Nat Sakimura Presentation / CloudViews.Org Cloud Computing Conference 2009

OpenID – Identity in the CLOUD? Nat Sakimura (=nat) twitter.com/_nat www.sakimura.org/en/

Chamo-me Nat Sakimura Vim do japan Eu nao falo portugues. So … I have to continue in English ~ ~ ~

Thank you for inviting me here Portugal – Japan Relationship started in 1543 466 th Year Real Pleasure to be here to talk to you and would like to thank the organizers making my visit possible!

Who am I? Digital Identity since 2000 Founder, OpenID Japan Community Board Member, OpenID Foundation Founding Board Member, Kantara Initiative Senior Researcher, Nomura Research Institute … And My Mission is …

User Controlled Identity Minimal Disclosure Faster and Safer Transaction a Reality

Faster Cheaper Safer … Well, System is, but what about account Management? The Internet CRM HR ERP CRM HR ERP Federated Identity

Survey Result 1000 samples. July 2007 Over 16 accounts Can remember only 3 pairs Result: Same e-mail & password everywhere

2 Types of Federation Closed Federation Out of bound trust exchange Federation Operator E.g. SAML, Shib, etc. Open Federation Dynamic Federation Setup – sometimes promiscuous Scales easier. Good for the Internet E.g. OpenID – Identity in the Cloud

OpenID in 1 minute Assertion Format : Tag=Value Protocol for req/resp of the Assertion Discovery of IdP through XRDS Dynamic association through DH Supported by AOL, Yahoo!, France Telecom, Google, Facebook, etc. Soon to come? Microsoft, NTT Identity in the Cloud

… but is it enough? Roles and Authorization Audit and Trust formation Relationship Management and Non-repudiation

Roles and Authorization Need to extract attributes from the authoritative sources E.g. HR system In Realtime No syncing Connect different protocols LDAP + OpenID SAML + OpenID WS-* + OpenID etc. e.g., once logged into a corporate network, can log in to cloud service seamlessly.

OpenID is Dynamic Federation: Out of bound TRUST formation OpenID: “Open”  “Promiscuous” How do I trust the other party? Creating ad hoc white list does not scale. It becomes essentially same as Federation Where does the Trust come from? Third party trust Audit & Market Feedback

Reputation Reputation is a subjective evaluation of the assertion about a subject being true based on factual and/or subjective data about it, and is used as one of the factors for establishing trust on that subject for a specific purpose. A Reputation Score of a Player (Reputee) on the Type (Criteria) by other players (Reputor) is the subjective probability assigned by the Reputor that the Reputee fulfils the Criteria.

O pen R eputation M anagement S ystem

Relationship Management and non-repudiation

Contract Exchange (CX) (Legal) Contract + Non-repudiation ^^^ Relationship Mobile Friendly Asynchronous OpenID Foundation CX Working Group The first really international WG ;-)

CX Basic Flow (Simplified Version) This is a special case of the generalized “Base Model” that is explained later. This special case is optimized for OpenID. Relying Party (RP) OpenID Provider (OP) 1. User access the service 1 3. User Consent verified 3 2. RP creates signed “Offer” and sends it to OP “ Offer” 2 RP 4. OP creates the signed “Contract” based on the “Offer” 4 “ Contract” OP “ Offer” RP

CX Features Non-repudiation and Integrity Leveraging on Public Key signing Confidentiality Encrypting the message by the receiving party’s public key Extensible Contract (i.e., need to define those elsewhere) Contract “Payload” Applicable to limited functionality user agents such as Mobile Phones “ Artifact” binding Asynchronous Messaging “ Ticket” and “Notification” Use cases revolving around “User Consent” Use case that “User requesting to RP” and “User giving consent at OP” is not the same. Cases that the user signs the “Proposal” instead of the RP.

