SlideShare una empresa de Scribd logo

Higgins ESE

Markus Sabadello
Markus Sabadello
TecnologíaEducación
1 de 46
Descargar para leer sin conexión
ESE 2008: Higgins Markus Sabadello msabadello@parityinc.net 1: A species of Tasmanian long-tailed mouse 2: An open source identity framework being developed at the Eclipse Foundation
Higgins Identity Framework INTRODUCTION Copyright © 2008 Parity. Made available under EPL 1.0 2
Higgins Identity Framework Tries to 1) model and 2) create technologies for personal Identity on the Internet. Invents little, but implements existing standards. Copyright © 2008 Parity. Made available under EPL 1.0 3
Identity on the Internet Username, Password, Attributes… • Book club • eCommerce (e.g. Amazon, eBay) • Family • Social Networking (e.g. LinkedIn) •Banks • Professional networks •Mutual Funds • Dating networks •eGovernment • Healthcare System • Corporate Directories • Second Life • Croquet • WOW • SharePoint You 4
Each Identity in its own “silo” Username, Password, Attributes… • eCommerce (e.g. Amazon, eBay) • Book club • Social Networking (e.g. LinkedIn) • Family •Banks •Mutual Funds • Professional networks • eGovernment • Dating networks • Healthcare System • Corporate Directories • Second Life You • Croquet • WOW • SharePoint 5
Solutions • « Venn » of Identity: – OpenID – SAML – Information Cards • Goals: – Make life easier – …and more secure Copyright © 2008 Parity. Made available under EPL 1.0 6
End-users experience Higgins through the UI metaphor of Information Cards using an app called an Identity Selector Information Cards and selectors are just tip of the iceberg of what can be done with Higgins, but it’s a place to start… Copyright © 2008 Parity. Made available under EPL 1.0 7
Today you go from site to site filling in forms and passwords Websites… Type, type, type. Click, click. Here a password, there a password. Everywhere a password. Here a form, there a form, ... Copyright © 2008 Parity. Made available under EPL 1.0 8
Information Cards Put You in Control Each card is a slice of the digital you (or a friend of yours) held in some data silo. Any kind of information: your preferences, favorite songs, employee id numbers, This wallet-like thing is drivers licenses, affiliations, an app called an your health plan id, ...you Identity Selector get the idea, can be accessed using a card. Copyright © 2008 Parity. Made available under EPL 1.0 9
Identity Selector “Wallet” Click on a card to send it to a site Click Higgins is interoperable with Microsoft CardSpace™ shown here Copyright © 2008 Parity. Made available under EPL 1.0 10
i-cards Managed What someone (bank, government, etc.) says about you. Personal (aka self-issued) What you say about yourself. Relationship (under development) What you and Best Buy say about you right now. 11
Higgins Identity Framework DATA MODEL Copyright © 2008 Parity. Made available under EPL 1.0 12
Context Data Model (CDM) • Data sources are called Contexts – E.g. enterprise directories, social networks, RDF repositories • Contexts contain objects called Entities – Entities represent people, organizations, etc. • Entities have Attributes; Attributes have values • The core semantics of the model are based on RDF & OWL Copyright © 2008 Parity. Made available under EPL 1.0 13
Universal Data Identifiers (UDI) • Globally linked data – Higgins uses UDIs to point to Contexts, Entities and Attributes – UDIs may be globally resolved into a global object graph, others may be local • Different forms – URIs: http://dbpedia.org/resource/Berlin – XRIs: @parity*contexts/(+ldap) – Others Copyright © 2008 Parity. Made available under EPL 1.0 14
Universal Data Identifiers (UDI) Copyright © 2008 Parity. Made available under EPL 1.0 15
Higgins ARCHITECTURE Copyright © 2008 Parity. Made available under EPL 1.0 16
Architecture Identity Attribute Service Client Apps, Web Services, Web apps Identity Identity Selectors Identity Identity Identity Relying Selectors Providers Selectors Providers Parties Identity Services Identity Attribute Service Copyright © 2008 Parity. Made available under EPL 1.0 17
Extensible Identity Attribute Service IContext, IEntity, Identity Attribute Service (IdAS) IAttribute AuthnMaterials Plug-ins Google LDAP XML File RDF MySpace Contacts Key: IdAS Context Providers-Plugins Higgins 1.0 Connect to existing data sources Beyond Higgins 1.0 Copyright © 2008 Parity. Made available under EPL 1.0 18
Identity Attribute Service • The Context Data Model is implemented by the Identity Attribute Service • Abstraction Layer • IdAS API is implemented by Context Providers • Typical Usage: 1. Resolve a UDI to a Context 2. Open the Context with AuthnMaterials 3. Look up an Entity 4. Read/Write Attribute Values Copyright © 2008 Parity. Made available under EPL 1.0 19
Identity Attribute Service • Contexts, Entities, Attributes • Authentication Materials • Transactions • Filters • Access Control Copyright © 2008 Parity. Made available under EPL 1.0 20
Architecture Interoperability Points Client Apps, Web Services, Web apps Identity Identity Selectors Identity Identity Identity Relying Selectors Providers Selectors Providers Parties Identity Services Identity Attribute Service Copyright © 2008 Parity. Made available under EPL 1.0 21
Identity Selectors Cards and Tokens Flow Cards are generated and Tokens containing claim data downloaded from here. is requested and received here A local Token Service issues tokens as requested by Selector. Identity Selector Relying Party Website or App Browser Extension & Client App Identity Provider Cards are stored and selected here
