Identity and Data Protection Clearing up a Cloudy
- Slides: 19
Identity and Data Protection: Clearing up a Cloudy World with Open Standards Laurent Liscia, OASIS Executive Director Munich, May 2011
OASIS Mission To drive the development, convergence and adoption of open standards for the global information society. Survey of Structured Information Standards, XML Asia Pacific 2001
Over 5, 000 participants representing more than 600 organizations and individuals 60+ technical committees producing royaltyfree and RAND standards "The largest standards group for electronic commerce on the Web" Survey of Structured Information Standards, XML Asia Pacific 2001
OASIS for e-business and e-government: you know us by our standards Service Oriented Architecture: SOA Reference Model, ID-Cloud, eb. XML, SCA. . . Security & Access: SAML, XACML, WS-Security, KMIP, WS-Federation, XSPA. . . Documents: Open. Document (ODF), DITA. CMIS, Doc. Book, UOML. . . e-Government: CAP, EDXL, Legal. XML Election. ML, EMIX (Smart Survey of Structured Information Standards, XML Asia Pacific 2001
U vous You Vás Sie voit Ubiquitous Internet service and smartdevices richly enhance our lives -and the risk of personal data being mislaid, misused or misrepresented. How to use 21 st Century e-Identity, without getting e-ripped off? Survey of Structured Information Standards, XML Asia Pacific 2001
Why Open Standards? Being a smart standards user Standards permit open markets to grow Standards & stability you can rely on Real standards vs. drafts and proposals Conformance and interoperability Survey of Structured Information Standards, XML Asia Pacific 2001
Why Open Standards? Standards Permit Open Markets to Grow New devices can join networks on a equal footing k. Wh/€ k. Wh/€ Survey of Structured Information Standards, XML Asia Pacific 2001
Why Open Standards? Open Standards are Reliable and Stable Established standards bodies manage and publish their work in neutral, archival forms The standard on which you build is less likely to disappear, be obsoleted or invisibly modified This is why governments prefer standards use: WTO Technical Barriers to Trade Agreement, Annex 3 http: //www. wto. org/english/ docs_e/ Survey of Structured Information Standards, XML Asia Pacific 2001
Why Open Standards? Real Standards, versus Drafts and Proposals Finally approved open standards have the benefits of open process protection and licensing rules Notes, drafts and proposals may just be one company's idea - or property Survey of Structured Information Standards, XML Asia Pacific 2001
Why Open Standards? Real Standards are Testable Conformance clauses and genuine interoperability make reliable implementation possible Standards rely on each other: implementation stacks employ multiple, interdependent data structures. Successful composition depends on consistent conformance. Survey of Structured Information Standards, XML Asia Pacific 2001
Aggregated open standards fit together, and work like a set of filters XML + SOAP + WSS + SAML + XACML + RBAC. . . Markup style Messagin g Security binding or: Assertion s Access control Rolebased access SMTP + Unicode + IMAP 3/POP 3 + HTML +. . . ("email") or: OAuth + Open. ID + SAML + XRI +. . . Each standard permits use of the others. . . but this depends on conformance Survey of Structured Information Standards, XML Asia Pacific 2001
Who controls your user identity authentication transactions? ABC 123 You, sort of: but not always very well. Can we do better? Survey of Structured Information Standards, XML Asia Pacific 2001
Who controls your user identity authentication transactions? ABC 123 Someone else (single source) Survey of Structured Information Standards, XML Asia Pacific 2001
Who controls your user identity authentication transactions? ABC 123 Lots of someone elses (user choice) Survey of Structured Information Standards, XML Asia Pacific 2001
User choice via secure federated identity is better. . . and it's standardsdriven * Compatible metadata * Guidelines for joining system & federating * Common representation of ID assertions & rules * Common expressions of shared privacy / auth. Z requirements ABC 123 * Common UI practices * Privacy policy expressions * Shared access control & rule expressions * Common expressions of shared authentication requirements * Shared security level expressions, services and SLA negotiation * Federation protocols for extensible network * Common reliable messaging exchange patterns * Data repository interaction methods * Compatible metadata Survey of Structured Information Standards, XML Asia Pacific 2001
