SlideShare a Scribd company logo

Opening Up User-Centric Identity

Download as PPT, PDF
Eduserv Foundation, profile picture
Eduserv Foundation

The document discusses the divergence between enterprise-centric and user-centric approaches to federated identity and the pressures for reunification. It notes that identity has become fragmented between systems focused on the enterprise versus the user. While divergence may not be desirable, full reunification is unlikely due to technical, economic and trust challenges. However, cooperation on protocols, discovery, attributes and trust could help unify identity systems to some degree.

EducationTechnology
1 of 17
Downloaded 16 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
Opening Up User-Centric Identity Nate Klingenstein [email_address] Internet2 Shibboleth Project Royal College of Physicians Eduserv Symposium 2009 21 st May, 2009: London
Identity is Totally Forked Federated identity has diverged Enterprise-centric User-centric Nothing matters but users and applications Is divergence desirable, feasible, neither? “When you come to a fork in the road, take it” – Yogi Berra
Enterprise-Centric Federated Identity Enterprise asserts identity data on behalf of an individual for which it is authoritative Attributes Identity Trust relationships and integrated applications defined by the enterprise Federations SAML is the primary protocol
User-Centric Federated Identity Self-asserted or unverified User-mediated trust establishment Opens up worlds of apps OpenID Yahoo ID, MyspaceID, Google Friend Connect Twitter?, and maybe your provider here Facebook Connect Federated identity’s largest success by far
Universities and Identity Both services and identities The natural “home” for some user data Courses, majors, titles, affiliations, grades, HR Identity-proofing? Also a home to applications Many outside applications federated today Some are low-risk, consumer-oriented
Students, Identity, and School Services how many email accounts do they have that parents don't know about- do they use same password 4 all #socialmedia ? #teens “ They don't use email so it's more a matter of which ones they forgot about. They often forget their passwords so I would guess that they don't use the same password consistently. Of course, they also share certain passwords with their closest "trusted" friends so that gets messy really fast. And they change it when there's a breakup.” Do they really care about/use school library websites? “ Nope, they don't. All but Twitter [which they don’t use] are categorized as school tools and are only used when absolutely necessary and Google won't suffice.” http://www.zephoria.org/thoughts/archives/2009/05/16/answers_to_ques.html
Natural Pressures Economy Discovery Trust and Ease of Use Users, developers, administrators We’re lazy
Economic Pressures User data is extremely valuable To both IdP/OP and SP/RP User data is extremely expensive Password resets, vetting, aging, etc. Network externalities Security externalities Save now, maybe pay later: easy choice?
Discovery Pressures Users are Lazy Interface Work is Hard Pull-downs? Text boxes? Buttons? Client code? Buttons are winning http://google-code-updates.blogspot.com/2009/05/google-openid-api-taking-next-steps.html Social bookmarking syndrome Browsers ready to enter the fray? Whither Cardspace?
Trust Pressures Administrator-mediated trust mediation is slow and arduous Federations help; could help more in a different world Consent-based trust is faster, gives users control Will they use it responsibly? Do they care? Do we care? Does it depend?
What to do? Reunification of federated identity? Protocols Discovery Trust Attributes Ne’er the two shall meet?
Protocols World’s most ridiculous fight But there’s bad blood and high stakes Most protocols can solve most problems Hacks, revisions, kludges Identity sources should support many protocols and apps should be agnostic Deployed base is large
Discovery If we don’t come up with something good, buttons win E-mail? Auto-complete with institutional name? Client software? Cardspace, Mozilla? Remember the economic pressures A few providers would also win
Trust One size will never fit all Many different user preferences Many different application needs Many different legal requirements The answer must be flexible enough Federations, consent, reputation systems, roots, authorities…
Attributes Attributes cannot be divorced from the asserting/attesting entity Natural sources of authority exist Legal name, course enrollment, music preferences Aggregation happens out-of-band today Must be automated for tomorrow Levels of Assurance
Would a Lack of Unification be Bad? User confusion, particularly with discovery or client software Data duplication, distribution Additional deployment and software complexity -- maybe Nothing new here…
Will Unification Happen? Dunno Probably some, particularly aggregation Probably not all We should endeavor to ensure that the outcome is deliberate and sufficient Cooperation Economic pressures

