The Identity Metasystem Caspar Bowden Chief Privacy Advisor
The Identity Metasystem Caspar Bowden, Chief Privacy Advisor EMEA Technology Office on behalf of: Kim Cameron, Architect of Identity and Access Microsoft Corporation
Problem Statement The Internet was built without a way to know who and what you are connecting to Everyone offering an internet service has had to come up with a workaround Patchwork of identity one-offs We have inadvertently taught people to be phished and pharmed No fair blaming the user – no framework, no cues, no control We are “Missing the identity layer” Digital identity currently exists in a world without synergy because of identity silos Copyright 2005 Microsoft Corporation 2
Criminalization of the Internet Greater use and greater value attract professionalized international criminal fringe Understand ad hoc nature of identity patchwork Phishing and Pharming (Phraud) at 1000% CAGR Combine with “stash attacks” reported as “identity losses”… Unwinding of acceptance where we should be seeing progress. Opportunity of moving beyond “public-ation” Need to intervene so web services can get out of the starting gate The ad hoc nature of internet identity cannot withstand the growing assault of professionalized attackers We can predict a deepening public crisis Copyright 2005 Microsoft Corporation 3
What is a digital identity? A set of claims someone makes about me Claims are packaged as security tokens Many identities for many uses Useful to distinguish from profiles Copyright 2005 Microsoft Corporation 4
Identity is Matched to Context In Context Bank card at ATM Gov’t ID at border check Coffee card at coffee stand MSN Passport at Hot. Mail Out of Context Coffee card at border check Maybe Out of Context? Gov’t ID at ATM SSN as Student ID MSN Passport at e. Bay Copyright 2005 Microsoft Corporation 5
The Laws of Identity Details An Industry Dialog 1. User control and consent 2. Minimal disclosure for a defined use 3. Justifiable parties 4. Directional identity 5. Pluralism of operators and technologies 6. Human integration 7. Consistent experience across contexts Join the discussion at www. identityblog. com Copyright 2005 Microsoft Corporation 6
The role of “The Laws”… We must be able to structure our understanding of digital identity We need a way to avoid returning to the Empty Page every time we talk about digital identity We need to inform peoples’ thinking by teasing apart the factors and dynamics explaining the successes and failures of identity systems since the 1970 s We need to develop hypotheses – resulting from observation – that are testable and can be disproved The Laws of Identity offer a “good way” to express this thought Beyond mere conversation, the Blogosphere offers us a crucible. The concept has been to employ this crucible to harden and deepen the laws. Copyright 2005 Microsoft Corporation 7
1. User Control and Consent Digital identity systems must only reveal information identifying a user with the user’s consent Relying parties can require authentication The user can choose to comply or “walk away” The system should appeal by means of convenience and simplicity and win the user’s trust Put the user in control of what identities are used and what information is released Protect against deception (destination and misuse) Inform user of auditing implications Retain paradigm of consent across all contexts Copyright 2005 Microsoft Corporation 8
2. Minimal Disclosure for Limited Use The solution that discloses the least identifying information and best limits use is the most stable long term solution Consider Information breaches to be inevitable To mitigate risk, acquire and store information on a “need to know” and “need to retain” basis Less information implies less value implies less attraction implies less risk “Least identifying information” includes reduction of cross-context information (universal identifiers) Limiting information hoarding for unspecified futures Copyright 2005 Microsoft Corporation 9
3. Justifiable Parties Digital identity systems must limit disclosure of identifying information to parties having a necessary and justifiable place in a given identity relationship Justification requirements apply both to the subject and to the relying party Example of Microsoft’s experience with Passport In what contexts will use of government identities succeed and fail? Parties to a disclosure must provide a statement about information use Copyright 2005 Microsoft Corporation 10
4. Directed Identity A unifying identity metasystem must support both “omni-directional” identifiers for public entities and “unidirectional” identifiers for private entities Digital identity is always asserted with respect to some other identity or set of identities Public entities require well-known “beacons” Examples: web sites or public devices Private entities (people) require the option to not be a beacon Unidirectional identifiers used in combination with a single beacon: no correlation handles Example of Bluetooth and RFID – growing pushback Wireless was also mis-designed in light of this law Copyright 2005 Microsoft Corporation 11
5. Pluralism of Operators and Technologies A unifying identity metasystem must channel and enable the inter-working of multiple identity technologies run by multiple identity providers Characteristics that make a system ideal in one context disqualify it in another Example of government versus employer versus individual as consumer and human being Craving for “segregation” of contexts Important new technologies currently emerging – must not glue in a single technology or require “fork-lift” upgrade Convergence can occur, but only when there is a platform (identity ecology) for that to happen in Copyright 2005 Microsoft Corporation 12
6. Human Integration A unifying identity metasystem must define the human user as a component integrated through protected and unambiguous human-machine communications We’ve done a good job of securing the first 5, 000 miles but allowed penetration of the last 2 feet The channel between the display and the brain is under attack Need to move from thinking about a protocol to thinking about a ceremony Example of Channel 9 on United Airlines How to achieve highest levels of reliability in communication between user and rest of system Copyright 2005 Microsoft Corporation 13
