupled
• avoid need to agree on dominant technologies a
priori – they will emerge from the ecosystem
103. the “laws”
Directed Identity
A universal identity metasystem must support
both “omnidirectional” identifiers for use by
public entities and “unidirectional” identifiers
for private entities, thus facilitating discovery
while preventing unnecessary release of
correlation handles.
User Control and Consent Pluralism of Operators and Technologies
A universal identity metasystem must channel
Digital identity systems must only reveal and enable the interworking of multiple identity
information identifying a user with the user’s technologies run by multiple identity providers.
consent.
Human Integration
Limited Disclosure for Limited Use A unifying identity metasystem must define the
The solution which discloses the least human user as a component integrated through
identifying information and best limits its use is protected and unambiguous human-machine
the most stable, long-term solution. communications.
The Law of Fewest Parties Consistent Experience Across Contexts
A unifying identity metasystem must provide a
Digital identity systems must limit disclosure of simple consistent experience while enabling
identifying information to parties having a separation of contexts through multiple
necessary and justifiable place in a given operators and technologies.
identity relationship.
104. the “laws”
Directed Identity
A universal identity metasystem must support
both “omnidirectional” identifiers for use by
public entities and “unidirectional” identifiers
for private entities, thus facilitating discovery
while preventing unnecessary release of
correlation handles.
User Control and Consentinformation Pluralism of Operators and Technologies
the user decides which A universal identity metasystem must channel
Digital identity systems must only reveal and enable the interworking of multiple identity
to reveal to another party
information identifying a user with the user’s technologies run by multiple identity providers.
consent.
Human Integration
Limited Disclosure for Limited Use A unifying identity metasystem must define the
The solution which discloses the least human user as a component integrated through
identifying information and best limits its use is protected and unambiguous human-machine
the most stable, long-term solution. communications.
The Law of Fewest Parties Consistent Experience Across Contexts
A unifying identity metasystem must provide a
Digital identity systems must limit disclosure of simple consistent experience while enabling
identifying information to parties having a separation of contexts through multiple
necessary and justifiable place in a given operators and technologies.
identity relationship.
105. the “laws”
Directed Identity
A universal identity metasystem must support
both “omnidirectional” identifiers for use by
public entities and “unidirectional” identifiers
for private entities, thus facilitating discovery
while preventing unnecessary release of
correlation handles.
User Control and Consentinformation Pluralism of Operators and Technologies
the user decides which A universal identity metasystem must channel
Digital identity systems must only reveal and enable the interworking of multiple identity
to reveal to another party
information identifying a user with the user’s technologies run by multiple identity providers.
consent.
Human Integration
Limited Disclosure for Limited Use
systems don’t disclose more A unifying identity metasystem must define the
information than is necessary in a
The solution which discloses the least human user as a component integrated through
identifying information and best limits its use is protected and unambiguous human-machine
given context
the most stable, long-term solution. communications.
The Law of Fewest Parties Consistent Experience Across Contexts
A unifying identity metasystem must provide a
Digital identity systems must limit disclosure of simple consistent experience while enabling
identifying information to parties having a separation of contexts through multiple
necessary and justifiable place in a given operators and technologies.
identity relationship.
106. the “laws”
Directed Identity
A universal identity metasystem must support
both “omnidirectional” identifiers for use by
public entities and “unidirectional” identifiers
for private entities, thus facilitating discovery
while preventing unnecessary release of
correlation handles.
User Control and Consentinformation Pluralism of Operators and Technologies
the user decides which A universal identity metasystem must channel
Digital identity systems must only reveal and enable the interworking of multiple identity
to reveal to another party
information identifying a user with the user’s technologies run by multiple identity providers.
consent.
Human Integration
Limited Disclosure for Limited Use
systems don’t disclose more A unifying identity metasystem must define the
information than is necessary in a
The solution which discloses the least human user as a component integrated through
identifying information and best limits its use is protected and unambiguous human-machine
given context
the most stable, long-term solution. communications.
The Law of discloseParties data only Consistent Experience Across Contexts
systems Fewest identity A unifying identity metasystem must provide a
Digital identity systems must limit disclosure of simple consistent experience while enabling
to those with a necessary and
identifying information to parties having a separation of contexts through multiple
necessary and justifiable place in a given
justifiable place in the relationship operators and technologies.
identity relationship.
107. the “laws”
Directed Identitybroadcast identifiers for
supports both
A universal identity metasystem must support
public entities and “unidirectional”
both “omnidirectional” identifiers for use by
identifiers for private ones
public entities and “unidirectional” identifiers
for private entities, thus facilitating discovery
while preventing unnecessary release of
correlation handles.