CX Basic Flow (Artifact+Synchronous)

CX Basic Flow (Artifact+Asynchronous) OP Service End Point XRD Access Service Get XRD to obtain service end point and the public key of the OP. Create “Offer” and sign Send “Offer” to OP Return Ticket for the “Offer” Browser Redirect to show OP the Ticket (Optional) Get XRD to obtain service end point and the public key of the Obtain User Consent on the Offer pointed by the Ticket. Create “TransactionID” Browser Redirect to send “TransactionID” to RP Done! Save TrabsactionID RP Service End Point XRD Store Offer Other Processing Send Notification that a Contract for the TransactionID has benn created Create Signed Contract GET Contract based on TransationID Return the (encrypted) Contract Store the Contract

Very Similar to OAuth? Yes. But with Identity Framework Legal Framework (arguably) Simpler Related works: ProtectServe etc.

JAL-Hotel SSO & Data Transfer Sequence

Overview Though it would be desirable for its customer to be able to buy hotels etc. when he buys air-tickets at its site, since JAL is a Transportation provider, it is not allowed to sell Hotel rooms etc. As such, it partners with several hotel reservation sites and refers her customer to them. For this purpose, JAL provides a hotel search frontend aggregating all her hotel partners. When user makes a selection there, the user will be taken to the hotel reservation site. Usually, he has to create an account there but in the current system, user can login with JAL’s account. The protocol used there is OpenID, although it does not show it. Together with the login, it also sends the verified personal information including credit card number with user’s consent. Since the transaction amount ranges anywhere from US$100 to over $1,000 , and the data sent are sensitive, both sides needed non-repudiation, integrity, and confidentiality. Unfortunately, non of the existing OpenID extension gave these properties. So, it was decided to go with the TX extension proposed in December 2007 (at iiw). The system went LIVE on May 28, 2008.

User I/F Sequence For this purpose, JAL provides a hotel search frontend aggregating all her hotel partners (Fig.1). User makes a selection out of it and clicks the “Reservation Details” button. User, then, will be taken to the hotel reservation site for the details and when he decides to buy it, he clicks “Confirm” button. (Fig.2) Then, the user will be confronted with login page, from which he can choose to LOGIN by JAL ID. (Fig.3) After the authentication (Fig.4), the user will be shown the data transfer contract proposal noting purpose, data item, duration of the use etc.(Fig.5). The contract proposal is actually electronically signed by the data requesting party (in this case, Hotel reservation site.) When the user agrees to it, it is counter signed to make it a “Contract” and “sent back” to the data requesting party. This “Contract” gives “non-repudiation” for both parties. The hotel site requests the data in the back channel using this contract. The data is encrypted using the public key of the data requesting party that is included in the contract. This gives “confidentiality” and “integrity”. In this particular case, Name, Gender, Age, Creditcard number etc. are actually sent. These are verified values (Note: JAL has several level of enrollment. The highest class is the member who has JAL issued credit card and has travelled abroad. In this case, the user can be said to be registered with “Government issued Photo-ID (Passport)” in Person, with backing payment method.) In the management interface, a user can manage the contract he has (Fig.10). He can terminate the contract whenever he wants to.

Fig.1 JAL: Search Result Press “Reservation Details”

Fig.2 Myu : Hotel Selection Confirmation Press Confirm

Fig.3 User Login Press Login “ You can login with your JMB *1 Membership Number” *1 JMB==JAL Mileage Bank This screen probably needs a rework. Perhaps create a “Login by JMB” Logo-Button” Although there is no mention of OpenID here, this actually is an OP Identifier based OpenID Login.

Fig.4 (Optional: JAL : OpenID Login) It is an OP Identifier Login. When the user is already logged into JAL Site, this screen is skipped. Enter JMB number and password and Press “LOGIN”

Name Address Tel Mail Credit Card Number This Transction Only Until June 16, 2009 Press “Agree & Proceed” Make Selection on attributes to send Make Selection for the expiration date for this contract Data Usage Policy Data to be provided Expiration date for this contract Explanation *1 Based on http://wiki.openid.net/Trusted_Data_Exchange For the non-repudiation purposes, mutually e-signed contract is created for the transaction Fig.5 JAL: Attribute Transfer Contract*1

Fig.6 Hotel : Name Confirm Now, you are logged in to the Hotel Site. This screen is double checking if you are making a booking for yourself. (You can change the name here if you are booking for someone else.) Press Next

Fig.8 Hotel : Payment Method Confirm Credit Card Wire Transfer CVS Payment

Fig.9 Hotel : Credit Card Confirm Masked for security reason When user selects “Credit Card”, the number etc. are prefilled because the data was transferred from JAL to the Hotel site using TX extension.

