Docstoc

DemoKit-General

Document Sample
DemoKit-General Powered By Docstoc
					Fidelity Demokit
Olli Jussila and Mikko Laukkanen, TeliaSonera




February 21, 2010
The identity management nightmare in the Internet
Personal information spread across the Internet
Problem statement

• Identity and authentication
     –   Advanced internet services require an account at a service provider with a password
     –   Each user has many accounts accessible via Internet and still growing  no longer
         manageable by the end-user
     –   Simple userid/password is not strong enough for many service providers
     –   Introduction of stronger authentication is expensive for service provider
     –   Usage of various authentication methods for each service provider makes the service access
         complicated
     –   It would be nice to be able to exploit the capabilities of the mobile phone-SIM in the application
         authentication
• Personal information
     –   Advanced service providers require registration  personal and private information spread
         across the service providers
     –   Every service provider has to maintain user database  personal information about users is
         duplicated in many places
     –   Users have very limited control over their personal and private data
     –   Mobile terminals with limited keyboards make it very difficult to fill forms manually
Solution: We need identity providers!

• IdP establishes a Circle of Trust - business
  relationships and operational agreements with Service
  Providers – with whom users can transact business in
  a secure and seamless environment

• IdP provides identity information to trusted Service
  Providers based on the end user’s permission and
  identity federation

• IdP provides authentication services to Service
  Providers and enables users to utilise their personal
  information more easily via Identity-based Web
  Service

• Mobile operators as trusted actors with large secured
  (SIM-cards) customer bases are ideal for acting as
  IdPs

                     The technology is already standardized by the
Global opportunities via identity roaming

• Any IdP cannot reach all the service providers,
  especially the foreign one

• But it could be possible through identity roaming,                                 CoT
  where interconnections between CoTs (Inter-CoT)
                                                                   CoT
  are established

• For users, identity roaming enables usage of other
  CoTs’ services globally with local authentication                  Pan-European

                                                                     Identity Roaming
• For service providers, identity roaming enlarges                            &
  the customer base; all the IDP customers are also          CoT     Single Sign On
  potential customers for all the service providers                      Inter-CoT

• Mobile operators has a proven excellent track
  record of providing global roaming and               CoT
  interconnected services
The rationale for Fidelity project

• The Fidelity project was established to address the aforementioned challenges, problems,
  and opportunities
• The Fidelity project’s fundamental principles are
    – The work should rely on open standards
    – The solution to be promoted should be agnostic to access technology (fixed/broadband, mobile,
      and wireless) and must utilize already existing elements (for instance AAA infrastructure)
• Main expectations
    – Simplify identity management for service providers and users
    – Offer a high level of privacy and security by providing strong authentication in a seamless manner
    – Exploit the capabilities of smart cards (e.g, SIM cards)
    – Mobile operators are trusted by the users and the service providers; with roaming experience they
      are the key actors in establishing Inter-CoT environments
Objectives of Fidelity project

• Demonstrate the technical viability of the Liberty approach in a pan-European context
  by setting up four CoTs with mobile operators as IdPs in a heterogeneous infrastructure
• Demonstrate the interoperability of identity roaming/interconnection between Identity
  Providers and Service Providers in CoT /interCoT using realistic scenarios
    – SSO, ID federation, attribute sharing
• Study legal, privacy, and socionomical
  issues in Inter-CoT environments
• Interoperability between different
  authentication methods
    – Define authentication levels
      between CoTs
• Include smart cards as authentication
  devices and attribute storages
• Introduce support for non-HTTP
  services
The Fidelity consortium

    Fidelity partners

      Operators                                 Industry




     SMEs /
     Universities




    The Fidelity consortium is sponsored by EUREKA/CELTIC and several European governments.

    The Fidelity has liaision with
Fidelity components

                                                 SSO
                     DS                           &                                                DS
                                          Attribute sharing
 IDP
                                                                             IDP
         SP    WSC WSP                                                                   SP    WSC WSP




                              Trusted SPs                       Authentication
                                                                   services




                                                                                       Identifier / WSP
              federation    identifiers

                                                                         DS
                                                IDP
       identifiers                              Identity Provider
                                                                         Discovery
                                                                         Service
                                                                                              Circle of Trust
                     One time id
                                             SSO
                                                        Attribute sharing

                                                                                     WSP
                                                                                     Web
                               SP
                                                                                     Service
                               Service
                                                                                     Provider(s)
                               Provider(s)
                                                SP/WSC
                                                Web
                                                Service
                                                Consumer
 Fidelity use cases

 Use-cases are used to test and demonstrate the functionality and interoperability of Liberty
    specifications in InterCoT environment. The use-cases illustrate the proof-of-concept


Use cases:                                      Identity-based services (attribute providers):
   – Book a hotel room                              – Personal Profile and Personalization
   – Download a game                                – Wallet
   – Call a contact                                 – Calendar
   – Search a near restaurant                       – Contact book
   – Student exchange service                       – Geolocation
   – Register with a mobile
   – Automatic intra/inter-CoT relationships

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:2
posted:2/22/2010
language:Finnish
pages:12