SOAP version eb. MS 2/3/ AS 4 (eb. BP) PEPPOL START/LIME SPOCS REM SOAP 1. 1 or 1. 2 1. 1 1. 2 X. 509 and User. Name password token START SAML token SPOCS SAML token Multipart/Related: SOAP with Multipart/Related MTOM A diverse federated system, attachments WS-Transfer adding new 1. 1 nodes, Reliable Messaging constantly WS-Reliability 1. 1, WS-Reliable. Messaging (Optional) WS- will Reliable. Messaging 1. 1 WS-Reliable-Messaging 1. 1 or use 1. 2 multiple data structures and AS 4 Reception Awareness methods. Security WS-Security 1. 0 or 1. 1 WS-Security 1. 1 Payloads and attachments eb. MS 2. 0 or 3. 0 multi-hop (end “Four corner” model (relayed/re -to-end), WS-I RSP compliant (relayed/re-encoded, not based on WS-I They all must interoperate. based on WS-I RSP) Intermediary / forwarding model B 2 B headers eb. MS header extension elements (WS-Addressing optional) WS-Transfer values for WSAddressing and extension headers SPOCS values for wsa: Action REM Dispatch / Evidence Body Acceptance Signal Out of scope (eb. BP) Out of scope REM evidence “Light Clients” eb. MS 3 “Pull” LIME (webmail, email client) Participating systems need No START SAML token SPOCS SAML token common representations, or Non-Repudiation of eb. MS Receipt (eb. BP) REM evidence shared useable. No? crosswalks, of Receipt (Relayed) Delivery Out of scope (eb. BP) Out of scope REM evidence their capabilities, services & data. Notifications Encoding Sender /Submitter Indentity and authentication Standards supply (eb. XML Registry) SML / SMPthat. Routing and Discovery TSL Partner Identification (eb. Core Party Id) (PEPPOL or eb. Core Party Id) (Multiple including email) Compression AS 4 payload compression or Part 2 message compression No No Very large message handling AS 2 Restart or Part 2 split/join protocol No No Multiple user messages Part 2 Bundling No No Survey of Structured Information Standards, XML Asia Pacific 2001
OASIS Identity standards empower users Security Assertion ML (SAML) TC • Reusable representations of user XACML TC • Access control and authorization • • • authentication, entitlement and attribute data Widely used in NSTIC, Kantara, Open. ID, other frameworks See: http: //www. oasisopen. org/committees/security WS-Federation TC / WSTrust • Message exchange and • • metadata/token policy control Federation and brokered trust capabilities See: http: //www. oasisopen. org/committees/wsfed • policy representation Role-based access and hierarchical resource profile See: http: //www. oasisopen. org/committees/xacml Provisioning Services (SPML) TC • Common XML language for • • provisioning and allocation of enterprise identity Builds on LDAP, Active Directory, DSML See: http: //www. oasisopen. org/committees/provision Survey of Structured Information Standards, XML Asia Pacific 2001
OASIS Cloud standards empower users SOA Reference Model Identity in the Cloud TC TC • Standards profiles for open • Abstract model of the basic identity deployment, provisioning • • & management in cloud environments Use cases & gap analysis See: http: //www. oasisopen. org/committees/id-cloud Privacy Management Reference Model (PMRM) TC • Service & interaction patterns for • deploying and assessing formal, reusable representations of privacy policies See: http: //www. oasisopen. org/committees/pmrm • • components, by function, of any working service architecture Method-neutral See: http: //www. oasisopen. org/committees/soa-rm SOA Repository Artifact Model and Protocol (S-RAMP) TC • Interaction protocol & common • data model for federatable, distributed data repositories See: http: //www. oasis. Survey of Structured open. org/committees/s-ramp Information Standards, XML Asia Pacific 2001
Questions and Answers http: //www. oasis-open. org/join/ Laurent Liscia, Executive Director info@oasisopen. org +1. 978. 667. 5115
- It's windy and rainy
- Clearing and settlement
- Direct custody and clearing
- Misr clearing settlement central depository
- Identity project ideas
- Alliteration metaphor and simile are forms of
- Its cloudy its sunny
- Bayes net toolbox for matlab
- Grey cloudy discharge
- Chlamydia
- What is a mixture in chemistry
- Cloudy mixture with particles that move erratically
- Cloudy pee
- Trabeculodysgenesis meaning
- Characteristics of normal urine
- Presenting room service account script
- Fort gordon levy brief
- Ranch brush clearing
- Clearing california skies
- Eg ach