Fig.10 JAL: Managing the contracts/relationship A Contract date Actual Data View Detail Stop Data Provision (contract termination)

Fig.11 JAL: Contract Termination

Marketing Strategy Why not using OpenID? Focus on Peace of Mind

OpenID can be insecure Bolt it up with “Security Profile” https identifier only, etc. Introduction of extra layer: Non-repudiation with use of certificates. “Contract Exchange”

How such a success were made possible? Tackled three domains in pallarel. Consumers Business & Tech Communities Government Joint Marketing with other Identity Related Orgs/Activities such as Liberty Alliance Project Japan SIG and Id-Con. “ Harmonization”

Consumers Education Using Media/Press extensively to educate. Cordinated Press conferences, press briefings, etc. with members. Even a magazine for an average internet user had headlines on OpenID A“must see” news show for business people had a coverage of the OpenID Japan press conference. Other Press Coverages WBS (Oct.30) Monitoring Periodical Consumer Survay to monitor the effectiveness of the promotion

Business Education In person visits to well over 100 companies across the industries. Banks, Telcos, Internet Marchants, Transportation, etc. Sharing of the business cases among the peer group. OpenID TechNights Seminars and other seminar opportunities. Emphasis on Security and clear the “Myth” Make the Business Case During the above visits, discuss the possible business models to come up with the one suitable for the company: Service Creation Hotel etc. Reservation (incl. payment) OpenID Based Payment Extending Social Graph to the internet through OpenID

Balanced Composition 48 Companies Not only technical Technology is there to serve people Leaders of each industry Requirement Gathering Strong relationship with the government Policy Making Involvement Partnership with other identity organization E.g. Liberty Alliance Project

Balanced Composition As of Nov.1, 2008 Note: Some mebes wishes not to announce their participation in public so they are not listed in the web page. Published Member List: http:// www.openid.or.jp/memberlist.html

Government Education Visit key institutions to have discussion on the applicability of OpenID and other distributed digital identity systems in e-Gove and business settings. e.g., Office of the Cabinet, NISC, METI, Ministry of Internal Affairs and Communications Leverage on relationship with various government advisors. Assist government research in the field. e.g., Assurance programs, Digital Signature Usage, Digital Authentication Usage, Consumer reach, etc. (NRI) Government Authentication Guidelines Telco Guidelines etc.

Notable Activities (not including individual company visits) 4/1 OIDF-J Kickoff Meeting 4/23 Office of the Cabinet 4/24 OpenID Tech Night vol.1 5/28 JAIPA Seminar “OpenID Day” 6/4 Ministry of Economy, Trade and Industry 6/10 OpenID Tech Night vol.2 7/6-10 Liberty Alliance Prenary @ Stockholm 7/18 Liberty Alliance Technology Seminar vol.3 7/19-30 Internet Survey 8/1 OpenID Tech Night vol.3 8/18 OpenID Auth 2.0 Translation Completion 8/20 Mixi Press Conference/Release Endorsement. Technical Meeting. 8/21 Ministry of Economy, Trade and Industry 8/21 Keio University (Prof. Kokuryo) 8/26 Ministry of Internal Affairs and Communication 8/29 Tokyo Institute of Technology (Prof. Ohyama) 8/29 Tokyo University (Prof. Sudo) 9/4 Ministry of Economy, Trade and Industry 9/8-11 Digital ID World : Panel 9/18 OIDF Content Provider Advisory Committee 9/18 Chuo University (Prof. Sugiura) 9/19 National Information Security Center 9/28 NEC Product Endorsement 10/6 Biglobe Press Release Endorsement 10/6 Rakuten Payment Service Soft Launch 10/30 OpenID-J Press Conference 10/31 Submission of TX to OIDF Spec Committee 11/7 Liberty Alliance Day: Panel 11/10-14 Internet Identity Workshop 11/26 Internet Week 2008 12/3 Web 2008 Expo 12/* OIDF-J Plenary 12/12 OpenID BizDay#1 Cannot list individual company visits because there are too many!