More Related Content

PPT
Carroll
Regina Koury
 
PDF
URMA Conference 2009
Art Upton
 
PPT
ADEA Dallas 2008
Art Upton
 
PDF
Demystifying WCAG 2.0: An Intro to Web, Office, InDesign, & PDF Accessibility
3Play Media
 
PPT
Chapter 11
Heidi Schroeder
 
PPT
Hello, My Name Is Host Name Endgrain Rad Kaminsky
Tifanija
 
PPTX
When the DOJ/OCR Makes a Visit: Lessons Learned in Resolving Complaints About...
3Play Media
 
PPT
Social Media Policy
Elizabeth Engel
 
Carroll
Regina Koury
 
URMA Conference 2009
Art Upton
 
ADEA Dallas 2008
Art Upton
 
Demystifying WCAG 2.0: An Intro to Web, Office, InDesign, & PDF Accessibility
3Play Media
 
Chapter 11
Heidi Schroeder
 
Hello, My Name Is Host Name Endgrain Rad Kaminsky
Tifanija
 
When the DOJ/OCR Makes a Visit: Lessons Learned in Resolving Complaints About...
3Play Media
 
Social Media Policy
Elizabeth Engel
 

What's hot (10)

PPT
Yammerat db andrew camacho
Andrew Camacho
 
PPT
Accessibility Workshop
Lar Veale
 
PPT
The Business of Blogging
ebiquity
 
PPT
Web 2.0: Making Email a Useful Web App
Andy Denmark
 
PPT
Unit 5
iarthur
 
PPT
Researcher@Leeds Lp
Lawrie Phipps
 
PPTX
Web 1.0, 2.0 & 3.0
National University
 
PPT
Knowledge Sharing over social networking systems
tanguy
 
PDF
Web evolution,Walfram Aplha
Islem Betta
 
PPT
“Library 2.0: Balancing the Risks and Benefits to Maximise the Dividends”
bridgingworlds2008
 
Yammerat db andrew camacho
Andrew Camacho
 
Accessibility Workshop
Lar Veale
 
The Business of Blogging
ebiquity
 
Web 2.0: Making Email a Useful Web App
Andy Denmark
 
Unit 5
iarthur
 
Researcher@Leeds Lp
Lawrie Phipps
 
Web 1.0, 2.0 & 3.0
National University
 
Knowledge Sharing over social networking systems
tanguy
 
Web evolution,Walfram Aplha
Islem Betta
 
“Library 2.0: Balancing the Risks and Benefits to Maximise the Dividends”
bridgingworlds2008
 
Ad

Viewers also liked (9)

ODP
User-Centric Identity
Eugene Kim
 
PPTX
Identity and Consumer Economics Common Assessment
16331Akari
 
PDF
Consumer Identity: a Dutch Perspective on Benefits, Issues and Next Steps (EI...
wegdam
 
PPT
User consent for consumer identity (@ISSE2010)
wegdam
 
PDF
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CloudIDSummit
 
PDF
White Paper: The Evolution of Consumer Identity: 10 Predictions for 2015
Gigya
 
PPT
User & Mobile Centric Identity
wegdam
 
PDF
User Centric Digital Identity, Talk for Computer Science and Telecommunicatio...
Kaliya "Identity Woman" Young
 
PDF
50 data principles for loosely coupled identity management v1 0
Ganesh Prasad
 
User-Centric Identity
Eugene Kim
 
Identity and Consumer Economics Common Assessment
16331Akari
 
Consumer Identity: a Dutch Perspective on Benefits, Issues and Next Steps (EI...
wegdam
 
User consent for consumer identity (@ISSE2010)
wegdam
 
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CloudIDSummit
 
White Paper: The Evolution of Consumer Identity: 10 Predictions for 2015
Gigya
 
User & Mobile Centric Identity
wegdam
 
User Centric Digital Identity, Talk for Computer Science and Telecommunicatio...
Kaliya "Identity Woman" Young
 
50 data principles for loosely coupled identity management v1 0
Ganesh Prasad
 
Ad

Similar to Opening Up User-Centric Identity (20)

PPT
Tony Nadalin' presentation at eComm 2008
eComm2008
 
PPTX
Campus Consortium EdTalks Featuring Clemson University
Campus Consortium
 
PDF
Real World Identity Managment
John Lewis
 
PPT
Identity federation & user centric identity
wegdam
 
PPTX
Identity and User Access Management.pptx
irfanullahkhan64
 
PPTX
FAM - a triumph of technology over usability - Andy Powell
Eduserv
 
PDF
Identity 101: Boot Camp for Identity North 2016
Kaliya "Identity Woman" Young
 
