Learning Center
Plans & pricing Sign in
Sign Out
Get this document free



									Fidelity Demokit
Olli Jussila and Mikko Laukkanen, TeliaSonera

February 21, 2010
The identity management nightmare in the Internet
Personal information spread across the Internet
Problem statement

• Identity and authentication
     –   Advanced internet services require an account at a service provider with a password
     –   Each user has many accounts accessible via Internet and still growing  no longer
         manageable by the end-user
     –   Simple userid/password is not strong enough for many service providers
     –   Introduction of stronger authentication is expensive for service provider
     –   Usage of various authentication methods for each service provider makes the service access
     –   It would be nice to be able to exploit the capabilities of the mobile phone-SIM in the application
• Personal information
     –   Advanced service providers require registration  personal and private information spread
         across the service providers
     –   Every service provider has to maintain user database  personal information about users is
         duplicated in many places
     –   Users have very limited control over their personal and private data
     –   Mobile terminals with limited keyboards make it very difficult to fill forms manually
Solution: We need identity providers!

• IdP establishes a Circle of Trust - business
  relationships and operational agreements with Service
  Providers – with whom users can transact business in
  a secure and seamless environment

• IdP provides identity information to trusted Service
  Providers based on the end user’s permission and
  identity federation

• IdP provides authentication services to Service
  Providers and enables users to utilise their personal
  information more easily via Identity-based Web

• Mobile operators as trusted actors with large secured
  (SIM-cards) customer bases are ideal for acting as

                     The technology is already standardized by the
Global opportunities via identity roaming

• Any IdP cannot reach all the service providers,
  especially the foreign one

• But it could be possible through identity roaming,                                 CoT
  where interconnections between CoTs (Inter-CoT)
  are established

• For users, identity roaming enables usage of other
  CoTs’ services globally with local authentication                  Pan-European

                                                                     Identity Roaming
• For service providers, identity roaming enlarges                            &
  the customer base; all the IDP customers are also          CoT     Single Sign On
  potential customers for all the service providers                      Inter-CoT

• Mobile operators has a proven excellent track
  record of providing global roaming and               CoT
  interconnected services
The rationale for Fidelity project

• The Fidelity project was established to address the aforementioned challenges, problems,
  and opportunities
• The Fidelity project’s fundamental principles are
    – The work should rely on open standards
    – The solution to be promoted should be agnostic to access technology (fixed/broadband, mobile,
      and wireless) and must utilize already existing elements (for instance AAA infrastructure)
• Main expectations
    – Simplify identity management for service providers and users
    – Offer a high level of privacy and security by providing strong authentication in a seamless manner
    – Exploit the capabilities of smart cards (e.g, SIM cards)
    – Mobile operators are trusted by the users and the service providers; with roaming experience they
      are the key actors in establishing Inter-CoT environments
Objectives of Fidelity project

• Demonstrate the technical viability of the Liberty approach in a pan-European context
  by setting up four CoTs with mobile operators as IdPs in a heterogeneous infrastructure
• Demonstrate the interoperability of identity roaming/interconnection between Identity
  Providers and Service Providers in CoT /interCoT using realistic scenarios
    – SSO, ID federation, attribute sharing
• Study legal, privacy, and socionomical
  issues in Inter-CoT environments
• Interoperability between different
  authentication methods
    – Define authentication levels
      between CoTs
• Include smart cards as authentication
  devices and attribute storages
• Introduce support for non-HTTP
The Fidelity consortium

    Fidelity partners

      Operators                                 Industry

     SMEs /

    The Fidelity consortium is sponsored by EUREKA/CELTIC and several European governments.

    The Fidelity has liaision with
Fidelity components

                     DS                           &                                                DS
                                          Attribute sharing
         SP    WSC WSP                                                                   SP    WSC WSP

                              Trusted SPs                       Authentication

                                                                                       Identifier / WSP
              federation    identifiers

       identifiers                              Identity Provider
                                                                                              Circle of Trust
                     One time id
                                                        Attribute sharing

 Fidelity use cases

 Use-cases are used to test and demonstrate the functionality and interoperability of Liberty
    specifications in InterCoT environment. The use-cases illustrate the proof-of-concept

Use cases:                                      Identity-based services (attribute providers):
   – Book a hotel room                              – Personal Profile and Personalization
   – Download a game                                – Wallet
   – Call a contact                                 – Calendar
   – Search a near restaurant                       – Contact book
   – Student exchange service                       – Geolocation
   – Register with a mobile
   – Automatic intra/inter-CoT relationships

To top