Identity Selectors Cards and Tokens Flow Some Higgins Identity Selectors rely on a hosted I-Card Service component Identity Selector Relying Party Browser Extension & Client App Identity Provider
Higgins Identity Selectors Client Apps, Web Services, Web apps Identity Identity Selectors Identity Identity Identity Relying Selectors Providers Selectors Providers Parties Identity Services Identity Attribute Service Copyright © 2008 Parity. Made available under EPL 1.0 24
Identity Selectors • Firefox-embedded Selector (Javascript) • GTK / Cocoa Selector (C++) • Eclipse RCP Selector (Java) • Adobe AIR Selector • iPhone Selector Copyright © 2008 Parity. Made available under EPL 1.0 25
Adobe AIR Selector Copyright © 2008 Parity. Made available under EPL 1.0 26
iPhone Selector Copyright © 2008 Parity. Made available under EPL 1.0 27
iPhone Selector Copyright © 2008 Parity. Made available under EPL 1.0 28
Architecture Identity Providers Client Apps, Web Services, Web apps Identity Identity Selectors Identity Identity Identity Relying Selectors Providers Selectors Providers Parties Identity Services Identity Attribute Service Copyright © 2008 Parity. Made available under EPL 1.0 29
Architecture Relying Party Website Client Apps, Web Services, Web apps Identity Identity Selectors Identity Identity Identity Relying Selectors Providers Selectors Providers Parties Identity Services Identity Attribute Service Copyright © 2008 Parity. Made available under EPL 1.0 30
Higgins Identity Framework ADVANCED COMPONENTS Copyright © 2008 Parity. Made available under EPL 1.0 31
Relationship Cards Relationship Card What you and Best Buy say about you Copyright © 2008 Parity. Made available under EPL 1.0 32
Relationship Cards Human Friendly Data References Data object (called an Entity) • Card holds a UDI reference: – A Context that identifies a data source, and – An Entity within the context Copyright © 2008 Parity. Made available under EPL 1.0 33
Relationship Cards Data Location and Authority • Best Buy issued card • Entity is stored in Best Buy’s data center • Best Buy is authoritative over some attributes • You are authoritative over some attributes (e.g. street address) Copyright © 2008 Parity. Made available under EPL 1.0 34
Relationship Cards Data Model • The Entity is described by the Higgins Context Data Model • Can be accessed using the Identity Attribute Service Copyright © 2008 Parity. Made available under EPL 1.0 35
Other New Card Types • Username/Password Card – To log in to traditional un/pw sites • SAML Card (aka S-card) [maybe] – Uses SAML protocol to retrieve token • Idemix card (aka Z-card) [maybe] – Support for a new privacy-enhancing token type based on zero-knowledge proofs – Improved support for selective disclosure Copyright © 2008 Parity. Made available under EPL 1.0 36
Identity Attribute Service XDI Protocol Support • XDI Engine provides a new binding for the IdAS Service – Allows any/all attribute data managed by IdAS to be exposed as an XDI data service • XDI Context Provider – Allows IdAS to read/write XDI-native data sources Copyright © 2008 Parity. Made available under EPL 1.0 37
Higgins Identity Framework ORIGINAL PROJECT GOALS Copyright © 2008 Parity. Made available under EPL 1.0 38
Goals: 1 of 5 • Provide a consistent user experience based on card icons for the management and release of identity data • This is needed in order to have a trusted mechanism for authentication and other interactions that is less vulnerable to phishing and other attacks and that works for a wide variety of users and systems • See Higgins 1.0 Identity Selector Copyright © 2008 Parity. Made available under EPL 1.0 39
Goals: 2 of 5 • Empower users with more convenience and control over personal information distributed across external information silos • Provide a single point of control over multiple identities, preferences and relationships • See Higgins 1.0 Identity Selector Copyright © 2008 Parity. Made available under EPL 1.0 40
Goals: 3 of 5 • Provide an API and data model for the virtual integration and federation of identity and security information from a wide variety of sources • See Higgins 1.0 Framework Copyright © 2008 Parity. Made available under EPL 1.0 41
Goals: 4 of 5 • Provide plug-in adapters to enable existing data sources including directories, communications systems, collaboration systems and databases each using differing protocols and schemas to be integrated into the framework • See Higgins 1.0 Identity Attribute Service and Context Providers (plugins) Copyright © 2008 Parity. Made available under EPL 1.0 42
Goals: 5 of 5 • Provide a social relationship data integration framework that enables these relationships to be persistent and reusable across application boundaries • It organizes relationships into a set of distinct social contexts within which a person expresses different personas and roles • See Higgins 1.0 Context Data Model (CDM) Copyright © 2008 Parity. Made available under EPL 1.0 43
Higgins Identity Framework GET INVOLVED Copyright © 2008 Parity. Made available under EPL 1.0 44
How to get involved • Website: http://eclipse.org/higgins • Mailing List: http://dev.eclipse.org/mailman/listinfo/hi ggins-dev • IRC Channel: #higgins at Freenode • Interop Events: RSA, OSIS • Me: msabadello@parityinc.net Copyright © 2008 Parity. Made available under EPL 1.0 45
Higgins Identity Framework THANK YOU… Copyright © 2008 Parity. Made available under EPL 1.0 46