PPTX
Trust and identity
Jisc
 
ODP
Web 2.0 Core Concepts, Applications, and Implications
Tomáš Pitner
 
PPT
Identity 2.0 and User-Centric Identity
Oliver Pfaff
 
PDF
Trusting External Identity Providers for Global Research Collaborations
jbasney
 
PPT
Edugate Futures
HEAnet
 
PPTX
Identity Management for Web Application Developers
WSO2
 
PDF
CIS14: Authentication: Who are You? You are What You Eat
CloudIDSummit
 
PDF
CIS14: Authentication: Who are You? You are What You Eat
CloudIDSummit
 
PPT
Federated Access Management 102
JISC.AM
 
ODP
Shibboleth Guided Tour Webinar
John Lewis
 
PDF
My Identiverse: The Evolution of Digital Identity and Openness
Kaliya "Identity Woman" Young
 
PPSX
Improving the User Experience
Eduserv
 
PPT
Federated Futures (Nicole Harris)
JISC.AM
 
Tony Nadalin' presentation at eComm 2008
eComm2008
 
Campus Consortium EdTalks Featuring Clemson University
Campus Consortium
 
Real World Identity Managment
John Lewis
 
Identity federation & user centric identity
wegdam
 
Identity and User Access Management.pptx
irfanullahkhan64
 
FAM - a triumph of technology over usability - Andy Powell
Eduserv
 
Identity 101: Boot Camp for Identity North 2016
Kaliya "Identity Woman" Young
 
Trust and identity
Jisc
 
Web 2.0 Core Concepts, Applications, and Implications
Tomáš Pitner
 
Identity 2.0 and User-Centric Identity
Oliver Pfaff
 
Trusting External Identity Providers for Global Research Collaborations
jbasney
 
Edugate Futures
HEAnet
 
Identity Management for Web Application Developers
WSO2
 
CIS14: Authentication: Who are You? You are What You Eat
CloudIDSummit
 
CIS14: Authentication: Who are You? You are What You Eat
CloudIDSummit
 
Federated Access Management 102
JISC.AM
 
Shibboleth Guided Tour Webinar
John Lewis
 
My Identiverse: The Evolution of Digital Identity and Openness
Kaliya "Identity Woman" Young
 
Improving the User Experience
Eduserv
 
Federated Futures (Nicole Harris)
JISC.AM
 

More from Eduserv Foundation (16)

PPT
User-centric Research
Eduserv Foundation
 
PPT
Experiences in federated access control for UK e-Science
Eduserv Foundation
 
PPT
News from the new coffeehouses
Eduserv Foundation
 
PPT
Virtual World Watch - summary of Second Life Snapshots
Eduserv Foundation
 
PPT
Sausages, coffee, chicken and the web: Establishing new trust metrics for sch...
Eduserv Foundation
 
PPT
Universities and social networking: making sense out of nonsense
Eduserv Foundation
 
PPT
Web 2.0: Managing the Risks
Eduserv Foundation
 
PPT
BBC 2.0 Years On
Eduserv Foundation
 
PPT
How Web 2.0 changed the Guardian
Eduserv Foundation
 
PPT
UKOLN Blogs and Social Networks workshop - all presentations
Eduserv Foundation
 
PDF
OpenIDand User-Centric Identity: It’s All About Me
Eduserv Foundation
 
PPT
OpenID and eLearning
Eduserv Foundation
 
PPT
Virtual worlds in context
Eduserv Foundation
 
PPT
Holyrood Park: a virtual campus for Edinburgh
Eduserv Foundation
 
PPT
Second Nature - Nature Publishing Group In Second Life
Eduserv Foundation
 
PPT
SEAL - Second Environment, Advanced Learning
Eduserv Foundation
 
User-centric Research
Eduserv Foundation
 
Experiences in federated access control for UK e-Science
Eduserv Foundation
 
News from the new coffeehouses
Eduserv Foundation
 
Virtual World Watch - summary of Second Life Snapshots
Eduserv Foundation
 
Sausages, coffee, chicken and the web: Establishing new trust metrics for sch...
Eduserv Foundation
 
Universities and social networking: making sense out of nonsense
Eduserv Foundation
 
