SlideShare una empresa de Scribd logo

Higgins active clients and personal data stores v2

Descargar como PPTX, PDF
Paul Trevithick
Paul Trevithick
Tecnología
1 de 54
Higgins, Active Clients, & Personal Data Stores Paul Trevithick http://project-higgins.org September 2010 v2
“On the Internet, nobody knows you’re a dog” 2 Copyright (c) 2010 Paul Trevithick
Why is this? 3 Copyright (c) 2010 Paul Trevithick
Our user agents don’t know us Silo A Silo B Silo C Browser Browser Browser 4 Copyright (c) 2010 Paul Trevithick
Silo A Silo B Silo C Browser Browser Browser We all experience the result Type, type, type. Click, click, click. Endless form filling as we populate each silo with descriptions of ourselves 5 Copyright (c) 2010 Paul Trevithick
Implications Personal information is spread across all these silos No way to control my digital footprint Information about me (esp. my social graph) isn’t portable My personal data is no longer mine (from a rights POV) No way to move verified attributes from A to B Privacy concerns (e.g. tracking cookies, correlatable identifiers) 6 Copyright (c) 2010 Paul Trevithick
Missing: an agent of the user What goes here? Something that: Centralizes control (by me) over my data whereever it lives Supports my multiple identities and attribute authorities Moves data (preferences, affiliations, ids, healthcare records, etc.) between the silos and between people Allows me to control who has access to my data 7 Copyright (c) 2010 Paul Trevithick
Enter the active client Portability: profile & social networking attributes are made portable by Information Cards Any kind of information: your preferences, friends, favorite songs, employee id numbers, drivers licenses, affiliations, your health plan id, etc., can be on a card. Cards are managed in a local active client “wallet” (aka Selector) such as Microsoft CardSpace™, Higgins, Azigo™, etc. running on your desktop or mobile device and integrated with your browser 8 Copyright (c) 2010 Paul Trevithick
Information Cards and first generation active clients 2007: Microsoft CardSpace (built into Windows 7 & Vista) 2008: Higgins and OpenInfocard open source projects 2008: June: Information Card Foundation founded 2009: OASIS IMI Standard 9 Copyright (c) 2010 Paul Trevithick
Higgins history Began in 2003 in affiliation with Harvard’s Berkman Center Moved to the Eclipse Foundation in 2004 IBM, Novell, and others contributed developers during 2005-2008 Google and Oracle began contributing in 2007 Higgins 1.0 was released in 2008 Higgins code is part of commercial products from Novell, IBM, Google, Serena, Azigo, and others Higgins 1.1 (Adobe AIR & iPhone) Q4 2010 http://higgins-project.org 10 Copyright (c) 2010 Paul Trevithick
Higgins goals User-centered design Shift control to the user over their own digital identity Enhance privacy and security Provide a simple, consistent, card-based user experience Active client-based architecture Data integration Integrate user’s profiles & social networks across data silos and apps Develop a common data model Distributed cross-silo linking of data Extensible architecture based on frameworks & plugins Designed for interoperability Cross-protocol (Infocard, OpenID, SAML, un/pw…) Authentication-technology agnostic Cross-platform (Windows, Mac, Linux, Mobile…) Open source, community-based project Business model friendly EPL license 11 Copyright (c) 2010 Paul Trevithick
Timeline Information Card Foundation Launched June 2008 Higgins 1.1 Q4 2010 Higgins 1.0 Feb 2008 CardSpace™Jan 2007 2004 2005 2006 2007 2008 2009 2010 12 Copyright (c) 2010 Paul Trevithick
Multiple, partial identities Verified Claims Loyalty Payment eGov 13 Copyright (c) 2010 Paul Trevithick
Managed vs. personal Managed: What another says about you ,[object Object]
Address
Date of Birth
License numberPersonal: What you say about you ,[object Object]
Gender
Like to rock climb, fly fish, mountain bike, play piano
No kids
Profession: Medical doctor14 Copyright (c) 2010 Paul Trevithick
Card-based login UX Click 15 Copyright (c) 2010 Paul Trevithick
Card-based login benefits Per-site passwords are eliminated Anti-phishing protection Site declares what claims (attributes) it needs or desires User reviews and consents to all release Privacy enhancing minimal disclosure 16 Copyright (c) 2010 Paul Trevithick
Platform support for Infocard Windows Microsoft CardSpace™, Higgins AIR, OpenInfocard (Firefox) Mac Novell DigitalMe™, Higgins AIR, OpenInfocard (Firefox) iPhone Higgins Browsers Firefox: Higgins, OpenInfocard IE: CardSpace, Higgins Chrome: Higgins (1.1) Safari: Higgins (1.1) 17 Copyright (c) 2010 Paul Trevithick
Interoperability demo at RSA 2008 18 Copyright (c) 2010 Paul Trevithick
Interoperability demo at RSA 2008 19 Copyright (c) 2010 Paul Trevithick
Infocard actors P R Identity Provider (Card Issuer) Relying Party (Card Accepter) B Browser S Selector (Active Cient) User 20 Copyright (c) 2010 Paul Trevithick
Personal card data flow P R B S Personal Card 21 Copyright (c) 2010 Paul Trevithick
Managed card data flow P R points to security token service B S has Managed Card 22 Copyright (c) 2010 Paul Trevithick
Infocard: the good news Infocard IMI protocol is an OASIS specification First gen clients/selectors are available for multiple desktop and mobile platforms and for IE, Firefox, Safari and Chrome Major firms have stood up card issuing sites (Equifax, Acxiom, PayPal, etc.) Infocards adopted as part of the US eGov “ICAM” program Infocard and OpenID foundations worked together to found the OpenIdentityExhange.org and have been instrumental in putting forward the notion of Trust frameworks. Trust frameworks are a key part of the forthcoming US government NSTIC strategy 23 Copyright (c) 2010 Paul Trevithick
