Create your own awesome maps

Even on the go

with our free apps for iPhone, iPad and Android

Get Started

Already have an account?
Log In

IdInterOp by Mind Map: IdInterOp
0.0 stars - 0 reviews range from 0 to 5

IdInterOp

Laws of Identity

http://www.identityblog.com/?p=353 Kim Cameron Microsoft 

1. User Control and Consent

Digital identity systems must only reveal information identifying a user with the user’s consent

2. Limited Disclosure for Limited Use

The solution which discloses the least identifying information and best limits its use is the most stable, long-term solution.

3. The Law of Fewest Parties

Digital identity systems must limit disclosure of identifying information to parties having a necessary and justifiable place in a given identity relationship.

4. Directed Identity

A universal identity metasystem must support both “omnidirectional” identifiers for use by public entities and “unidirectional” identifiers for private entities, thus facilitating discovery while preventing unnecessary release of correlation handles.

5. Pluralism of Operators and Technologies

A universal identity metasystem must channel and enable the interworking of multiple identity technologies run by multiple identity providers.

6. Human Integration

A unifying identity metasystem must define the human user as a component integrated through protected and unambiguous human-machine communications.

7. Consistent Experience Across Contexts

A unifying identity metasystem must provide a simple consistent experience while enabling separation of contexts through multiple operators and technologies.

Introduction

Problem Statement

Standards

SAML 2.0

http://en.wikipedia.org/wiki/SAML_2.0

Assertion

Protocol

Encryption

Signature

Profiles

OpenID 2.0

InfoCard

CardSpace

XRI

Project Initiatives

Higgins

OSIS

Pamela

Concordia

Use Cases

http://osis.netmesh.org/wiki/Use_Cases

Authenticate to a CardSpace enabled relying party using an OpenID URL identifier

Authenticate to a OpenID enabled relying party with a CardSpace card over CardSpace protocol

(different card types with different tokens)

Cardspace enabled SAML Attribute Authority for attribute exchange

OpenID enabled SAML Attribute Authority for attribute exchange

Authenticate to a Cardspace enabled relying party with Higgins iCard

Higgins enabled SAML Attribute Authority context provider

Authenticate to a Higgins enabled relying party with OpenID URL identifier

CardSpace

Methods

http://download.microsoft.com/download/1/1/a/11ac6505-e4c0-4e05-987c-6f1d31855cd2/Identity-Selector-Interop-Profile-v1-Guide.pdf

Self-issued card

Managed Card

Kerberos Ticket

X.509 Cert

Identity Selector Interoperability Profile

http://download.microsoft.com/download/1/1/a/11ac6505-e4c0-4e05-987c-6f1d31855cd2/Identity-Selector-Interop-Profile-v1.pdf

Mechanisms

WS-Trust

WS-SecurityPolicy

WS-MetadataExchange

Questions?

Difference between Higgins i-card & CardSpace Infocards

Higgins

Components

i-cards

IDAS

Identity Selector

Digital Me

Background

MS Passport

Single Sign On

Comparison

SAML vs OpenID

SAML vs CardSpace

OpenID vs CardSpace

Scope