Web 2.0: Managing the Risks
Eduserv Foundation
 
BBC 2.0 Years On
Eduserv Foundation
 
How Web 2.0 changed the Guardian
Eduserv Foundation
 
UKOLN Blogs and Social Networks workshop - all presentations
Eduserv Foundation
 
OpenIDand User-Centric Identity: It’s All About Me
Eduserv Foundation
 
OpenID and eLearning
Eduserv Foundation
 
Virtual worlds in context
Eduserv Foundation
 
Holyrood Park: a virtual campus for Edinburgh
Eduserv Foundation
 
Second Nature - Nature Publishing Group In Second Life
Eduserv Foundation
 
SEAL - Second Environment, Advanced Learning
Eduserv Foundation
 

Recently uploaded (20)

PPTX
Cell Types and Its function , kingdom of life
ClaireMangundayao1
 
PPTX
PPH.pptx obstetrics and gynecology in nursing
SrideviDevaraj5
 
PDF
Microbial disease of the cardiovascular and lymphatic systems
KeyaSharma
 
PPTX
Introduction to Child Health Nursing – Unit I | Child Health Nursing I | B.Sc...
RAKESH SAJJAN
 
PDF
2.FourierTransform-ShortQuestionswithAnswers.pdf
Raji Murugan
 
PDF
The Lost Whites of Pakistan by Jahanzaib Mughal.pdf
jahanzaibmughal6
 
PDF
Complications of Minimal Access Surgery at WLH
mohitsuren827
 
PPTX
Week 4 Term 3 Study Techniques revisited.pptx
mansk2
 
PDF
Supply Chain Operations Speaking Notes -ICLT Program
labyankof
 
PDF
STATICS OF THE RIGID BODIES Hibbelers.pdf
pascualasturiaskaye4
 
PPTX
IMMUNITY IMMUNITY refers to protection against infection, and the immune syst...
shilpa939953
 
PDF
Business Ethics Teaching Materials for college
CynthiaCastillo40
 
PPTX
BOWEL ELIMINATION FACTORS AFFECTING AND TYPES
PreetiSawant10
 
PDF
Pre independence Education in Inndia.pdf
goofy5603
 
PDF
Mark Klimek Lecture Notes_240423 revision books _173037.pdf
pascalgumisiriza1
 
PDF
3rd Neelam Sanjeevareddy Memorial Lecture.pdf
Academy of Grassroots Studies and Research of India (AGRASRI)
 
PDF
Classroom Observation Tools for Teachers
Nicaramirez
 
PPTX
school management -TNTEU- B.Ed., Semester II Unit 1.pptx
NihumathunnisaH
 
PPTX
Introduction_to_Human_Anatomy_and_Physiology_for_B.Pharm.pptx
chetansingh379583
 
PDF
Module 4: Burden of Disease Tutorial Slides S2 2025
Jonathan Hallett
 
Cell Types and Its function , kingdom of life
ClaireMangundayao1
 
PPH.pptx obstetrics and gynecology in nursing
SrideviDevaraj5
 
Microbial disease of the cardiovascular and lymphatic systems
KeyaSharma
 
Introduction to Child Health Nursing – Unit I | Child Health Nursing I | B.Sc...
RAKESH SAJJAN
 
2.FourierTransform-ShortQuestionswithAnswers.pdf
Raji Murugan
 
The Lost Whites of Pakistan by Jahanzaib Mughal.pdf
jahanzaibmughal6
 
Complications of Minimal Access Surgery at WLH
mohitsuren827
 
Week 4 Term 3 Study Techniques revisited.pptx
mansk2
 
Supply Chain Operations Speaking Notes -ICLT Program
labyankof
 
STATICS OF THE RIGID BODIES Hibbelers.pdf
pascualasturiaskaye4
 
IMMUNITY IMMUNITY refers to protection against infection, and the immune syst...
shilpa939953
 
Business Ethics Teaching Materials for college
CynthiaCastillo40
 
BOWEL ELIMINATION FACTORS AFFECTING AND TYPES
PreetiSawant10
 
Pre independence Education in Inndia.pdf
goofy5603
 
Mark Klimek Lecture Notes_240423 revision books _173037.pdf
pascalgumisiriza1
 
3rd Neelam Sanjeevareddy Memorial Lecture.pdf
Academy of Grassroots Studies and Research of India (AGRASRI)
 