User Control and Consentinformation Pluralism of Operators and Technologies
the user decides which A universal identity metasystem must channel
Digital identity systems must only reveal and enable the interworking of multiple identity
to reveal to another party
information identifying a user with the user’s technologies run by multiple identity providers.
consent.
Human Integration
Limited Disclosure for Limited Use
systems don’t disclose more A unifying identity metasystem must define the
information than is necessary in a
The solution which discloses the least human user as a component integrated through
identifying information and best limits its use is protected and unambiguous human-machine
given context
the most stable, long-term solution. communications.
The Law of discloseParties data only Consistent Experience Across Contexts
systems Fewest identity A unifying identity metasystem must provide a
Digital identity systems must limit disclosure of simple consistent experience while enabling
to those with a necessary and
identifying information to parties having a separation of contexts through multiple
necessary and justifiable place in a given
justifiable place in the relationship operators and technologies.
identity relationship.
108. the “laws”
Directed Identitybroadcast identifiers for
supports both
A universal identity metasystem must support
public entities and “unidirectional”
both “omnidirectional” identifiers for use by
identifiers for private ones
public entities and “unidirectional” identifiers
for private entities, thus facilitating discovery
while preventing unnecessary release of
correlation handles.
works across multiple technologies run
User Control and Consentinformation Pluralism ofdifferent identity providers,
by Operators and Technologies
the user decides which A universal identity metasystem must channel
Digital identity systems must only reveal including government
and enable the interworking of multiple identity
to reveal to another party
information identifying a user with the user’s technologies run by multiple identity providers.
consent.
Human Integration
Limited Disclosure for Limited Use
systems don’t disclose more A unifying identity metasystem must define the
information than is necessary in a
The solution which discloses the least human user as a component integrated through
identifying information and best limits its use is protected and unambiguous human-machine
given context
the most stable, long-term solution. communications.
The Law of discloseParties data only Consistent Experience Across Contexts
systems Fewest identity A unifying identity metasystem must provide a
Digital identity systems must limit disclosure of simple consistent experience while enabling
to those with a necessary and
identifying information to parties having a separation of contexts through multiple
necessary and justifiable place in a given
justifiable place in the relationship operators and technologies.
identity relationship.
109. the “laws”
Directed Identitybroadcast identifiers for
supports both
A universal identity metasystem must support
public entities and “unidirectional”
both “omnidirectional” identifiers for use by
identifiers for private ones
public entities and “unidirectional” identifiers
for private entities, thus facilitating discovery
while preventing unnecessary release of
correlation handles.
works across multiple technologies run
User Control and Consentinformation Pluralism ofdifferent identity providers,
by Operators and Technologies
the user decides which A universal identity metasystem must channel
Digital identity systems must only reveal including government
and enable the interworking of multiple identity
to reveal to another party
information identifying a user with the user’s technologies run by multiple identity providers.
consent.
Human Integration
Limited Disclosure for Limited Use
systems don’t disclose more A unifying identity metasystem must define the
information than is necessary in a
The solution which discloses the least human user as a component by real people
works with and is usable integrated through
identifying information and best limits its use is protected and unambiguous human-machine
given context
the most stable, long-term solution. communications.
The Law of discloseParties data only Consistent Experience Across Contexts
systems Fewest identity A unifying identity metasystem must provide a
Digital identity systems must limit disclosure of simple consistent experience while enabling
to those with a necessary and
identifying information to parties having a separation of contexts through multiple
necessary and justifiable place in a given
justifiable place in the relationship operators and technologies.
identity relationship.
110. the “laws”
Directed Identitybroadcast identifiers for
supports both
A universal identity metasystem must support
public entities and “unidirectional”
both “omnidirectional” identifiers for use by
identifiers for private ones
public entities and “unidirectional” identifiers
for private entities, thus facilitating discovery
while preventing unnecessary release of
correlation handles.
works across multiple technologies run
User Control and Consentinformation Pluralism ofdifferent identity providers,
by Operators and Technologies
the user decides which A universal identity metasystem must channel
Digital identity systems must only reveal including government
and enable the interworking of multiple identity
to reveal to another party
information identifying a user with the user’s technologies run by multiple identity providers.
consent.
Human Integration
Limited Disclosure for Limited Use
systems don’t disclose more A unifying identity metasystem must define the
information than is necessary in a
The solution which discloses the least human user as a component by real people
works with and is usable integrated through
identifying information and best limits its use is protected and unambiguous human-machine
given context
the most stable, long-term solution. communications.
The Law of discloseParties data only Consistent Experience Across Contexts
systems Fewest identity A unifying identity metasystem must provide a
Digital identity systems must limit disclosure of behaves the same way wherever and
simple consistent experience while enabling
to those with a necessary and
identifying information to parties having a separation of contexts you use multiple
however through it
necessary and justifiable place in a given
justifiable place in the relationship operators and technologies.
identity relationship.
