Identity and Data Protection Clearing up a Cloudy

  • Slides: 19
Download presentation
Identity and Data Protection: Clearing up a Cloudy World with Open Standards Laurent Liscia,

Identity and Data Protection: Clearing up a Cloudy World with Open Standards Laurent Liscia, OASIS Executive Director Munich, May 2011

OASIS Mission To drive the development, convergence and adoption of open standards for the

OASIS Mission To drive the development, convergence and adoption of open standards for the global information society. Survey of Structured Information Standards, XML Asia Pacific 2001

Over 5, 000 participants representing more than 600 organizations and individuals 60+ technical committees

Over 5, 000 participants representing more than 600 organizations and individuals 60+ technical committees producing royaltyfree and RAND standards "The largest standards group for electronic commerce on the Web" Survey of Structured Information Standards, XML Asia Pacific 2001

OASIS for e-business and e-government: you know us by our standards Service Oriented Architecture:

OASIS for e-business and e-government: you know us by our standards Service Oriented Architecture: SOA Reference Model, ID-Cloud, eb. XML, SCA. . . Security & Access: SAML, XACML, WS-Security, KMIP, WS-Federation, XSPA. . . Documents: Open. Document (ODF), DITA. CMIS, Doc. Book, UOML. . . e-Government: CAP, EDXL, Legal. XML Election. ML, EMIX (Smart Survey of Structured Information Standards, XML Asia Pacific 2001

U vous You Vás Sie voit Ubiquitous Internet service and smartdevices richly enhance our

U vous You Vás Sie voit Ubiquitous Internet service and smartdevices richly enhance our lives -and the risk of personal data being mislaid, misused or misrepresented. How to use 21 st Century e-Identity, without getting e-ripped off? Survey of Structured Information Standards, XML Asia Pacific 2001

Why Open Standards? Being a smart standards user Standards permit open markets to grow

Why Open Standards? Being a smart standards user Standards permit open markets to grow Standards & stability you can rely on Real standards vs. drafts and proposals Conformance and interoperability Survey of Structured Information Standards, XML Asia Pacific 2001

Why Open Standards? Standards Permit Open Markets to Grow New devices can join networks

Why Open Standards? Standards Permit Open Markets to Grow New devices can join networks on a equal footing k. Wh/€ k. Wh/€ Survey of Structured Information Standards, XML Asia Pacific 2001

Why Open Standards? Open Standards are Reliable and Stable Established standards bodies manage and

Why Open Standards? Open Standards are Reliable and Stable Established standards bodies manage and publish their work in neutral, archival forms The standard on which you build is less likely to disappear, be obsoleted or invisibly modified This is why governments prefer standards use: WTO Technical Barriers to Trade Agreement, Annex 3 http: //www. wto. org/english/ docs_e/ Survey of Structured Information Standards, XML Asia Pacific 2001

Why Open Standards? Real Standards, versus Drafts and Proposals Finally approved open standards have

Why Open Standards? Real Standards, versus Drafts and Proposals Finally approved open standards have the benefits of open process protection and licensing rules Notes, drafts and proposals may just be one company's idea - or property Survey of Structured Information Standards, XML Asia Pacific 2001

Why Open Standards? Real Standards are Testable Conformance clauses and genuine interoperability make reliable

Why Open Standards? Real Standards are Testable Conformance clauses and genuine interoperability make reliable implementation possible Standards rely on each other: implementation stacks employ multiple, interdependent data structures. Successful composition depends on consistent conformance. Survey of Structured Information Standards, XML Asia Pacific 2001

Aggregated open standards fit together, and work like a set of filters XML +

Aggregated open standards fit together, and work like a set of filters XML + SOAP + WSS + SAML + XACML + RBAC. . . Markup style Messagin g Security binding or: Assertion s Access control Rolebased access SMTP + Unicode + IMAP 3/POP 3 + HTML +. . . ("email") or: OAuth + Open. ID + SAML + XRI +. . . Each standard permits use of the others. . . but this depends on conformance Survey of Structured Information Standards, XML Asia Pacific 2001