Recomendados

Sabett: ESRA Identity Management 11-09-10
Sabett: ESRA Identity Management 11-09-10Sabett: ESRA Identity Management 11-09-10
Sabett: ESRA Identity Management 11-09-10Electronic Signature & Records Association
 
Hope x talk
Hope x talkHope x talk
Hope x talkKaliya "Identity Woman" Young
 
History of Identity in Computers
History of Identity in ComputersHistory of Identity in Computers
History of Identity in ComputersKaliya "Identity Woman" Young
 
My Identiverse: The Evolution of Digital Identity and Openness
My Identiverse: The Evolution of Digital Identity and OpennessMy Identiverse: The Evolution of Digital Identity and Openness
My Identiverse: The Evolution of Digital Identity and OpennessKaliya "Identity Woman" Young
 
Web annika branstrom global forum nov2012long
Web annika branstrom global forum nov2012longWeb annika branstrom global forum nov2012long
Web annika branstrom global forum nov2012longGlobalForum
 
OSC2012: Identity Analytics: Exploiting Digital Breadcrumbs
OSC2012: Identity Analytics: Exploiting Digital BreadcrumbsOSC2012: Identity Analytics: Exploiting Digital Breadcrumbs
OSC2012: Identity Analytics: Exploiting Digital BreadcrumbsAccenture the Netherlands
 
Cybersecurity1
Cybersecurity1Cybersecurity1
Cybersecurity1Lisa Martinez
 
ASolutionforWomensLawWorkgroup
ASolutionforWomensLawWorkgroupASolutionforWomensLawWorkgroup
ASolutionforWomensLawWorkgroupLisa Martinez
 

Recomendados

Sabett: ESRA Identity Management 11-09-10
Sabett: ESRA Identity Management 11-09-10Sabett: ESRA Identity Management 11-09-10
Sabett: ESRA Identity Management 11-09-10Electronic Signature & Records Association
 
Hope x talk
Hope x talkHope x talk
Hope x talkKaliya "Identity Woman" Young
 
History of Identity in Computers
History of Identity in ComputersHistory of Identity in Computers
History of Identity in ComputersKaliya "Identity Woman" Young
 
My Identiverse: The Evolution of Digital Identity and Openness
My Identiverse: The Evolution of Digital Identity and OpennessMy Identiverse: The Evolution of Digital Identity and Openness
My Identiverse: The Evolution of Digital Identity and OpennessKaliya "Identity Woman" Young
 
Web annika branstrom global forum nov2012long
Web annika branstrom global forum nov2012longWeb annika branstrom global forum nov2012long
Web annika branstrom global forum nov2012longGlobalForum
 
OSC2012: Identity Analytics: Exploiting Digital Breadcrumbs
OSC2012: Identity Analytics: Exploiting Digital BreadcrumbsOSC2012: Identity Analytics: Exploiting Digital Breadcrumbs
OSC2012: Identity Analytics: Exploiting Digital BreadcrumbsAccenture the Netherlands
 
Cybersecurity1
Cybersecurity1Cybersecurity1
Cybersecurity1Lisa Martinez
 
ASolutionforWomensLawWorkgroup
ASolutionforWomensLawWorkgroupASolutionforWomensLawWorkgroup
ASolutionforWomensLawWorkgroupLisa Martinez
 
March flottant en hollande
March flottant en hollandeMarch flottant en hollande
March flottant en hollandefilipj2000
 
Bi Zk Ai A To Ur
Bi Zk Ai A To UrBi Zk Ai A To Ur
Bi Zk Ai A To Urainhoaguridi
 
Voyage en asie
Voyage en asieVoyage en asie
Voyage en asiefilipj2000
 
hola que tal
hola que talhola que tal
hola que talguestb4a40
 
Gettingstartedwithdigitalcollectionsweb[1]
Gettingstartedwithdigitalcollectionsweb[1]Gettingstartedwithdigitalcollectionsweb[1]
Gettingstartedwithdigitalcollectionsweb[1]guest410707c
 