Infocard: a work in progress There remain great hopes for the emergence of medium-scale “lighthouse” relying party websites (e.g. agencies of the US Federal government) that will demonstrate the business value of infocards and drive understanding and adoption Information Card Foundation is structurally transforming itself to better support its mission in the next phase We’ve learned from our first generation products There’s room for improvement in the UX, the implementations, and working more collaboratively with other identity technologies These learnings are driving the next generation… 24 Copyright (c) 2010 Paul Trevithick
Higgins 2.0 and next gen Active Clients
Higgins 2.0 UX: A less “in your face” UI WRT privacy & security. Rely more on trust frameworks. Faster, smoother browser add-on UX for download and installation Brokered authentication: Reduce per-IdP (per-card) passwords/challenges Adopt a cross-protocol “better with” strategy Embrace and add value to OpenID, SAML, WebID?, userid-passwords? Track MozillaLabs work on Account Manager Harmonize UX with UX from OpenID, Facebook Connect, etc. (See Kantara ULX WG), and also with “cloud-based identity selection agents” New desktop architecture: browser add-on + OS service + “dashboard” UI iPhone and (hopefully) Android implementations Personal Data Store Blinded data store (using Nigori technology) Interoperability from Persona data model 2.0 Relationship cards: build continuous bi-directional connection App-cards: Javascript-bearing cards; active client as a platform 26 Copyright (c) 2010 Paul Trevithick
Interests Searches Purchases Passwords Addresses Payment cards Location Social graph Active client as “digital me” 27 Copyright (c) 2010 Paul Trevithick
Even tighter (and lower latency) integration with browsers & apps Browser or Appr Browser or App Browser Form fill Data capture Active Client 28 Copyright (c) 2010 Paul Trevithick
General purpose Personal Data Store sync & backup; not just a “card roaming” service Browser or App App Active Client Active Client PDS Blinded data 29 Copyright (c) 2010 Paul Trevithick
Rich Personal Data Store(s) 30 Copyright (c) 2010 Paul Trevithick
Persona Data Model 2.0 A vocabulary of attributes to describe a person Card metaphor Profiles (e.g. “what amazon knows about you”) Reusable personas/roles (e.g. “work”, “anonymous”) RDF/OWL based. Builds on existing vocabularies: FOAF vCARD geoLocation SKOS http://wiki.eclipse.org/Persona_Data_Model_2.0 31 Copyright (c) 2010 Paul Trevithick
PDS API XDI Read/write attributes using OASIS XDI messages RESTful-ish: GET, ADD, MOD, DEL messages tunneled within POST OAuth Authentication/Authorization ActivityStreams (end of 2010) Atom feed to indicate “data update” events PubSubHubBub (end of 2010) Allows client apps to proactively receive notification of “data update” events in the ActivityStream SPARQL/Update (Q2 2011) Proposed alternative to XDI 32 Copyright (c) 2010 Paul Trevithick
Relationship-cards What they are Attributes can be “by reference” instead of just “by value” Card conveys a “UDI” (Linked Data or XRI) URI reference UDIs assume dynamic discovery (XRDS or Linked Data 303) Benefits Continuous data feed is established (vs. static one shot) Read/Write (vs. read only, unidirectional) 33 Copyright (c) 2010 Paul Trevithick
Javascript bearing app-cards Cards link to a Javascript program Javascript can be injected into the browser to perform Supports client-side mashups, aka “web augmentation”, aka browser overlays Supports Kynetx.com KNS service 34 Copyright (c) 2010 Paul Trevithick
App-card admin UI mockup 35 Copyright (c) 2010 Paul Trevithick
Active client as platform Javascript from an app-card can be injected into browser can call Client API Browser Mobile or Desktop App Javascript from an app-cards can be injected into Dashboard can provide “admin UI” via PDS Cient API Dashboard (UI) Native call to Client API PDS Client API PDS Client Web apps can access PDS via XDI or SPARQL + ActivityStreams + PSHB PDS 36 Copyright (c) 2010 Paul Trevithick
PDS and active clients: related work User-centric identity (2005) Letting people control their own identities, identifiers. OpenID, Infocard, WebID, OAuth 2.0 Data Portability.org (2007) A “borderless experience” VRM (Vendor Relationship Management) (2008) Shifting more control to the customer Mozilla Labs: (2009) Identity in the browser: Weave; Account Manager Federated Social Networks (2010) Distributed Facebook (e.g. Diaspora & many others) David Siegel: Pull: “Personal Data Locker” (2010) World Economic Forum (2010): Personal Data Management Initiative 37 Copyright (c) 2010 Paul Trevithick
Appendix AHow managed cards work
Managed Card:Alice goes to site P R B S 39 Copyright (c) 2010 Paul Trevithick
Managed Card: Selector retrieves policy P R Required and Optional Claims B S 40 Copyright (c) 2010 Paul Trevithick
Managed Card: Display cards that match policy P R B S 41 Copyright (c) 2010 Paul Trevithick
B S Managed Card: Alice selects a card P R 42 Copyright (c) 2010 Paul Trevithick
Managed Card: Auth to IdP P R B S 43 Copyright (c) 2010 Paul Trevithick
Managed Card: Generate token P R B S 44 Copyright (c) 2010 Paul Trevithick
Managed Card: Browser sends token P R Set of Claims B S 45 Copyright (c) 2010 Paul Trevithick
Managed Card: Validate token P R B S 46 Copyright (c) 2010 Paul Trevithick
Managed Card: Alice accesses resource P R B S 47 Copyright (c) 2010 Paul Trevithick