111. the 'laws' define a citizen-centric metasystem
Applications
Existing & New
Technologies
X509, Kerberos, x509 Governments
Devices Me Organisations
PCs, Mobile, Phone
Individuals
Work & Consumer Businesses
112. Mr Cameron suggests rethinking
the whole issue ...
... the second principle, says
Mr Cameron, should be to keep
down the risk of a breach by
using as little information as
possible to achieve the task
in hand. This approach, which
he calls “information
minimalism”, rules out keeping
information “just in case”.
Third, identity systems must
be able to check who is asking
for the information, not just
Source: The Economist Feb
16th-22nd 2008 hand it over.
... the final principle is a
thorough understanding of the
human factor
114. minimal disclosure tokens: basics
Name: Alice Smith DOB: 03-25-1976
Name: Alice Smith
Address:
Address: 1234 Crypto, Seattle, WA
1234 Crypto, Seattle, Reputation: high
Status: gold customer
Status: gold customer Gender: female
115. minimal disclosure tokens: basics
Which adult
Prove that from WA is
you are from this?
WA and over
21
? ?
Name: Alice Smith
Address: 1234 Crypto, Seattle, WA
DOB: 03-25-1976 proof
Over-21
Status: gold customer
Reputation: high
Gender: female
116. authenticated anonymity
Prove that
you are a
gold
customer
Name: Alice Smith
Address: 1234 Crypto, Seattle, WA
Status: gold customer
117. unlinkable data sharing
Name: Alice Smith
Address: 1234 Crypto, Seattle, WA
Status: gold customer
? UserID:
City:
Alice S.
Seattle, WA
?
No unwanted linkages
Name: Alice Smith
UserID: Alice S.
Address: 1234 Crypto, Seattle, WA
Status: gold customer
119. … and at the macro level
• fundamental reform of the
policymaking process:
– ensure technological and scientific
evidence is gathered and understood
prior to legislation being brought
forward
• eg avoid ‘the Identity Cards Act’ model,
where the mechanism/solution (cards) is
fused with the objective and policy
outcome
• don’t plan based on what you can
see in the rear-view mirror
120. intelligent environments
• office, home and public buildings
running embedded technologies:
– controlling lighting, heating
(energy efficiency) and security
– entertainment (music/film etc
following you around the house)
– dynamically moving calls and
content between desk/mobile
phones, PCs other devices
• public environments
– knowing you’re there
– telling you what’s available
124. the transition from basic to dynamic security
Basic Standardized Rationalized Dynamic
Patch status Multiple directories Automate identity Self provisioning
Technology
of desktops for authentication and access and quarantine
is unknown Limited automated management capable systems
No unified directory software Automated ensure compliance
for access mgmt distribution system management and high availability
IT processes Central SLAs are linked Self-assessing and
undefined Admin and to business continuous
Complexity due configuration objectives improvement
Process
to localized of security Clearly defined and Easy, secure access
processes Standard desktop enforced images, to info from
and minimal central images defined, security, best anywhere
control not adopted by all practices on Internet
IT staff taxed IT Staff trained in IT Staff manages an IT is a
by operational best practices such efficient, strategic asset
challenges as MOF, controlled
Users look to IT
ITIL, etc. environment
Users come up with as a valued partner
People
their own Users expect basic Users have the right to enable new
tools,
IT solutions services from IT business initiatives
availability, and
access to info
$1320/PC Cost $580/PC Cost $230/PC Cost < $100/PC Cost
125. “CardSpace”
• enables users to
use multiple
identity systems
• based on Web
services
• usable by any
application
126. CardSpace features
• strong 2-way authentication
• enhanced privacy
– at user’s discretion, store personal
information on PC/Phone/Device or
in “the cloud”
– fully informed disclosure
– multiple personas, a mirror of the
real world
127. Web services and identity
• WS-* family of open Web Services protocols
• developed by Microsoft, IBM and others
• designed to connect multiple identity systems
• anyone can implement on any platform
• CardSpace is one implementation – a Java
implementation already exists, and others are
committing to support it:
– Novell and IBM have announced the Higgins project: an
open source implementation
– OpenID is being supported by many players
129. if we can get this right ...?
privacy and
security
restored?
130. summary
• privacy and security need to be designed in
partnership
• both are parts of an ecosystem
• online digital identity and “The Laws” are
making headway into online privacy and security
• better design is required – especially as we enter
the pervasive age
157. “The illiterate of the 21st century will not be
those who cannot read and write, but those
who cannot learn, unlearn, and relearn”
Rethinking the Future,
Alvin Toffler
164. ... thank you.
IT perspectives
Jerry Fishenden
Director, Centre for Technology Policy Research
Visiting Senior Fellow, LSE
j.fishenden@lse.ac.uk
blog: ntouk.com