Mystery Family Tree Ppt 2003
Mystery Family Tree Ppt 2003Mystery Family Tree Ppt 2003
Mystery Family Tree Ppt 2003guest157b93
 
Festival cannes - photosantiques
Festival cannes - photosantiquesFestival cannes - photosantiques
Festival cannes - photosantiquesfilipj2000
 
E_et_a
E_et_a E_et_a
E_et_afilipj2000
 
Animacao
AnimacaoAnimacao
AnimacaoInesSantos14
 
Higgins Overview 2008 [Compatibility Mode]
Higgins Overview 2008 [Compatibility Mode]Higgins Overview 2008 [Compatibility Mode]
Higgins Overview 2008 [Compatibility Mode]Markus Sabadello
 
Vision of the future: Organization 2.0
Vision of the future: Organization 2.0Vision of the future: Organization 2.0
Vision of the future: Organization 2.0Teemu Arina
 
Future of IT
Future of ITFuture of IT
Future of ITMatt Deacon
 
Protecting Online Identities
Protecting Online IdentitiesProtecting Online Identities
Protecting Online Identitiesgoodfriday
 
Protecting Online Identities
Protecting Online IdentitiesProtecting Online Identities
Protecting Online Identitiesgoodfriday
 
Tague Semtech Keynote 2009
Tague Semtech Keynote 2009Tague Semtech Keynote 2009
Tague Semtech Keynote 2009Krista Thomas
 
Value And Pricing Strategies For Mobile Operators
Value And Pricing Strategies For Mobile OperatorsValue And Pricing Strategies For Mobile Operators
Value And Pricing Strategies For Mobile OperatorsLoïc Le Corre
 
Protecting Online Identities - MIX09
Protecting Online Identities - MIX09Protecting Online Identities - MIX09
Protecting Online Identities - MIX09Jorgen Thelin
 
SmartCard Forum 2008 - Securing digital identity
SmartCard Forum 2008 - Securing digital identitySmartCard Forum 2008 - Securing digital identity
SmartCard Forum 2008 - Securing digital identityOKsystem
 
Building Killer Communities And Taking Confluence Social
Building Killer Communities And Taking Confluence SocialBuilding Killer Communities And Taking Confluence Social
Building Killer Communities And Taking Confluence SocialAtlassian
 
Toward an Identity Metasystem
Toward an Identity MetasystemToward an Identity Metasystem
Toward an Identity Metasystemdigitallibrary
 
How to build vibrant communities
How to build vibrant communitiesHow to build vibrant communities
How to build vibrant communitiesPeter H. Reiser
 
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...TrustBearer
 

Más contenido relacionado

Destacado

March flottant en hollande
March flottant en hollandeMarch flottant en hollande
March flottant en hollandefilipj2000
 
Voyage en asie
Voyage en asieVoyage en asie
Voyage en asiefilipj2000
 
Gettingstartedwithdigitalcollectionsweb[1]
Gettingstartedwithdigitalcollectionsweb[1]Gettingstartedwithdigitalcollectionsweb[1]
Gettingstartedwithdigitalcollectionsweb[1]guest410707c
 
Mystery Family Tree Ppt 2003
Mystery Family Tree Ppt 2003Mystery Family Tree Ppt 2003
Mystery Family Tree Ppt 2003guest157b93
 
Festival cannes - photosantiques
Festival cannes - photosantiquesFestival cannes - photosantiques
Festival cannes - photosantiquesfilipj2000
 

Destacado (9)

March flottant en hollande
March flottant en hollandeMarch flottant en hollande
March flottant en hollande
 
Bi Zk Ai A To Ur
Bi Zk Ai A To UrBi Zk Ai A To Ur
Bi Zk Ai A To Ur
 
Voyage en asie
Voyage en asieVoyage en asie
Voyage en asie
 
hola que tal
hola que talhola que tal
hola que tal
 
Gettingstartedwithdigitalcollectionsweb[1]
Gettingstartedwithdigitalcollectionsweb[1]Gettingstartedwithdigitalcollectionsweb[1]
Gettingstartedwithdigitalcollectionsweb[1]
 
Mystery Family Tree Ppt 2003
Mystery Family Tree Ppt 2003Mystery Family Tree Ppt 2003
Mystery Family Tree Ppt 2003
 
Festival cannes - photosantiques
Festival cannes - photosantiquesFestival cannes - photosantiques
Festival cannes - photosantiques
 