OpenID Foundation Japan Structure Membership Corporation (OIDF-J) Fee *2 Activity Proposal Board of Trustees (3) (For fiscal fiduciary) SIG 1 SIG 2 SIG n *1 Funding & Support SIG Leadership Council Advisors (Academic) Advisors ( Government ) Liason ( LAP etc. ) *1 Anticipated Initial SIGs: 1. Marketing, 2. Payment, 3. Assurance, 4. User Interface *2 Fees are deliberately cheap because OIDF-J do not spend much… Fee = approx US$2000+$1000 Break even at 20 members for min. activities: Targeting at 100 members or more. Secretariat (Accounting and Facilitation)

Swahili Word: “Bridge” Rooted in Arabics: “Harmonize” BUILDING BRIDGES BETWEEN DIVERSE IDENTITY COMMUNITIES AND PROTOCOLS

The Bi-Cameral Model Board of Trustees Member A Member B Member N Leadership Council WG 1 DG 1 DG/WG N Coordination (Members & Non-Members) Staff support report Participants (Members & Non-Members)

Membership Types Participant No cost, able to participate in all DG’s and have full voting rights in WG’s Must first sign the IPR agreement that a Group operates under Member Receive a Member discount to attend and participate in interoperability workshops & Kantara Initiative meetings/ conferences Vote on the adoption of all final Kantara Initiative Recommendations Listed as a Member on Kantara Initiative’s web site Trustee All member rights plus a seat on the Board of Trustees (with associated responsibilities) as well as: Exercise fiduciary oversight of Kantara Initiative Listed as a Trustee on the Kantara Initiative web site (premium logo placement) Preferential right of first refusal (prior to other Members) to actively participate in Kantara Initiative’s marketing and promotional activities at trade shows and other industry events Listed as a Trustee in all Kantara Initiative press releases

Workflow Incubation (Discussion Groups) Anyone can start and participate Used to gather community support for a new Work Group or Leadership Council funding request Active (Working Groups) Charter approved by Leadership Council to ensure it complies with goals, purpose, and principals of Kantara Initiative Each charter must include a reference to the IPR agreement it wishes to operate under (a menu of agreements possible is maintained by the BoT) Produces all output that may lead to final Kantara Initiative Recommendations (per vote of full Membership) Complete/inactive/sunset Once work concludes or becomes inactive, WG is sunset by Leadership Council

Benefits to Existing Initiatives Existing .orgs can join as Members or Trustees to shepherd their activities through the Kantara Initiative process Kantara Initiative WG’s are open to anyone and voting is a right granted to all without requirement of paying membership, so existing organizations can apply for WG status of their existing or new activities Brings benefit of Kantara Initiative institutional support to that activity On a case-by-case basis, Members who are also solution-developing organizations can negotiate specific shared infrastructure and staffing arrangements, even without any commitments of merging with Kantara Initiative over time (which is always an option but not required).

Benefits to Participants One organization to join, no financial barrier to participation Inclusive scope and mission of all solution technologies and operational frameworks Global scope, involvement, and reach, with more participants and broader constituency than any single pre-existing .org Collaborative environment across disciplines (technical, business, policy, privacy, etc) Allows diversity of projects, put into a meaningful context Simple & painless process to start work quickly, openly, yet with proven IPR processes and procedures in place Leverage trademark programs for interoperability, conformance, compliance, and accreditation

Recent Development in Japan besides more and more companies announcing support such as NTT…

Payment Profile based on CX Banks, Telcos, etc. Schema Profiling Attribute Schema Multi Protocol Interop SAML <-> OpenID (WS-* <-> OpenID)

Government Authentication Guideline Appropriate Identification &Authentication Appropriate level of Digital Signature IDP Transtion When IDP goes out of business Very important for Identity 2.0 Reputation & Trust

× 　ｙｏｕｒｉｄｅａ．

Nat Sakimura Presentation / CloudViews.Org Cloud Computing Conference 2009

More Related Content

Similar to Nat Sakimura Presentation / CloudViews.Org Cloud Computing Conference 2009 (20)

More from EuroCloud (20)

Recently uploaded (20)

Nat Sakimura Presentation / CloudViews.Org Cloud Computing Conference 2009