Recomendados

OpenID Progress EEMA Conference
OpenID Progress EEMA ConferenceOpenID Progress EEMA Conference
OpenID Progress EEMA Conference
evidos
 
Streetcred: Improving the Developer Experience in SSI – Michael Boyd
Streetcred: Improving the Developer Experience in SSI – Michael BoydStreetcred: Improving the Developer Experience in SSI – Michael Boyd
Streetcred: Improving the Developer Experience in SSI – Michael Boyd
SSIMeetup
 
Domains of Identity and Self-Sovereign Identity India talk
Domains of Identity and Self-Sovereign Identity India talk Domains of Identity and Self-Sovereign Identity India talk
Domains of Identity and Self-Sovereign Identity India talk
Kaliya "Identity Woman" Young
 
Identity is Changing: The Rise of Self-Sovereign Identity Infrastructure usin...
Identity is Changing: The Rise of Self-Sovereign Identity Infrastructure usin...Identity is Changing: The Rise of Self-Sovereign Identity Infrastructure usin...
Identity is Changing: The Rise of Self-Sovereign Identity Infrastructure usin...
Kaliya "Identity Woman" Young
 
The Domains of Identity & Self-Sovereign Identity MyData 2018
The Domains of Identity & Self-Sovereign Identity MyData 2018The Domains of Identity & Self-Sovereign Identity MyData 2018
The Domains of Identity & Self-Sovereign Identity MyData 2018
Kaliya "Identity Woman" Young
 
RSA Europe: Future of Cloud Identity
RSA Europe: Future of Cloud IdentityRSA Europe: Future of Cloud Identity
RSA Europe: Future of Cloud Identity
Mike Schwartz
 
The DID Report 1: The First Official W3C DID Working Group Meeting (Japan)- D...
The DID Report 1: The First Official W3C DID Working Group Meeting (Japan)- D...The DID Report 1: The First Official W3C DID Working Group Meeting (Japan)- D...
The DID Report 1: The First Official W3C DID Working Group Meeting (Japan)- D...
SSIMeetup
 
Blockcerts: The Open Standard for Blockchain Credentials
Blockcerts: The Open Standard for Blockchain CredentialsBlockcerts: The Open Standard for Blockchain Credentials
Blockcerts: The Open Standard for Blockchain Credentials
SSIMeetup
 

Recomendados

OpenID Progress EEMA Conference
OpenID Progress EEMA ConferenceOpenID Progress EEMA Conference
OpenID Progress EEMA Conference
evidos
 
Streetcred: Improving the Developer Experience in SSI – Michael Boyd
Streetcred: Improving the Developer Experience in SSI – Michael BoydStreetcred: Improving the Developer Experience in SSI – Michael Boyd
Streetcred: Improving the Developer Experience in SSI – Michael Boyd
SSIMeetup
 
Domains of Identity and Self-Sovereign Identity India talk
Domains of Identity and Self-Sovereign Identity India talk Domains of Identity and Self-Sovereign Identity India talk
Domains of Identity and Self-Sovereign Identity India talk
Kaliya "Identity Woman" Young
 
Identity is Changing: The Rise of Self-Sovereign Identity Infrastructure usin...
Identity is Changing: The Rise of Self-Sovereign Identity Infrastructure usin...Identity is Changing: The Rise of Self-Sovereign Identity Infrastructure usin...
Identity is Changing: The Rise of Self-Sovereign Identity Infrastructure usin...
Kaliya "Identity Woman" Young
 
The Domains of Identity & Self-Sovereign Identity MyData 2018
The Domains of Identity & Self-Sovereign Identity MyData 2018The Domains of Identity & Self-Sovereign Identity MyData 2018
The Domains of Identity & Self-Sovereign Identity MyData 2018
Kaliya "Identity Woman" Young
 
RSA Europe: Future of Cloud Identity
RSA Europe: Future of Cloud IdentityRSA Europe: Future of Cloud Identity
RSA Europe: Future of Cloud Identity
Mike Schwartz
 
The DID Report 1: The First Official W3C DID Working Group Meeting (Japan)- D...
The DID Report 1: The First Official W3C DID Working Group Meeting (Japan)- D...The DID Report 1: The First Official W3C DID Working Group Meeting (Japan)- D...
The DID Report 1: The First Official W3C DID Working Group Meeting (Japan)- D...
SSIMeetup
 
Blockcerts: The Open Standard for Blockchain Credentials
Blockcerts: The Open Standard for Blockchain CredentialsBlockcerts: The Open Standard for Blockchain Credentials
Blockcerts: The Open Standard for Blockchain Credentials
SSIMeetup
 
Hope x talk
Hope x talkHope x talk
Hope x talk
Kaliya "Identity Woman" Young
 
Peer DIDs: a secure and scalable method for DIDs that’s entirely off-ledger –...
Peer DIDs: a secure and scalable method for DIDs that’s entirely off-ledger –...Peer DIDs: a secure and scalable method for DIDs that’s entirely off-ledger –...
Peer DIDs: a secure and scalable method for DIDs that’s entirely off-ledger –...
SSIMeetup
 
Meet Evernym's SSI Platform
Meet Evernym's SSI PlatformMeet Evernym's SSI Platform
Meet Evernym's SSI Platform
Evernym
 
An Expert Panel on Safe Credentials
An Expert Panel on Safe CredentialsAn Expert Panel on Safe Credentials
An Expert Panel on Safe Credentials
Evernym
 