Classroom Observation Tools for Teachers
Nicaramirez
 
school management -TNTEU- B.Ed., Semester II Unit 1.pptx
NihumathunnisaH
 
Introduction_to_Human_Anatomy_and_Physiology_for_B.Pharm.pptx
chetansingh379583
 
Module 4: Burden of Disease Tutorial Slides S2 2025
Jonathan Hallett
 

Opening Up User-Centric Identity

  • 1. Opening Up User-Centric Identity Nate Klingenstein [email_address] Internet2 Shibboleth Project Royal College of Physicians Eduserv Symposium 2009 21 st May, 2009: London
  • 2. Identity is Totally Forked Federated identity has diverged Enterprise-centric User-centric Nothing matters but users and applications Is divergence desirable, feasible, neither? “When you come to a fork in the road, take it” – Yogi Berra
  • 3. Enterprise-Centric Federated Identity Enterprise asserts identity data on behalf of an individual for which it is authoritative Attributes Identity Trust relationships and integrated applications defined by the enterprise Federations SAML is the primary protocol
  • 4. User-Centric Federated Identity Self-asserted or unverified User-mediated trust establishment Opens up worlds of apps OpenID Yahoo ID, MyspaceID, Google Friend Connect Twitter?, and maybe your provider here Facebook Connect Federated identity’s largest success by far
  • 5. Universities and Identity Both services and identities The natural “home” for some user data Courses, majors, titles, affiliations, grades, HR Identity-proofing? Also a home to applications Many outside applications federated today Some are low-risk, consumer-oriented
  • 6. Students, Identity, and School Services how many email accounts do they have that parents don't know about- do they use same password 4 all #socialmedia ? #teens “ They don't use email so it's more a matter of which ones they forgot about. They often forget their passwords so I would guess that they don't use the same password consistently. Of course, they also share certain passwords with their closest "trusted" friends so that gets messy really fast. And they change it when there's a breakup.” Do they really care about/use school library websites? “ Nope, they don't. All but Twitter [which they don’t use] are categorized as school tools and are only used when absolutely necessary and Google won't suffice.” http://www.zephoria.org/thoughts/archives/2009/05/16/answers_to_ques.html
  • 7. Natural Pressures Economy Discovery Trust and Ease of Use Users, developers, administrators We’re lazy
  • 8. Economic Pressures User data is extremely valuable To both IdP/OP and SP/RP User data is extremely expensive Password resets, vetting, aging, etc. Network externalities Security externalities Save now, maybe pay later: easy choice?
  • 9. Discovery Pressures Users are Lazy Interface Work is Hard Pull-downs? Text boxes? Buttons? Client code? Buttons are winning http://google-code-updates.blogspot.com/2009/05/google-openid-api-taking-next-steps.html Social bookmarking syndrome Browsers ready to enter the fray? Whither Cardspace?
  • 10. Trust Pressures Administrator-mediated trust mediation is slow and arduous Federations help; could help more in a different world Consent-based trust is faster, gives users control Will they use it responsibly? Do they care? Do we care? Does it depend?
  • 11. What to do? Reunification of federated identity? Protocols Discovery Trust Attributes Ne’er the two shall meet?
  • 12. Protocols World’s most ridiculous fight But there’s bad blood and high stakes Most protocols can solve most problems Hacks, revisions, kludges Identity sources should support many protocols and apps should be agnostic Deployed base is large
  • 13. Discovery If we don’t come up with something good, buttons win E-mail? Auto-complete with institutional name? Client software? Cardspace, Mozilla? Remember the economic pressures A few providers would also win
  • 14. Trust One size will never fit all Many different user preferences Many different application needs Many different legal requirements The answer must be flexible enough Federations, consent, reputation systems, roots, authorities…
  • 15. Attributes Attributes cannot be divorced from the asserting/attesting entity Natural sources of authority exist Legal name, course enrollment, music preferences Aggregation happens out-of-band today Must be automated for tomorrow Levels of Assurance
  • 16. Would a Lack of Unification be Bad? User confusion, particularly with discovery or client software Data duplication, distribution Additional deployment and software complexity -- maybe Nothing new here…
  • 17. Will Unification Happen? Dunno Probably some, particularly aggregation Probably not all We should endeavor to ensure that the outcome is deliberate and sufficient Cooperation Economic pressures