IdInterOp by G K

IdInterOp

Laws of Identity

http://www.identityblog.com/?p=353 Kim Cameron Microsoft 

1. User Control and Consent

Digital identity systems must only reveal information identifying a user with the user’s consent

2. Limited Disclosure for Limited Use

The solution which discloses the least identifying information and best limits its use is the most stable, long-term solution.

3. The Law of Fewest Parties

Digital identity systems must limit disclosure of identifying information to parties having a necessary and justifiable place in a given identity relationship.

4. Directed Identity

A universal identity metasystem must support both “omnidirectional” identifiers for use by public entities and “unidirectional” identifiers for private entities, thus facilitating discovery while preventing unnecessary release of correlation handles.

5. Pluralism of Operators and Technologies

A universal identity metasystem must channel and enable the interworking of multiple identity technologies run by multiple identity providers.

6. Human Integration

A unifying identity metasystem must define the human user as a component integrated through protected and unambiguous human-machine communications.

7. Consistent Experience Across Contexts

A unifying identity metasystem must provide a simple consistent experience while enabling separation of contexts through multiple operators and technologies.

Introduction

Problem Statement

Standards

SAML 2.0

http://en.wikipedia.org/wiki/SAML_2.0

OpenID 2.0

InfoCard

XRI

Project Initiatives

Higgins

OSIS

Pamela

Concordia

Use Cases

http://osis.netmesh.org/wiki/Use_Cases

Authenticate to a CardSpace enabled relying party using an OpenID URL identifier

Authenticate to a OpenID enabled relying party with a CardSpace card over CardSpace protocol

(different card types with different tokens)

Cardspace enabled SAML Attribute Authority for attribute exchange

OpenID enabled SAML Attribute Authority for attribute exchange

Authenticate to a Cardspace enabled relying party with Higgins iCard

Higgins enabled SAML Attribute Authority context provider

Authenticate to a Higgins enabled relying party with OpenID URL identifier

CardSpace

Methods

http://download.microsoft.com/download/1/1/a/11ac6505-e4c0-4e05-987c-6f1d31855cd2/Identity-Selector-Interop-Profile-v1-Guide.pdf

Identity Selector Interoperability Profile

http://download.microsoft.com/download/1/1/a/11ac6505-e4c0-4e05-987c-6f1d31855cd2/Identity-Selector-Interop-Profile-v1.pdf

Mechanisms

Questions?

Difference between Higgins i-card & CardSpace Infocards

Higgins

Components

Digital Me

Background

MS Passport

Single Sign On

Comparison

SAML vs OpenID

SAML vs CardSpace

OpenID vs CardSpace

Scope