Schema Definitions and Overlays for Self-Sovereign Identity (SSI) - Paul Knowles
Schema Definitions and Overlays for Self-Sovereign Identity (SSI) - Paul KnowlesSchema Definitions and Overlays for Self-Sovereign Identity (SSI) - Paul Knowles
Schema Definitions and Overlays for Self-Sovereign Identity (SSI) - Paul Knowles
SSIMeetup
 
Smart Gateways, Blockchain and the Internet of Things (Charalampos Doukas-Cre...
Smart Gateways, Blockchain and the Internet of Things (Charalampos Doukas-Cre...Smart Gateways, Blockchain and the Internet of Things (Charalampos Doukas-Cre...
Smart Gateways, Blockchain and the Internet of Things (Charalampos Doukas-Cre...
AGILE IoT
 
Charalampos Doukas, ICT30 AGILE, IoT Forum 2016, Smart Gateways, Blockchain &...
Charalampos Doukas, ICT30 AGILE, IoT Forum 2016, Smart Gateways, Blockchain &...Charalampos Doukas, ICT30 AGILE, IoT Forum 2016, Smart Gateways, Blockchain &...
Charalampos Doukas, ICT30 AGILE, IoT Forum 2016, Smart Gateways, Blockchain &...
Business of Software Conference
 
DID Resolution: Given a DID how do I retrieve its document? – Markus Sabadello
DID Resolution: Given a DID how do I retrieve its document? – Markus SabadelloDID Resolution: Given a DID how do I retrieve its document? – Markus Sabadello
DID Resolution: Given a DID how do I retrieve its document? – Markus Sabadello
SSIMeetup
 
SSI: The Trillion Dollar Business Opportunity
SSI: The Trillion Dollar Business OpportunitySSI: The Trillion Dollar Business Opportunity
SSI: The Trillion Dollar Business Opportunity
SSIMeetup
 
Identity and Privacy: Past, Present, and Digital - Brenda K. Leong
Identity and Privacy: Past, Present, and Digital - Brenda K. LeongIdentity and Privacy: Past, Present, and Digital - Brenda K. Leong
Identity and Privacy: Past, Present, and Digital - Brenda K. Leong
SSIMeetup
 
Kiva protocol: building the credit bureau of the future using SSI
Kiva protocol: building the credit bureau of the future using SSIKiva protocol: building the credit bureau of the future using SSI
Kiva protocol: building the credit bureau of the future using SSI
SSIMeetup
 
Windows DNA
Windows DNAWindows DNA
Windows DNA
ijtsrd
 
Control of Communication and Energy Networks Final Project - Service Function...
Control of Communication and Energy Networks Final Project - Service Function...Control of Communication and Energy Networks Final Project - Service Function...
Control of Communication and Energy Networks Final Project - Service Function...
Biagio Botticelli
 
Applied Blockchain - May 2020 - Issue 01
Applied Blockchain - May 2020 - Issue 01Applied Blockchain - May 2020 - Issue 01
Applied Blockchain - May 2020 - Issue 01
Red Morley Hewitt
 
Fiware overview3
Fiware overview3Fiware overview3
Fiware overview3
Joaquín Salvachúa
 
W3 presentation gfii 6 dec 2013
W3 presentation gfii 6 dec 2013W3 presentation gfii 6 dec 2013
W3 presentation gfii 6 dec 2013
Bernard Odier
 
Internet of Things and Big Data
Internet of Things and Big DataInternet of Things and Big Data
Internet of Things and Big Data
Swiss Data Forum Swiss Data Forum
 
Security in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and CloudSecurity in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and Cloud
ITDogadjaji.com
 
I Know What Youll Do Next Summer - The Skills You Will Be Learning 
as a Domi...
I Know What Youll Do Next Summer - The Skills You Will Be Learning 
as a Domi...I Know What Youll Do Next Summer - The Skills You Will Be Learning 
as a Domi...
I Know What Youll Do Next Summer - The Skills You Will Be Learning 
as a Domi...
Grégory Engels
 
Rococo Software Q3 2010
Rococo Software Q3 2010Rococo Software Q3 2010
Rococo Software Q3 2010
Sean O'Sullivan
 
Open Government Open Innovation and the Cloud
Open Government Open Innovation and the CloudOpen Government Open Innovation and the Cloud
Open Government Open Innovation and the Cloud
Mark Gayler
 
A Personal Internet For Everyone
A Personal Internet For EveryoneA Personal Internet For Everyone
A Personal Internet For Everyone
Rod King, Ph.D.
 

Más contenido relacionado

La actualidad más candente

Peer DIDs: a secure and scalable method for DIDs that’s entirely off-ledger –...
Peer DIDs: a secure and scalable method for DIDs that’s entirely off-ledger –...Peer DIDs: a secure and scalable method for DIDs that’s entirely off-ledger –...
Peer DIDs: a secure and scalable method for DIDs that’s entirely off-ledger –...
SSIMeetup
 
Schema Definitions and Overlays for Self-Sovereign Identity (SSI) - Paul Knowles
Schema Definitions and Overlays for Self-Sovereign Identity (SSI) - Paul KnowlesSchema Definitions and Overlays for Self-Sovereign Identity (SSI) - Paul Knowles
Schema Definitions and Overlays for Self-Sovereign Identity (SSI) - Paul Knowles
SSIMeetup
 
DID Resolution: Given a DID how do I retrieve its document? – Markus Sabadello
DID Resolution: Given a DID how do I retrieve its document? – Markus SabadelloDID Resolution: Given a DID how do I retrieve its document? – Markus Sabadello
DID Resolution: Given a DID how do I retrieve its document? – Markus Sabadello
SSIMeetup
 
