Attributes Centric Identity Architecture
Facebook Twitter LinkedIn

Attributes Centric Identity Architecture

Combined Session
Wednesday, May 05, 2010 15:00—16:00
Location: Antares

Attributes Centric Identity Architecture

After so many years of conflict, the war in between authentication protocols finally ended. While there is no clear winner, the only three survivors (SAML2, OpenID & InfoCard) have established an informal "armistice", where each claims to be more complementary than competitors. The industry, as well as customers, can easily sustain three protocols. Today any significant software implementation bridges the remaining protocols seamlessly. While this scenario may not be perfect, it seems "good enough" to do the job.

Nevertheless, we should not forget that seamless authentication is not our end goal, it is only the entry door toward the next generation of identity enabled architecture. As a result, the authentication protocol "armistice" is only an open gate that allows us to move forward. While authentication is a "MUST HAVE" technical feature, it does not provide any added value to applications and to endusers. To enable applications to make identity aware decisions (ex: grant access, personalized contend, custom value for transactions, …) is to also make authentication is useless. What we need is personal attributes hidden behind a given user's identity. While authentication is the entry door that allows attributes to be searched, it does not provide the true solution that we seek.

In a distributed environment, like the Internet, users attributes are spread out in many different locations (ex: banks, governments, telcos, socialnetworks, …). Furthermore, for a given user, those locations may change (not everyone has the same bank !). To make the scenario even more complex, different locations may hold different values for the same attributes (ex: your postal address).

The goal of attribute centric architecture is to enable applications to discover attributes for a given user. This allows applications to make the right decision, at the right time, for the right user. While the technology needed to build this attribute centric vision in a distributed environment is more or less available, it still imposes significant changes in existing IT architectures. First, the security model should move from a “channel model” toward a "message model". Additionally, applications should expect to dynamically discover the source of an attribute and stop making the assumption they must have a local copy. Last, but not least, applications should have a mechanism to rate the authenticity of the received attributes to an assurance level that is compatible with the requested operation. Applications must do all of this, obviously, without forgetting the systemic identity constrains attached to a modern distributed environment (privacy, userconsent, security, scalability, interoperability, …).

Attributes Centric Identity Architecture
Presentation deck
Attributes Centric Identity Architecture
Click here to download the slide deck. Please note that downloads are only available for event participants and subscribers. You'll need to log in to download it.
Fulup Ar Foll
Fulup Ar Foll
Oracle / Kantara
Fulup Ar Foll holds a master from French Military School in Computer Science. Before joining Sun he was a research engineer for 10 years on distributed technologies for the French Department of...

Improving the Security and Usability of OpenID

OpenID has gained significant popularity as an Internet identity system. Nonetheless, its adoption has been limited by usability and security issues. It has been widely speculated in the community that one of the ways that we can make OpenID more usable and safer is with the introduction of an active client to assist the user with his logon experience. In this session, we will describe the results of a community collaboration to develop an experimental multi-protocol version of Windows CardSpace that enables end-users to bring their OpenIDs to web sites. The session will also provide an update on the work being carried in the OpenID Community on the next version of the protocol.

Improving the Security and Usability of OpenID
Presentation deck
Improving the Security and Usability of OpenID
Click here to download the slide deck. Please note that downloads are only available for event participants and subscribers. You'll need to log in to download it.
Ariel Gordon
Ariel Gordon
Microsoft
Ariel joined Microsoft’s Identity and Security Division in 2008.  He leads the End-to-End Scenarios team responsible for aligning value proposition to customers’ scenarios and...
Subscribe for updates
Please provide your email address