Who controls your user identity authentication transactions? ABC 123 You, sort of: but not

Who controls your user identity authentication transactions? ABC 123 You, sort of: but not always very well. Can we do better? Survey of Structured Information Standards, XML Asia Pacific 2001

Who controls your user identity authentication transactions? ABC 123 Someone else (single source) Survey

Who controls your user identity authentication transactions? ABC 123 Someone else (single source) Survey of Structured Information Standards, XML Asia Pacific 2001

Who controls your user identity authentication transactions? ABC 123 Lots of someone elses (user

Who controls your user identity authentication transactions? ABC 123 Lots of someone elses (user choice) Survey of Structured Information Standards, XML Asia Pacific 2001

User choice via secure federated identity is better. . . and it's standardsdriven *

User choice via secure federated identity is better. . . and it's standardsdriven * Compatible metadata * Guidelines for joining system & federating * Common representation of ID assertions & rules * Common expressions of shared privacy / auth. Z requirements ABC 123 * Common UI practices * Privacy policy expressions * Shared access control & rule expressions * Common expressions of shared authentication requirements * Shared security level expressions, services and SLA negotiation * Federation protocols for extensible network * Common reliable messaging exchange patterns * Data repository interaction methods * Compatible metadata Survey of Structured Information Standards, XML Asia Pacific 2001

SOAP version eb. MS 2/3/ AS 4 (eb. BP) PEPPOL START/LIME SPOCS REM SOAP

SOAP version eb. MS 2/3/ AS 4 (eb. BP) PEPPOL START/LIME SPOCS REM SOAP 1. 1 or 1. 2 1. 1 1. 2 X. 509 and User. Name password token START SAML token SPOCS SAML token Multipart/Related: SOAP with Multipart/Related MTOM A diverse federated system, attachments WS-Transfer adding new 1. 1 nodes, Reliable Messaging constantly WS-Reliability 1. 1, WS-Reliable. Messaging (Optional) WS- will Reliable. Messaging 1. 1 WS-Reliable-Messaging 1. 1 or use 1. 2 multiple data structures and AS 4 Reception Awareness methods. Security WS-Security 1. 0 or 1. 1 WS-Security 1. 1 Payloads and attachments eb. MS 2. 0 or 3. 0 multi-hop (end “Four corner” model (relayed/re -to-end), WS-I RSP compliant (relayed/re-encoded, not based on WS-I They all must interoperate. based on WS-I RSP) Intermediary / forwarding model B 2 B headers eb. MS header extension elements (WS-Addressing optional) WS-Transfer values for WSAddressing and extension headers SPOCS values for wsa: Action REM Dispatch / Evidence Body Acceptance Signal Out of scope (eb. BP) Out of scope REM evidence “Light Clients” eb. MS 3 “Pull” LIME (webmail, email client) Participating systems need No START SAML token SPOCS SAML token common representations, or Non-Repudiation of eb. MS Receipt (eb. BP) REM evidence shared useable. No? crosswalks, of Receipt (Relayed) Delivery Out of scope (eb. BP) Out of scope REM evidence their capabilities, services & data. Notifications Encoding Sender /Submitter Indentity and authentication Standards supply (eb. XML Registry) SML / SMPthat. Routing and Discovery TSL Partner Identification (eb. Core Party Id) (PEPPOL or eb. Core Party Id) (Multiple including email) Compression AS 4 payload compression or Part 2 message compression No No Very large message handling AS 2 Restart or Part 2 split/join protocol No No Multiple user messages Part 2 Bundling No No Survey of Structured Information Standards, XML Asia Pacific 2001

OASIS Identity standards empower users Security Assertion ML (SAML) TC • Reusable representations of