Identity and Privacy: Past, Present, and Digital - Brenda K. Leong
Identity and Privacy: Past, Present, and Digital - Brenda K. LeongIdentity and Privacy: Past, Present, and Digital - Brenda K. Leong
Identity and Privacy: Past, Present, and Digital - Brenda K. Leong
SSIMeetup
 
Kiva protocol: building the credit bureau of the future using SSI
Kiva protocol: building the credit bureau of the future using SSIKiva protocol: building the credit bureau of the future using SSI
Kiva protocol: building the credit bureau of the future using SSI
SSIMeetup
 
Windows DNA
Windows DNAWindows DNA
Windows DNA
ijtsrd
 
Applied Blockchain - May 2020 - Issue 01
Applied Blockchain - May 2020 - Issue 01Applied Blockchain - May 2020 - Issue 01
Applied Blockchain - May 2020 - Issue 01
Red Morley Hewitt
 

La actualidad más candente (14)

Hope x talk
Hope x talkHope x talk
Hope x talk
 
Peer DIDs: a secure and scalable method for DIDs that’s entirely off-ledger –...
Peer DIDs: a secure and scalable method for DIDs that’s entirely off-ledger –...Peer DIDs: a secure and scalable method for DIDs that’s entirely off-ledger –...
Peer DIDs: a secure and scalable method for DIDs that’s entirely off-ledger –...
 
Meet Evernym's SSI Platform
Meet Evernym's SSI PlatformMeet Evernym's SSI Platform
Meet Evernym's SSI Platform
 
An Expert Panel on Safe Credentials
An Expert Panel on Safe CredentialsAn Expert Panel on Safe Credentials
An Expert Panel on Safe Credentials
 
Schema Definitions and Overlays for Self-Sovereign Identity (SSI) - Paul Knowles
Schema Definitions and Overlays for Self-Sovereign Identity (SSI) - Paul KnowlesSchema Definitions and Overlays for Self-Sovereign Identity (SSI) - Paul Knowles
Schema Definitions and Overlays for Self-Sovereign Identity (SSI) - Paul Knowles
 
Smart Gateways, Blockchain and the Internet of Things (Charalampos Doukas-Cre...
Smart Gateways, Blockchain and the Internet of Things (Charalampos Doukas-Cre...Smart Gateways, Blockchain and the Internet of Things (Charalampos Doukas-Cre...
Smart Gateways, Blockchain and the Internet of Things (Charalampos Doukas-Cre...
 
Charalampos Doukas, ICT30 AGILE, IoT Forum 2016, Smart Gateways, Blockchain &...
Charalampos Doukas, ICT30 AGILE, IoT Forum 2016, Smart Gateways, Blockchain &...Charalampos Doukas, ICT30 AGILE, IoT Forum 2016, Smart Gateways, Blockchain &...
Charalampos Doukas, ICT30 AGILE, IoT Forum 2016, Smart Gateways, Blockchain &...
 
DID Resolution: Given a DID how do I retrieve its document? – Markus Sabadello
DID Resolution: Given a DID how do I retrieve its document? – Markus SabadelloDID Resolution: Given a DID how do I retrieve its document? – Markus Sabadello
DID Resolution: Given a DID how do I retrieve its document? – Markus Sabadello
 
SSI: The Trillion Dollar Business Opportunity
SSI: The Trillion Dollar Business OpportunitySSI: The Trillion Dollar Business Opportunity
SSI: The Trillion Dollar Business Opportunity
 
Identity and Privacy: Past, Present, and Digital - Brenda K. Leong
Identity and Privacy: Past, Present, and Digital - Brenda K. LeongIdentity and Privacy: Past, Present, and Digital - Brenda K. Leong
Identity and Privacy: Past, Present, and Digital - Brenda K. Leong
 
Kiva protocol: building the credit bureau of the future using SSI
Kiva protocol: building the credit bureau of the future using SSIKiva protocol: building the credit bureau of the future using SSI
Kiva protocol: building the credit bureau of the future using SSI
 
Windows DNA
Windows DNAWindows DNA
Windows DNA
 
Control of Communication and Energy Networks Final Project - Service Function...
Control of Communication and Energy Networks Final Project - Service Function...Control of Communication and Energy Networks Final Project - Service Function...
Control of Communication and Energy Networks Final Project - Service Function...
 
Applied Blockchain - May 2020 - Issue 01
Applied Blockchain - May 2020 - Issue 01Applied Blockchain - May 2020 - Issue 01
Applied Blockchain - May 2020 - Issue 01
 

Similar a Higgins active clients and personal data stores v2

Internet of Things and Big Data
Internet of Things and Big DataInternet of Things and Big Data
Internet of Things and Big Data
Swiss Data Forum Swiss Data Forum
 
Ryan_Holt_MS_Thesis_Project_Presentation
Ryan_Holt_MS_Thesis_Project_PresentationRyan_Holt_MS_Thesis_Project_Presentation
Ryan_Holt_MS_Thesis_Project_Presentation
Ryan Holt
 
Internet of Things (IoT) and Big Data
Internet of Things (IoT) and Big DataInternet of Things (IoT) and Big Data
Internet of Things (IoT) and Big Data
Guido Schmutz
 

Similar a Higgins active clients and personal data stores v2 (20)

Fiware overview3
Fiware overview3Fiware overview3
Fiware overview3
 
W3 presentation gfii 6 dec 2013
W3 presentation gfii 6 dec 2013W3 presentation gfii 6 dec 2013
W3 presentation gfii 6 dec 2013
 
Internet of Things and Big Data
Internet of Things and Big DataInternet of Things and Big Data
Internet of Things and Big Data
 
Security in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and CloudSecurity in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and Cloud
 
I Know What Youll Do Next Summer - The Skills You Will Be Learning 
as a Domi...
I Know What Youll Do Next Summer - The Skills You Will Be Learning 
as a Domi...I Know What Youll Do Next Summer - The Skills You Will Be Learning 
as a Domi...
I Know What Youll Do Next Summer - The Skills You Will Be Learning 
as a Domi...
 
