Federating Digital Identity by mercy2beans119

VIEWS: 0 PAGES: 9

									Federating Digital Identity                                        TAKE IT TO THE NTH




    Federating Digital Identity

    Peter Cattaneo
    November 9, 2001
          November 2001 - Peter Cattaneo, Sun Microsystems, Inc.




Federating Digital Identity



   Agenda

      Federated Identity

      Server or Individual

      Real World Examples

      Future Trends
          November 2001 - Peter Cattaneo, Sun Microsystems, Inc.




                                                                                        1
Federating Digital Identity                                                                               Powered
                                                                                                          By
                                       SUN's Vision
                                                                                 Back
                                                                                 Office
               3rd                                                               Servers
              Party
             Service
                s            Secure                                     Remot
             Provider
                s
                              Email
                                 E-
                                               Network                     e
                                                                        Bankin
                                                                           g
                             Commerce
                         Coupons
                            &                  Services                Gam
                                                                         e        Travel
                                                                                Reservatio
                         Promotion          Parental Control                        n
                             s     User                               Pay-per-event
                 ISD             Profiles           Single log-       Entertainment
                  N                                     in


                                                 Technolog
                                                 y                                           Satellite
                        DS                       Foundatio
                         L
                              Dial-              n
                                                 Cable                            Paging
                               up               Modem          Cellular/GS
                                                                    M
                                                                                                             Airpor
                                                                                                                t


 Office                                                                                                  Travel
                                    Home
          November 2001 - Peter Cattaneo, Sun Microsystems, Inc.                   Mobility



Federating Digital Identity



   Federated Identity (1)
                                                                              Extended
                                                                             Identity #2




                  Basic                                                                Extended
                 Identity                                                             Identity #1




          November 2001 - Peter Cattaneo, Sun Microsystems, Inc.




                                                                                                                      2
Federating Digital Identity



   Federated Identity (1)

     Single Identity
     Extended
     Attributes
     Centralized Trust of Identity
     Distributed Control of Extensions

          November 2001 - Peter Cattaneo, Sun Microsystems, Inc.




Federating Digital Identity



   Federated Identity (2)




              Identity #1                                      Identity #2




          November 2001 - Peter Cattaneo, Sun Microsystems, Inc.




                                                                             3
Federating Digital Identity



   Federated Identity (2)

     Multiple Identities
     Shared Attributes

     3rd Party Trust
           May include identity
           May exclude identity
          November 2001 - Peter Cattaneo, Sun Microsystems, Inc.




Federating Digital Identity

   Server or Individual
   Federation
           Which end of the pipe manages
           the Federation?
                  Server or Client?
           Issues
                user convenience
                user control
                privacy
                legacy support
          November 2001 - Peter Cattaneo, Sun Microsystems, Inc.




                                                                   4
Federating Digital Identity



   Server Federation

      Single Sign On
      Kerberos-style
             Authentication Server
             Tickets for resources



          November 2001 - Peter Cattaneo, Sun Microsystems, Inc.




Federating Digital Identity



   Client Side Federation

      Individual Authentication to each
      server
      Sharing managed from the client




          November 2001 - Peter Cattaneo, Sun Microsystems, Inc.




                                                                   5
Federating Digital Identity



   Smart Card Federation

      One-time authentication to a
      secure token
      Multiple authentication from
      secure token to servers
      Sharing managed from the client
      or smart card
          November 2001 - Peter Cattaneo, Sun Microsystems, Inc.




Federating Digital Identity



   Federation Issues

                               Server                  Client      Card
   user convenience                  high                  low      high
   user control                      low                   high     high
   privacy                           server                high     high


   legacy support                    low                   high     high




          November 2001 - Peter Cattaneo, Sun Microsystems, Inc.




                                                                           6
Federating Digital Identity



   Real World Examples

      U.S. Department of Defense
      Common Access Card
      U.S. General Services Administration
      Smart Access Common ID Card
      Sun’s JavaBadge™ Employee ID


          November 2001 - Peter Cattaneo, Sun Microsystems, Inc.




Federating Digital Identity
JAVA CARD TECHNOLOGY


U.S. Government – Dept. of
Defense Common Access Card
 • Military ID and Geneva Convention Card
                                                                                     Armed Forces of the

 • DoD-wide Health Benefits ID Card                                                     United States




 • Authenticates Applicants
   Using Stored Fingerprint                                            Leung,
                                                                                            Army
                                                                                         Reserve Duty

                                                                       Albert
 • Physical Access and Manifesting
 • Logical Access with PKI                                                   Pay Grade
                                                                             O5
                                                                                            Rank
                                                                                            LTC

 • Cryptographic Co-processor with
   On-card Key Generation                                          Geneva Conventions Identification Card



 • FIPS 140-1 Level 2 Certification
 • Supports Branch-specific Applications
 • 4.3 million Common Access Cards to All Active
      November 2001 - Update, October Sun Microsystems, Inc. Sun Microsystems,
      DMDC Java Card Peter Cattaneo, 2001 - Peter Cattaneo,
   Duty Military Personnel and Select DoD Civilians
      Inc




                                                                                                            7
 Federating TECHNOLOGY
JAVA CARDDigital Identity
 US Government Services
 Administration
 Smart Access Common ID Program
      Government Employee Identification
      (Empowerment Card)
    • GSA Established Interoperability
       Standards for Government-wide
       Multi-application Smart Cards
    • Applications:
        _   Access Control    - Kiosks
        _   Logical Access/PKI - Transportation
        _   Property Pass     - E-Purse/Loyalty
        _   Medical Profile   - Training/Certification
        _   Stored Value      - Event Attendance Activity
         November 2001 - Update, October Sun Microsystems, Inc. Sun Microsystems,
         DMDC Java Card Peter Cattaneo, 2001 - Peter Cattaneo,
         Inc




 Federating TECHNOLOGY
JAVA CARDDigital Identity


   Sun Java Badge Program
   Logical Access/Authentication to Sun WAN:
      Sun’s Employee Portal - Remote Access
      SunRay – Session Mobility
                                           Albert
      Solaris workstation - Single sign-on                                     Leung
                                                                               39679


      WinTel Support
  Physical Access by Proximity
  (contactless) and Magnetic Stripe
  Virtual Private Network Support
• Multiple Applications including
  Digital Signature
• Being Issued to All 40,000Inc. Sun Microsystems,
      November 2001 - Update, October Sun Microsystems,
                                                         Employees
      DMDC Java Card Peter Cattaneo, 2001 - Peter Cattaneo,
      Inc




                                                                                       8
Federating Digital Identity



   Moving Forward
      Liberty Alliance
           Extending Real-World ID relationships

           Standardize Interfaces




          November 2001 - Peter Cattaneo, Sun Microsystems, Inc.




JAVA CARD TECHNOLOGY
Federating Digital Identity                                        TAKE IT TO THE NTH




    Thank You
    Peter.Cattaneo@sun.com
          November 2001 - Peter Cattaneo, Sun Microsystems, Inc.




                                                                                        9

								
To top