Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Sabett: ESRA Identity Management 11-09-10
1. Case Study: A New Model
for Federated Identity
Management
Presented at the ESRA Conference
November 10, 2010
Randy V. Sabett
Partner and Co-Chair, Internet and Data
Protection Practice Group
T +1 202.408.6830
rsabett@snrdenton.com
snrdenton.com
1
2. About SNR Denton
SNR Denton is a client-focused international legal practice delivering quality
and value.
We serve clients in key business and financial centers from 48 locations in
32 countries, through offices, associate firms and special alliances across
the US, UK, Europe, the Middle East, Russia and the CIS, South-East Asia,
and Africa, making us a top 25 legal services provider by lawyers and
professionals worldwide.
Joining the complementary top tier practices of its founding firms—
Sonnenschein Nath & Rosenthal LLP and Denton Wilde Sapte LLP—SNR
Denton offers business, government and institutional clients premier service
and a disciplined focus to meet evolving needs in eight key industry sectors:
Energy, Transport and Infrastructure; Financial Institutions and Funds;
Government; Health and Life Sciences; Insurance; Manufacturing; Real
Estate, Retail and Hotels; and Technology, Media and Telecommunications.
2
4. Converged Issues in Federated Identity (legal/technical/administrative)
1 Scope of Problem 2 Root Causes
• Lack of trust • Old model of communications focused
• Multiple identity infrastructures on closed systems
• Lack of widespread adoption of identity/ • Lack of widely accepted methods for
credentialing standards electronic signatures
• Paper is the traditional system of record • Electronic identity is confused with
for most entities information technology
• Local regulatory and legal needs differ
3 Impact 4 The opportunity
• Reduction in Identity access management • Unified approach for identity, even at high
costs (~$100 per user) levels of assurance
• Transaction cost avoidance • Technology vs. people and paper
• Clean data faster • Industry leadership – allow company to
• Improve intellectual property protection scale solution
capabilities
4
5. Review: Values of Federated Identity
Tactical (Near Term) Value Strategic Value
Infrastructure cost Innovation and productivity
reduction/avoidance improvements
Identity management for 3rd parties Transaction cost avoidance
Supports single credential issuance Simplifying external collaboration
for employees/contractors Compliance efficiencies
Common applications enablement Common liability framework
Standard systems validation model Improved intellectual property
protection
Expanded use of electronic and
digital signatures
5
6. Implementation Decisions
Participant scope and relationships?
• Risk management, geographic requirements & support
Determining Business Value
• Tactical vs. strategic
• Common entry point
Single or Tiered PKI ?
• Financial, Regulatory, Legal and Enterprise transactions
Legal
• Contracts
Insource, Outsource, or Hybrid?
• Governance, Technical Integration, Privacy, Operations
6
7. Typical liability and contract issues
Risk management
– Relationship between liability assumption and control capability
– How to manage current risks?
– How to manage new risks?
Issues introduced by Federated Identity
– Legal enforceability and local dispute resolution capabilities
– Relationships with technology and service providers
– Relationships with employees, business partners, and others
Support
– Provisioning
– Lifecycle management
– Helpdesk/call center integration & escalation
7
8. Typical Architecture Approach: Trust Bridge
All entities can participate through an industry/government trust bridge
Federating
Entity
Legally enforced
digital
signatures via
global contract
law SP/IdP SP/IdP SP/IdP
Trust
+
Users Users Users
Bridge
User
User Credentials
Credential
Accredited Accredited
Issuer Issuer
Technical (Insourced) (Outsourced)
interoperability
via a Bridge CA
Bridge CA
8
9. Federation Introduces Additional Legal Variables
Federation and third party bridges, however, don’t solve all trust issues…
Federating A contract
Entity may not exist
+ +
between all
parties or
may not
SP/IdP IdP + SP
address
identity
federation
Users Users
issues
Users
User
User Credentials
Credential
Accredited Accredited
Issuer Issuer
(Insourced) (Outsourced)
Bridge CA
9
9
10. Why 3PA? Not just legal reasons
Operational Risk – Federation has significant security advantages
but creates points of “blind trust” for the relying party
– For each IdP, the Federation Operator adjudicates the auditors
opinion and report
– The Federation Operator certifies IdPs against the COR
– The Federation Operator helps to uniformly govern the
community COR standard
Introducing a Federation Operator who provides Third
Party Assurance of the IdP mitigates this operational risk
10
11. Bilateral Agreements Alone are Not Enough
Legal Risk – The existing bilateral agreement between the SP and IdP does little to
enforce the COR even when specific clauses are added
Hypothetically, a SP becomes aware that the IdP is not following part of the COR but has
not yet suffered damage
– Without damage the SP is not likely to have contractual rights to claim breach of
contract. I.e., this contract’s protection is only reactionary
Plus
– The SP is not in a position to likely be aware of a COR breach
– At best, specific injunctive relief might be available in an egregious case of IdP
neglect
The SP obligating the IdP to the COR in their bilateral
contract should be thought of as a backstop protection
11
12. Legal Advantages of 3PA
Legal Risk Mitigation
1. The IdP signs an agreement with the FO specifically to bind the IdP to the COR
– This contract with the FO will unequivocally be in breach if the IdP is not
adhering to the COR
– This contract contains an indemnification of all SPs the IdP asserts identities to
2. The SP and IdP execute their business oriented bilateral agreement but include
– An obligation on the IdP to remain certified in good standing with the FO for the
duration of their bilateral agreement.
• The IdP is now “doubly bound” to the COR and there in no need for the SP to reference the
COR in this business contract
• Should the FO revoke the IdPs certification for failure to adhere to the COR, the relying party
now has a material breach of this bilateral contract
– Any obligations the IdP wishes to place on the SP (data privacy, protection, etc.)
3. There is no general reason for a contract between the SP and the FO
12
13. The 3PA Model – Summary Points
Utilizes existing bilateral agreements between
IdP and SP – only one clause is added to
support Federation
– Number of contracts is a good metric to
judge a model but doesn’t take into account
En
st
ab
Tru how complicated or how “new” the
le
les
s
contracting material is
Tr
ab
us
En
t
Requires a new contract between the FO and
the IdP … but, this only happens once per IdP/
FO pair
Creates a quasi-multilateral effect to the benefit
of the SP (recall how hard multilateral contracts
are to execute)
– Specifically created through third party
beneficiary rights defined in the IdP/FO
contract.
The COR defines most of the obligations on the
IdP
– The FO/IdP contract becomes boilerplate
and scales to large numbers of IdPs as
necessary
13
14. Variations on the Theme
SP FO SP/IdPB FO
IdP IdPA
V Model Triangle Model
SP SP FO
FO
IdP
AP IdP
i Model U Model
14
15. Summary
The 3PA model incorporates the best features of other
federation legal models
All stakeholders can have certainty as to the rights and
obligations of all of the entities involved in that
federation
A COR that is incorporated by reference in the contract
between the FO and each IdP provides clarity
15
15