Rococo Software Q3 2010
Rococo Software Q3 2010Rococo Software Q3 2010
Rococo Software Q3 2010
 
Open Government Open Innovation and the Cloud
Open Government Open Innovation and the CloudOpen Government Open Innovation and the Cloud
Open Government Open Innovation and the Cloud
 
A Personal Internet For Everyone
A Personal Internet For EveryoneA Personal Internet For Everyone
A Personal Internet For Everyone
 
Live Mesh Presentation Bruno Svc
Live Mesh Presentation Bruno SvcLive Mesh Presentation Bruno Svc
Live Mesh Presentation Bruno Svc
 
National seminar on emergence of internet of things (io t) trends and challe...
National seminar on emergence of internet of things (io t) trends and challe...National seminar on emergence of internet of things (io t) trends and challe...
National seminar on emergence of internet of things (io t) trends and challe...
 
Ryan_Holt_MS_Thesis_Project_Presentation
Ryan_Holt_MS_Thesis_Project_PresentationRyan_Holt_MS_Thesis_Project_Presentation
Ryan_Holt_MS_Thesis_Project_Presentation
 
FIWARE Global Summit - FIWARE Overview
FIWARE Global Summit - FIWARE OverviewFIWARE Global Summit - FIWARE Overview
FIWARE Global Summit - FIWARE Overview
 
The future of the web with HTML5
The future of the web with HTML5The future of the web with HTML5
The future of the web with HTML5
 
Harvard GSD Exec.Ed Leading Organizations _ lecture, february 5 2014
Harvard GSD Exec.Ed Leading Organizations _ lecture, february 5 2014Harvard GSD Exec.Ed Leading Organizations _ lecture, february 5 2014
Harvard GSD Exec.Ed Leading Organizations _ lecture, february 5 2014
 
SWXG 2010.6.9 v2
SWXG 2010.6.9 v2SWXG 2010.6.9 v2
SWXG 2010.6.9 v2
 
061223_web_20_conference_sf_shan
061223_web_20_conference_sf_shan061223_web_20_conference_sf_shan
061223_web_20_conference_sf_shan
 
IoTShow.in Bangalore 2019 - a Recap on 'IoT and Edge' Talk.
IoTShow.in Bangalore 2019 - a Recap on 'IoT and Edge' Talk.IoTShow.in Bangalore 2019 - a Recap on 'IoT and Edge' Talk.
IoTShow.in Bangalore 2019 - a Recap on 'IoT and Edge' Talk.
 
Internet of Things (IoT) and Big Data
Internet of Things (IoT) and Big DataInternet of Things (IoT) and Big Data
Internet of Things (IoT) and Big Data
 
Open Source Software Development by TLV Partners
Open Source Software Development by TLV PartnersOpen Source Software Development by TLV Partners
Open Source Software Development by TLV Partners
 
Open source presentation
Open source presentationOpen source presentation
Open source presentation
 

Último

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Puma Security, LLC
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
 

Último (20)