E_et_a
E_et_a E_et_a
E_et_a
 
Animacao
AnimacaoAnimacao
Animacao
 

Similar a Higgins ESE

Higgins Overview 2008 [Compatibility Mode]
Higgins Overview 2008 [Compatibility Mode]Higgins Overview 2008 [Compatibility Mode]
Higgins Overview 2008 [Compatibility Mode]Markus Sabadello
 
Vision of the future: Organization 2.0
Vision of the future: Organization 2.0Vision of the future: Organization 2.0
Vision of the future: Organization 2.0Teemu Arina
 
Protecting Online Identities
Protecting Online IdentitiesProtecting Online Identities
Protecting Online Identitiesgoodfriday
 
Protecting Online Identities
Protecting Online IdentitiesProtecting Online Identities
Protecting Online Identitiesgoodfriday
 
Tague Semtech Keynote 2009
Tague Semtech Keynote 2009Tague Semtech Keynote 2009
Tague Semtech Keynote 2009Krista Thomas
 
Value And Pricing Strategies For Mobile Operators
Value And Pricing Strategies For Mobile OperatorsValue And Pricing Strategies For Mobile Operators
Value And Pricing Strategies For Mobile OperatorsLoïc Le Corre
 
Protecting Online Identities - MIX09
Protecting Online Identities - MIX09Protecting Online Identities - MIX09
Protecting Online Identities - MIX09Jorgen Thelin
 
SmartCard Forum 2008 - Securing digital identity
SmartCard Forum 2008 - Securing digital identitySmartCard Forum 2008 - Securing digital identity
SmartCard Forum 2008 - Securing digital identityOKsystem
 
Building Killer Communities And Taking Confluence Social
Building Killer Communities And Taking Confluence SocialBuilding Killer Communities And Taking Confluence Social
Building Killer Communities And Taking Confluence SocialAtlassian
 
Toward an Identity Metasystem
Toward an Identity MetasystemToward an Identity Metasystem
Toward an Identity Metasystemdigitallibrary
 
How to build vibrant communities
How to build vibrant communitiesHow to build vibrant communities
How to build vibrant communitiesPeter H. Reiser
 
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...TrustBearer
 
Developing a corporate intelligence strategy from online sources
Developing a corporate intelligence strategy from online sourcesDeveloping a corporate intelligence strategy from online sources
Developing a corporate intelligence strategy from online sourcesEnterprise Security Risk Management
 
Big data bring big value to the Social CRM
Big data bring big value to the Social CRMBig data bring big value to the Social CRM
Big data bring big value to the Social CRMAndrea Incalza
 
Big Data bring big value to Social CRM – Andrea Incalza
Big Data bring big value to Social CRM – Andrea IncalzaBig Data bring big value to Social CRM – Andrea Incalza
Big Data bring big value to Social CRM – Andrea IncalzaOpenKnowledge srl
 
2007 KMWorld Presentation on Augmented Social Cognition Research at PARC
2007 KMWorld Presentation on Augmented Social Cognition Research at PARC2007 KMWorld Presentation on Augmented Social Cognition Research at PARC
2007 KMWorld Presentation on Augmented Social Cognition Research at PARCEd Chi
 
The Best Analytics Tools
The Best Analytics ToolsThe Best Analytics Tools
The Best Analytics ToolsDatalicious
 
Jim Hamill Web 20 Intro Overview Jh
Jim Hamill Web 20 Intro Overview JhJim Hamill Web 20 Intro Overview Jh
Jim Hamill Web 20 Intro Overview JhPete Martin
 
Beyond the Internet: Seamless Global Communication
Beyond the Internet: Seamless Global CommunicationBeyond the Internet: Seamless Global Communication
Beyond the Internet: Seamless Global CommunicationJerry Fishenden
 

Similar a Higgins ESE (20)

Higgins Overview 2008 [Compatibility Mode]
Higgins Overview 2008 [Compatibility Mode]Higgins Overview 2008 [Compatibility Mode]
Higgins Overview 2008 [Compatibility Mode]
 
Vision of the future: Organization 2.0
Vision of the future: Organization 2.0Vision of the future: Organization 2.0
Vision of the future: Organization 2.0
 
Future of IT
Future of ITFuture of IT
Future of IT
 
Protecting Online Identities
Protecting Online IdentitiesProtecting Online Identities
Protecting Online Identities
 
Protecting Online Identities
Protecting Online IdentitiesProtecting Online Identities
Protecting Online Identities
 
Tague Semtech Keynote 2009
Tague Semtech Keynote 2009Tague Semtech Keynote 2009
Tague Semtech Keynote 2009
 
Value And Pricing Strategies For Mobile Operators
Value And Pricing Strategies For Mobile OperatorsValue And Pricing Strategies For Mobile Operators
Value And Pricing Strategies For Mobile Operators
 
Protecting Online Identities - MIX09
Protecting Online Identities - MIX09Protecting Online Identities - MIX09
Protecting Online Identities - MIX09
 
SmartCard Forum 2008 - Securing digital identity
SmartCard Forum 2008 - Securing digital identitySmartCard Forum 2008 - Securing digital identity
SmartCard Forum 2008 - Securing digital identity
 
Building Killer Communities And Taking Confluence Social
Building Killer Communities And Taking Confluence SocialBuilding Killer Communities And Taking Confluence Social
Building Killer Communities And Taking Confluence Social
 
Toward an Identity Metasystem
Toward an Identity MetasystemToward an Identity Metasystem
Toward an Identity Metasystem
 
How to build vibrant communities
How to build vibrant communitiesHow to build vibrant communities
How to build vibrant communities
 
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...
 