OASIS Identity standards empower users Security Assertion ML (SAML) TC • Reusable representations of user XACML TC • Access control and authorization • • • authentication, entitlement and attribute data Widely used in NSTIC, Kantara, Open. ID, other frameworks See: http: //www. oasisopen. org/committees/security WS-Federation TC / WSTrust • Message exchange and • • metadata/token policy control Federation and brokered trust capabilities See: http: //www. oasisopen. org/committees/wsfed • policy representation Role-based access and hierarchical resource profile See: http: //www. oasisopen. org/committees/xacml Provisioning Services (SPML) TC • Common XML language for • • provisioning and allocation of enterprise identity Builds on LDAP, Active Directory, DSML See: http: //www. oasisopen. org/committees/provision Survey of Structured Information Standards, XML Asia Pacific 2001

OASIS Cloud standards empower users SOA Reference Model Identity in the Cloud TC TC

OASIS Cloud standards empower users SOA Reference Model Identity in the Cloud TC TC • Standards profiles for open • Abstract model of the basic identity deployment, provisioning • • & management in cloud environments Use cases & gap analysis See: http: //www. oasisopen. org/committees/id-cloud Privacy Management Reference Model (PMRM) TC • Service & interaction patterns for • deploying and assessing formal, reusable representations of privacy policies See: http: //www. oasisopen. org/committees/pmrm • • components, by function, of any working service architecture Method-neutral See: http: //www. oasisopen. org/committees/soa-rm SOA Repository Artifact Model and Protocol (S-RAMP) TC • Interaction protocol & common • data model for federatable, distributed data repositories See: http: //www. oasis. Survey of Structured open. org/committees/s-ramp Information Standards, XML Asia Pacific 2001

Questions and Answers http: //www. oasis-open. org/join/ Laurent Liscia, Executive Director info@oasisopen. org +1.

Questions and Answers http: //www. oasis-open. org/join/ Laurent Liscia, Executive Director info@oasisopen. org +1. 978. 667. 5115

The weather is cloudy It is cloudy ItThe weather is cloudy It is cloudy It
Day 11 Weather cloudy cloudy rainy rainy sunnyDay 11 Weather cloudy cloudy rainy rainy sunny
Talk about the weather cloudy windy adj cloudyTalk about the weather cloudy windy adj cloudy
Cloudy with rain but clearing later Stellenbosch UniversitysCloudy with rain but clearing later Stellenbosch Universitys
Clearing and Site Preparation and Site Restoration ClearingClearing and Site Preparation and Site Restoration Clearing
Algebra 3 6 Clearing Fractions and Decimals ClearingAlgebra 3 6 Clearing Fractions and Decimals Clearing
Chapter 8 Clearing Knowledge point 1 Clearing OpenChapter 8 Clearing Knowledge point 1 Clearing Open
ELECTRONIC CLEARING SERVICE CREDIT CLEARING Implementation in ManipurELECTRONIC CLEARING SERVICE CREDIT CLEARING Implementation in Manipur
Clearing The Strategic View Dennis Dutterer The ClearingClearing The Strategic View Dennis Dutterer The Clearing
Jamaica ClearingHouse Mechanism JACHM Clearing House of ClearingJamaica ClearingHouse Mechanism JACHM Clearing House of Clearing
Clearing What is Clearing Its a service toClearing What is Clearing Its a service to
Collective Identity and Citizenship Collective Identity Shared identityCollective Identity and Citizenship Collective Identity Shared identity
Culture and Identity What is Identity Identity isCulture and Identity What is Identity Identity is
Identity Identity Personal identity what it means toIdentity Identity Personal identity what it means to
Identity What is identity Identity consist of theIdentity What is identity Identity consist of the
Corporate Identity Stationery Kit Corporate identity corporate identityCorporate Identity Stationery Kit Corporate identity corporate identity
Identity in Cyberspace What is identity Identity isIdentity in Cyberspace What is identity Identity is
Phylgenetic tree 70 identity 85 identity 60 identityPhylgenetic tree 70 identity 85 identity 60 identity