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 

Higgins active clients and personal data stores v2

  • 1. Higgins, Active Clients, & Personal Data Stores Paul Trevithick http://project-higgins.org September 2010 v2
  • 2. “On the Internet, nobody knows you’re a dog” 2 Copyright (c) 2010 Paul Trevithick
  • 3. Why is this? 3 Copyright (c) 2010 Paul Trevithick
  • 4. Our user agents don’t know us Silo A Silo B Silo C Browser Browser Browser 4 Copyright (c) 2010 Paul Trevithick
  • 5. Silo A Silo B Silo C Browser Browser Browser We all experience the result Type, type, type. Click, click, click. Endless form filling as we populate each silo with descriptions of ourselves 5 Copyright (c) 2010 Paul Trevithick
  • 6. Implications Personal information is spread across all these silos No way to control my digital footprint Information about me (esp. my social graph) isn’t portable My personal data is no longer mine (from a rights POV) No way to move verified attributes from A to B Privacy concerns (e.g. tracking cookies, correlatable identifiers) 6 Copyright (c) 2010 Paul Trevithick
  • 7. Missing: an agent of the user What goes here? Something that: Centralizes control (by me) over my data whereever it lives Supports my multiple identities and attribute authorities Moves data (preferences, affiliations, ids, healthcare records, etc.) between the silos and between people Allows me to control who has access to my data 7 Copyright (c) 2010 Paul Trevithick
  • 8. Enter the active client Portability: profile & social networking attributes are made portable by Information Cards Any kind of information: your preferences, friends, favorite songs, employee id numbers, drivers licenses, affiliations, your health plan id, etc., can be on a card. Cards are managed in a local active client “wallet” (aka Selector) such as Microsoft CardSpace™, Higgins, Azigo™, etc. running on your desktop or mobile device and integrated with your browser 8 Copyright (c) 2010 Paul Trevithick
  • 9. Information Cards and first generation active clients 2007: Microsoft CardSpace (built into Windows 7 & Vista) 2008: Higgins and OpenInfocard open source projects 2008: June: Information Card Foundation founded 2009: OASIS IMI Standard 9 Copyright (c) 2010 Paul Trevithick
  • 10. Higgins history Began in 2003 in affiliation with Harvard’s Berkman Center Moved to the Eclipse Foundation in 2004 IBM, Novell, and others contributed developers during 2005-2008 Google and Oracle began contributing in 2007 Higgins 1.0 was released in 2008 Higgins code is part of commercial products from Novell, IBM, Google, Serena, Azigo, and others Higgins 1.1 (Adobe AIR & iPhone) Q4 2010 http://higgins-project.org 10 Copyright (c) 2010 Paul Trevithick
  • 11. Higgins goals User-centered design Shift control to the user over their own digital identity Enhance privacy and security Provide a simple, consistent, card-based user experience Active client-based architecture Data integration Integrate user’s profiles & social networks across data silos and apps Develop a common data model Distributed cross-silo linking of data Extensible architecture based on frameworks & plugins Designed for interoperability Cross-protocol (Infocard, OpenID, SAML, un/pw…) Authentication-technology agnostic Cross-platform (Windows, Mac, Linux, Mobile…) Open source, community-based project Business model friendly EPL license 11 Copyright (c) 2010 Paul Trevithick
  • 12. Timeline Information Card Foundation Launched June 2008 Higgins 1.1 Q4 2010 Higgins 1.0 Feb 2008 CardSpace™Jan 2007 2004 2005 2006 2007 2008 2009 2010 12 Copyright (c) 2010 Paul Trevithick
  • 13. Multiple, partial identities Verified Claims Loyalty Payment eGov 13 Copyright (c) 2010 Paul Trevithick
  • 14.
  • 17.
  • 19. Like to rock climb, fly fish, mountain bike, play piano
  • 21. Profession: Medical doctor14 Copyright (c) 2010 Paul Trevithick
  • 22. Card-based login UX Click 15 Copyright (c) 2010 Paul Trevithick
  • 23. Card-based login benefits Per-site passwords are eliminated Anti-phishing protection Site declares what claims (attributes) it needs or desires User reviews and consents to all release Privacy enhancing minimal disclosure 16 Copyright (c) 2010 Paul Trevithick
  • 24. Platform support for Infocard Windows Microsoft CardSpace™, Higgins AIR, OpenInfocard (Firefox) Mac Novell DigitalMe™, Higgins AIR, OpenInfocard (Firefox) iPhone Higgins Browsers Firefox: Higgins, OpenInfocard IE: CardSpace, Higgins Chrome: Higgins (1.1) Safari: Higgins (1.1) 17 Copyright (c) 2010 Paul Trevithick
  • 25. Interoperability demo at RSA 2008 18 Copyright (c) 2010 Paul Trevithick
  • 26. Interoperability demo at RSA 2008 19 Copyright (c) 2010 Paul Trevithick
  • 27. Infocard actors P R Identity Provider (Card Issuer) Relying Party (Card Accepter) B Browser S Selector (Active Cient) User 20 Copyright (c) 2010 Paul Trevithick
  • 28. Personal card data flow P R B S Personal Card 21 Copyright (c) 2010 Paul Trevithick
  • 29. Managed card data flow P R points to security token service B S has Managed Card 22 Copyright (c) 2010 Paul Trevithick
  • 30. Infocard: the good news Infocard IMI protocol is an OASIS specification First gen clients/selectors are available for multiple desktop and mobile platforms and for IE, Firefox, Safari and Chrome Major firms have stood up card issuing sites (Equifax, Acxiom, PayPal, etc.) Infocards adopted as part of the US eGov “ICAM” program Infocard and OpenID foundations worked together to found the OpenIdentityExhange.org and have been instrumental in putting forward the notion of Trust frameworks. Trust frameworks are a key part of the forthcoming US government NSTIC strategy 23 Copyright (c) 2010 Paul Trevithick
  • 31. Infocard: a work in progress There remain great hopes for the emergence of medium-scale “lighthouse” relying party websites (e.g. agencies of the US Federal government) that will demonstrate the business value of infocards and drive understanding and adoption Information Card Foundation is structurally transforming itself to better support its mission in the next phase We’ve learned from our first generation products There’s room for improvement in the UX, the implementations, and working more collaboratively with other identity technologies These learnings are driving the next generation… 24 Copyright (c) 2010 Paul Trevithick
  • 32. Higgins 2.0 and next gen Active Clients