Developing a corporate intelligence strategy from online sources
Developing a corporate intelligence strategy from online sourcesDeveloping a corporate intelligence strategy from online sources
Developing a corporate intelligence strategy from online sources
 
Big data bring big value to the Social CRM
Big data bring big value to the Social CRMBig data bring big value to the Social CRM
Big data bring big value to the Social CRM
 
Big Data bring big value to Social CRM – Andrea Incalza
Big Data bring big value to Social CRM – Andrea IncalzaBig Data bring big value to Social CRM – Andrea Incalza
Big Data bring big value to Social CRM – Andrea Incalza
 
2007 KMWorld Presentation on Augmented Social Cognition Research at PARC
2007 KMWorld Presentation on Augmented Social Cognition Research at PARC2007 KMWorld Presentation on Augmented Social Cognition Research at PARC
2007 KMWorld Presentation on Augmented Social Cognition Research at PARC
 
The Best Analytics Tools
The Best Analytics ToolsThe Best Analytics Tools
The Best Analytics Tools
 
Jim Hamill Web 20 Intro Overview Jh
Jim Hamill Web 20 Intro Overview JhJim Hamill Web 20 Intro Overview Jh
Jim Hamill Web 20 Intro Overview Jh
 
Beyond the Internet: Seamless Global Communication
Beyond the Internet: Seamless Global CommunicationBeyond the Internet: Seamless Global Communication
Beyond the Internet: Seamless Global Communication
 

Más de Markus Sabadello

Technologies for Self-Sovereign Identity
Technologies for Self-Sovereign IdentityTechnologies for Self-Sovereign Identity
Technologies for Self-Sovereign IdentityMarkus Sabadello
 
Masterclass on the DID Universal Resolver
Masterclass on the DID Universal ResolverMasterclass on the DID Universal Resolver
Masterclass on the DID Universal ResolverMarkus Sabadello
 

Más de Markus Sabadello (8)

Technologies for Self-Sovereign Identity
Technologies for Self-Sovereign IdentityTechnologies for Self-Sovereign Identity
Technologies for Self-Sovereign Identity
 
Decentralized Identifiers
Decentralized IdentifiersDecentralized Identifiers
Decentralized Identifiers
 
Masterclass on the DID Universal Resolver
Masterclass on the DID Universal ResolverMasterclass on the DID Universal Resolver
Masterclass on the DID Universal Resolver
 
FreedomBox
FreedomBoxFreedomBox
FreedomBox
 
Higgins
HigginsHiggins
Higgins
 
Higgins
HigginsHiggins
Higgins
 
Higgins
HigginsHiggins
Higgins
 
Higgins
HigginsHiggins
Higgins
 

Último

The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 

Último (20)

The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 

Higgins ESE

  • 1. ESE 2008: Higgins Markus Sabadello msabadello@parityinc.net 1: A species of Tasmanian long-tailed mouse 2: An open source identity framework being developed at the Eclipse Foundation
  • 2. Higgins Identity Framework INTRODUCTION Copyright © 2008 Parity. Made available under EPL 1.0 2
  • 3. Higgins Identity Framework Tries to 1) model and 2) create technologies for personal Identity on the Internet. Invents little, but implements existing standards. Copyright © 2008 Parity. Made available under EPL 1.0 3
  • 4. Identity on the Internet Username, Password, Attributes… • Book club • eCommerce (e.g. Amazon, eBay) • Family • Social Networking (e.g. LinkedIn) •Banks • Professional networks •Mutual Funds • Dating networks •eGovernment • Healthcare System • Corporate Directories • Second Life • Croquet • WOW • SharePoint You 4
  • 5. Each Identity in its own “silo” Username, Password, Attributes… • eCommerce (e.g. Amazon, eBay) • Book club • Social Networking (e.g. LinkedIn) • Family •Banks •Mutual Funds • Professional networks • eGovernment • Dating networks • Healthcare System • Corporate Directories • Second Life You • Croquet • WOW • SharePoint 5
  • 6. Solutions • « Venn » of Identity: – OpenID – SAML – Information Cards • Goals: – Make life easier – …and more secure Copyright © 2008 Parity. Made available under EPL 1.0 6
  • 7. End-users experience Higgins through the UI metaphor of Information Cards using an app called an Identity Selector Information Cards and selectors are just tip of the iceberg of what can be done with Higgins, but it’s a place to start… Copyright © 2008 Parity. Made available under EPL 1.0 7
  • 8. Today you go from site to site filling in forms and passwords Websites… Type, type, type. Click, click. Here a password, there a password. Everywhere a password. Here a form, there a form, ... Copyright © 2008 Parity. Made available under EPL 1.0 8
  • 9. Information Cards Put You in Control Each card is a slice of the digital you (or a friend of yours) held in some data silo. Any kind of information: your preferences, favorite songs, employee id numbers, This wallet-like thing is drivers licenses, affiliations, an app called an your health plan id, ...you Identity Selector get the idea, can be accessed using a card. Copyright © 2008 Parity. Made available under EPL 1.0 9
  • 10. Identity Selector “Wallet” Click on a card to send it to a site Click Higgins is interoperable with Microsoft CardSpace™ shown here Copyright © 2008 Parity. Made available under EPL 1.0 10
  • 11. i-cards Managed What someone (bank, government, etc.) says about you. Personal (aka self-issued) What you say about yourself. Relationship (under development) What you and Best Buy say about you right now. 11
  • 12. Higgins Identity Framework DATA MODEL Copyright © 2008 Parity. Made available under EPL 1.0 12
  • 13. Context Data Model (CDM) • Data sources are called Contexts – E.g. enterprise directories, social networks, RDF repositories • Contexts contain objects called Entities – Entities represent people, organizations, etc. • Entities have Attributes; Attributes have values • The core semantics of the model are based on RDF & OWL Copyright © 2008 Parity. Made available under EPL 1.0 13
  • 14. Universal Data Identifiers (UDI) • Globally linked data – Higgins uses UDIs to point to Contexts, Entities and Attributes – UDIs may be globally resolved into a global object graph, others may be local • Different forms – URIs: http://dbpedia.org/resource/Berlin – XRIs: @parity*contexts/(+ldap) – Others Copyright © 2008 Parity. Made available under EPL 1.0 14
  • 15. Universal Data Identifiers (UDI) Copyright © 2008 Parity. Made available under EPL 1.0 15
  • 16. Higgins ARCHITECTURE Copyright © 2008 Parity. Made available under EPL 1.0 16
  • 17. Architecture Identity Attribute Service Client Apps, Web Services, Web apps Identity Identity Selectors Identity Identity Identity Relying Selectors Providers Selectors Providers Parties Identity Services Identity Attribute Service Copyright © 2008 Parity. Made available under EPL 1.0 17
  • 18. Extensible Identity Attribute Service IContext, IEntity, Identity Attribute Service (IdAS) IAttribute AuthnMaterials Plug-ins Google LDAP XML File RDF MySpace Contacts Key: IdAS Context Providers-Plugins Higgins 1.0 Connect to existing data sources Beyond Higgins 1.0 Copyright © 2008 Parity. Made available under EPL 1.0 18
  • 19. Identity Attribute Service • The Context Data Model is implemented by the Identity Attribute Service • Abstraction Layer • IdAS API is implemented by Context Providers • Typical Usage: 1. Resolve a UDI to a Context 2. Open the Context with AuthnMaterials 3. Look up an Entity 4. Read/Write Attribute Values Copyright © 2008 Parity. Made available under EPL 1.0 19
  • 20. Identity Attribute Service • Contexts, Entities, Attributes • Authentication Materials • Transactions • Filters • Access Control Copyright © 2008 Parity. Made available under EPL 1.0 20
  • 21. Architecture Interoperability Points Client Apps, Web Services, Web apps Identity Identity Selectors Identity Identity Identity Relying Selectors Providers Selectors Providers Parties Identity Services Identity Attribute Service Copyright © 2008 Parity. Made available under EPL 1.0 21
  • 22. Identity Selectors Cards and Tokens Flow Cards are generated and Tokens containing claim data downloaded from here. is requested and received here A local Token Service issues tokens as requested by Selector. Identity Selector Relying Party Website or App Browser Extension & Client App Identity Provider Cards are stored and selected here