  • 33. Higgins 2.0 UX: A less “in your face” UI WRT privacy & security. Rely more on trust frameworks. Faster, smoother browser add-on UX for download and installation Brokered authentication: Reduce per-IdP (per-card) passwords/challenges Adopt a cross-protocol “better with” strategy Embrace and add value to OpenID, SAML, WebID?, userid-passwords? Track MozillaLabs work on Account Manager Harmonize UX with UX from OpenID, Facebook Connect, etc. (See Kantara ULX WG), and also with “cloud-based identity selection agents” New desktop architecture: browser add-on + OS service + “dashboard” UI iPhone and (hopefully) Android implementations Personal Data Store Blinded data store (using Nigori technology) Interoperability from Persona data model 2.0 Relationship cards: build continuous bi-directional connection App-cards: Javascript-bearing cards; active client as a platform 26 Copyright (c) 2010 Paul Trevithick
  • 34. Interests Searches Purchases Passwords Addresses Payment cards Location Social graph Active client as “digital me” 27 Copyright (c) 2010 Paul Trevithick
  • 35. Even tighter (and lower latency) integration with browsers & apps Browser or Appr Browser or App Browser Form fill Data capture Active Client 28 Copyright (c) 2010 Paul Trevithick
  • 36. General purpose Personal Data Store sync & backup; not just a “card roaming” service Browser or App App Active Client Active Client PDS Blinded data 29 Copyright (c) 2010 Paul Trevithick
  • 37. Rich Personal Data Store(s) 30 Copyright (c) 2010 Paul Trevithick
  • 38. Persona Data Model 2.0 A vocabulary of attributes to describe a person Card metaphor Profiles (e.g. “what amazon knows about you”) Reusable personas/roles (e.g. “work”, “anonymous”) RDF/OWL based. Builds on existing vocabularies: FOAF vCARD geoLocation SKOS http://wiki.eclipse.org/Persona_Data_Model_2.0 31 Copyright (c) 2010 Paul Trevithick
  • 39. PDS API XDI Read/write attributes using OASIS XDI messages RESTful-ish: GET, ADD, MOD, DEL messages tunneled within POST OAuth Authentication/Authorization ActivityStreams (end of 2010) Atom feed to indicate “data update” events PubSubHubBub (end of 2010) Allows client apps to proactively receive notification of “data update” events in the ActivityStream SPARQL/Update (Q2 2011) Proposed alternative to XDI 32 Copyright (c) 2010 Paul Trevithick
  • 40. Relationship-cards What they are Attributes can be “by reference” instead of just “by value” Card conveys a “UDI” (Linked Data or XRI) URI reference UDIs assume dynamic discovery (XRDS or Linked Data 303) Benefits Continuous data feed is established (vs. static one shot) Read/Write (vs. read only, unidirectional) 33 Copyright (c) 2010 Paul Trevithick
  • 41. Javascript bearing app-cards Cards link to a Javascript program Javascript can be injected into the browser to perform Supports client-side mashups, aka “web augmentation”, aka browser overlays Supports Kynetx.com KNS service 34 Copyright (c) 2010 Paul Trevithick
  • 42. App-card admin UI mockup 35 Copyright (c) 2010 Paul Trevithick
  • 43. Active client as platform Javascript from an app-card can be injected into browser can call Client API Browser Mobile or Desktop App Javascript from an app-cards can be injected into Dashboard can provide “admin UI” via PDS Cient API Dashboard (UI) Native call to Client API PDS Client API PDS Client Web apps can access PDS via XDI or SPARQL + ActivityStreams + PSHB PDS 36 Copyright (c) 2010 Paul Trevithick
  • 44. PDS and active clients: related work User-centric identity (2005) Letting people control their own identities, identifiers. OpenID, Infocard, WebID, OAuth 2.0 Data Portability.org (2007) A “borderless experience” VRM (Vendor Relationship Management) (2008) Shifting more control to the customer Mozilla Labs: (2009) Identity in the browser: Weave; Account Manager Federated Social Networks (2010) Distributed Facebook (e.g. Diaspora & many others) David Siegel: Pull: “Personal Data Locker” (2010) World Economic Forum (2010): Personal Data Management Initiative 37 Copyright (c) 2010 Paul Trevithick
  • 45. Appendix AHow managed cards work
  • 46. Managed Card:Alice goes to site P R B S 39 Copyright (c) 2010 Paul Trevithick
  • 47. Managed Card: Selector retrieves policy P R Required and Optional Claims B S 40 Copyright (c) 2010 Paul Trevithick
  • 48. Managed Card: Display cards that match policy P R B S 41 Copyright (c) 2010 Paul Trevithick
  • 49. B S Managed Card: Alice selects a card P R 42 Copyright (c) 2010 Paul Trevithick
  • 50. Managed Card: Auth to IdP P R B S 43 Copyright (c) 2010 Paul Trevithick
  • 51. Managed Card: Generate token P R B S 44 Copyright (c) 2010 Paul Trevithick
  • 52. Managed Card: Browser sends token P R Set of Claims B S 45 Copyright (c) 2010 Paul Trevithick
  • 53. Managed Card: Validate token P R B S 46 Copyright (c) 2010 Paul Trevithick
  • 54. Managed Card: Alice accesses resource P R B S 47 Copyright (c) 2010 Paul Trevithick
  • 56. Personal r-card: first time flow Personal Data Agent/Store (in the cloud) A R P Set of Claims & Ptr B S Personal R-Card 49 Copyright (c) 2010 Paul Trevithick
  • 57. Personal r-card steady state A Continuous connection (RDF, XDI, etc.) R P B S 50 Copyright (c) 2010 Paul Trevithick
  • 58. Managed r-card initial flow A R P Set of Claims & Ptr B S has Managed R-Card 51 Copyright (c) 2010 Paul Trevithick
  • 59. Managed r-card steady state Kantara UMA Authorization Manager A control control control Continuous connection R P B S has Managed R-Card 52 Copyright (c) 2010 Paul Trevithick
  • 60. Appendix CExample PDS Client API
  • 61. Active client API getExAttributes (string rp, string audience, Attribute attributes, Where where, function responseCallback) rp: string identifier of the "next hop" attribute data sink. It is expressed in as detailed a form as possible. audience: string. Must match either the agent or the rp parameter value or be nil. If not nil, then indicates whether to encrypt tokens for the agent or the rp. attributes: set of (attribute, optional, authorities) tuples where: attribute is a URI indicating the attribute type optional is a boolean (if true then this attribute is desired but not required) authorities is a list of domains that are considered by the caller as authoritative WRT this attribute and thus must be used as the source of the attribute, if this list is nil then self asserted values are acceptable. If authority == dev (where dev is the developer of app-card) then only the "host" card of that app will be allowed as the source of attributes. where: is a set of (attribute, value-expression) tuples where: attribute: is the attribute URI value-expression: regex expression responseCallback: Represents event listener (name of the JS function). If the value of 'onready' is an empty string, then browser extension executes an synchronous query, otherwise extension does an asynchronous query. The result will be passed as a parameter to the function responseCallback 54 Copyright (c) 2010 Paul Trevithick