  • 23. Identity Selectors Cards and Tokens Flow Some Higgins Identity Selectors rely on a hosted I-Card Service component Identity Selector Relying Party Browser Extension & Client App Identity Provider
  • 24. Higgins Identity Selectors Client Apps, Web Services, Web apps Identity Identity Selectors Identity Identity Identity Relying Selectors Providers Selectors Providers Parties Identity Services Identity Attribute Service Copyright © 2008 Parity. Made available under EPL 1.0 24
  • 25. Identity Selectors • Firefox-embedded Selector (Javascript) • GTK / Cocoa Selector (C++) • Eclipse RCP Selector (Java) • Adobe AIR Selector • iPhone Selector Copyright © 2008 Parity. Made available under EPL 1.0 25
  • 26. Adobe AIR Selector Copyright © 2008 Parity. Made available under EPL 1.0 26
  • 27. iPhone Selector Copyright © 2008 Parity. Made available under EPL 1.0 27
  • 28. iPhone Selector Copyright © 2008 Parity. Made available under EPL 1.0 28
  • 29. Architecture Identity Providers Client Apps, Web Services, Web apps Identity Identity Selectors Identity Identity Identity Relying Selectors Providers Selectors Providers Parties Identity Services Identity Attribute Service Copyright © 2008 Parity. Made available under EPL 1.0 29
  • 30. Architecture Relying Party Website Client Apps, Web Services, Web apps Identity Identity Selectors Identity Identity Identity Relying Selectors Providers Selectors Providers Parties Identity Services Identity Attribute Service Copyright © 2008 Parity. Made available under EPL 1.0 30
  • 31. Higgins Identity Framework ADVANCED COMPONENTS Copyright © 2008 Parity. Made available under EPL 1.0 31
  • 32. Relationship Cards Relationship Card What you and Best Buy say about you Copyright © 2008 Parity. Made available under EPL 1.0 32
  • 33. Relationship Cards Human Friendly Data References Data object (called an Entity) • Card holds a UDI reference: – A Context that identifies a data source, and – An Entity within the context Copyright © 2008 Parity. Made available under EPL 1.0 33
  • 34. Relationship Cards Data Location and Authority • Best Buy issued card • Entity is stored in Best Buy’s data center • Best Buy is authoritative over some attributes • You are authoritative over some attributes (e.g. street address) Copyright © 2008 Parity. Made available under EPL 1.0 34
  • 35. Relationship Cards Data Model • The Entity is described by the Higgins Context Data Model • Can be accessed using the Identity Attribute Service Copyright © 2008 Parity. Made available under EPL 1.0 35
  • 36. Other New Card Types • Username/Password Card – To log in to traditional un/pw sites • SAML Card (aka S-card) [maybe] – Uses SAML protocol to retrieve token • Idemix card (aka Z-card) [maybe] – Support for a new privacy-enhancing token type based on zero-knowledge proofs – Improved support for selective disclosure Copyright © 2008 Parity. Made available under EPL 1.0 36
  • 37. Identity Attribute Service XDI Protocol Support • XDI Engine provides a new binding for the IdAS Service – Allows any/all attribute data managed by IdAS to be exposed as an XDI data service • XDI Context Provider – Allows IdAS to read/write XDI-native data sources Copyright © 2008 Parity. Made available under EPL 1.0 37
  • 38. Higgins Identity Framework ORIGINAL PROJECT GOALS Copyright © 2008 Parity. Made available under EPL 1.0 38
  • 39. Goals: 1 of 5 • Provide a consistent user experience based on card icons for the management and release of identity data • This is needed in order to have a trusted mechanism for authentication and other interactions that is less vulnerable to phishing and other attacks and that works for a wide variety of users and systems • See Higgins 1.0 Identity Selector Copyright © 2008 Parity. Made available under EPL 1.0 39
  • 40. Goals: 2 of 5 • Empower users with more convenience and control over personal information distributed across external information silos • Provide a single point of control over multiple identities, preferences and relationships • See Higgins 1.0 Identity Selector Copyright © 2008 Parity. Made available under EPL 1.0 40
  • 41. Goals: 3 of 5 • Provide an API and data model for the virtual integration and federation of identity and security information from a wide variety of sources • See Higgins 1.0 Framework Copyright © 2008 Parity. Made available under EPL 1.0 41
  • 42. Goals: 4 of 5 • Provide plug-in adapters to enable existing data sources including directories, communications systems, collaboration systems and databases each using differing protocols and schemas to be integrated into the framework • See Higgins 1.0 Identity Attribute Service and Context Providers (plugins) Copyright © 2008 Parity. Made available under EPL 1.0 42
  • 43. Goals: 5 of 5 • Provide a social relationship data integration framework that enables these relationships to be persistent and reusable across application boundaries • It organizes relationships into a set of distinct social contexts within which a person expresses different personas and roles • See Higgins 1.0 Context Data Model (CDM) Copyright © 2008 Parity. Made available under EPL 1.0 43
  • 44. Higgins Identity Framework GET INVOLVED Copyright © 2008 Parity. Made available under EPL 1.0 44
  • 45. How to get involved • Website: http://eclipse.org/higgins • Mailing List: http://dev.eclipse.org/mailman/listinfo/hi ggins-dev • IRC Channel: #higgins at Freenode • Interop Events: RSA, OSIS • Me: msabadello@parityinc.net Copyright © 2008 Parity. Made available under EPL 1.0 45
  • 46. Higgins Identity Framework THANK YOU… Copyright © 2008 Parity. Made available under EPL 1.0 46