7. Consistent Experience Across Contexts A unifying identity metasystem must provide a simple consistent experience while enabling separation of contexts through multiple operators and technologies Make identities “things” on the desktop so users can see them, inspect details, add and delete What type of digital identity is acceptable in given context? Properties of potential candidates specified by the relying party User selects one and understands information associated with it. Single relying party may accept more than one type of identity Facilitate “Segregation Of Contexts” Copyright 2005 Microsoft Corporation 14
The Laws Define a Metasystem Applications Technologies Existing & New Governments X. 509, SAML, Kerberos Devices PCs, Mobile, Phone Individuals Work & Consumer Copyright 2005 Microsoft Corporation Me Organizations Businesses 15
Metasystem Players Identity Providers Issue identities Relying Parties Require identities Subjects Individuals and other entities about whom claims are made Copyright 2005 Microsoft Corporation 16
Identity Metasystem Consistent way to use multiple identity systems Remove friction without requiring everyone agree on one identity technology for everything Leverage current successes Enable us to move from past to future Four key characteristics Negotiation Encapsulating protocol Claims transformation Consistent user experience Copyright 2005 Microsoft Corporation 17
Negotiation Enable relying party, subject, and identity provider to negotiate Which claims are required Who can make them What type of technology is acceptable Under what conditions claims will be issued How parties prove who they are How information will be used Copyright 2005 Microsoft Corporation 18
Encapsulating Protocol Technology-agnostic way to exchange policies and claims between Identity Provider and Relying Party Content and meaning of what is exchanged determined by participants, not metasystem Copyright 2005 Microsoft Corporation 19
Claims Transformation Trusted way to change one set of claims into another Specialized server + policy and trust framework for translating foreign claims to locally relevant claims Bridge organizational and technical boundaries Transform semantics “Microsoft Employee” -> “Book Purchase OK” Transformats X. 509, SAML 1. 0, SAML 2. 0, SXIP, LID, etc Provides interoperability needed today plus flexibility required for future evolution Copyright 2005 Microsoft Corporation 20
Consistent User Experience Single experience across multiple systems Two-way authentication Uniform logon and registration experience User consent to disclosure of claims Policies exposed and accessible to user Reduced cognitive load on user Make identity experience “real” and tangible instead of ad-hoc Predictable - better informed decision making Copyright 2005 Microsoft Corporation 21
What plugs in to the Identity Metasystem? ü ü ü ü Smartcards Self-issued identities Corporate identities Gov’t identities Passport identities Liberty identities Client applications Operating Systems Copyright 2005 Microsoft Corporation ü ü ü ü Governments Organizations Companies Individuals Mobile phones Computers Hard ID tokens Online services 22
Benefits of Participating Bet on the “playing field”, not some particular solution Increased reach Claims transformer enables new relationships Increased flexibility Policy, claims transformation “knobs and levers” enable wide variety of relationships Easy to add support for new technology Simple, safe user experience Copyright 2005 Microsoft Corporation 23
An Identity Metasystem Architecture Microsoft worked with industry to develop protocols that enable an identity metasystem: WS-* Web Services Encapsulating protocol and claims transformation: WS-Trust Negotiation: WS-Metadata. Exchange and WS-Security. Policy Only technology we know of specifically designed to satisfy requirements of an identity metasystem Copyright 2005 Microsoft Corporation 24
WS-* Metasystem Architecture ID Provider Relying Party Kerberos SAML X. 509 … WS-Security. Policy Security Token Server WS-Trust, WS-Metadata. Exchange Identity Selector Subject Copyright 2005 Microsoft Corporation 25
Microsoft’s Implementation “Info. Card” identity selector Component of Win. FX, usable by any application Hardened against tampering, spoofing “Info. Card” simple identity provider Self-issued identity for individuals running on PCs Uses strong public key-based authentication – user does not disclose passwords to relying parties Active Directory managed identity provider Plug Active Directory users into the metasystem Full set of policy controls to manage use of simple identities and Active Directory identities Windows Communications Foundation (“Indigo”) for building distributed applications and implementing relying party services Copyright 2005 Microsoft Corporation 26
Microsoft’s Implementation Data stored for each card in card collection Name, logo, names of claims available (not values) Address of identity provider, required credential Data stored in simple identity provider Name, address, email, telephone, age, gender User must opt-in Info. Card data not visible to applications Stored in files encrypted under system key User interface runs on separate desktop Managed identity provider may store information needed to generate claims Copyright 2005 Microsoft Corporation 27
Microsoft’s Implementation Fully interoperable via published protocols With other identity selector implementations With other relying party implementations With other identity provider implementations Detailed implementation guide available Copyright 2005 Microsoft Corporation 28
Summary Laws of Identity define an identity metasystem WS-* makes possible an identity metasystem using widely-accepted published protocols Microsoft implementing full support for an open identity metasystem in Windows Identity metasystem has potential to remove friction, accelerate growth of connectivity Let the identity big bang begin! Copyright 2005 Microsoft Corporation 29
For More Information Two whitepapers on MSDN: Microsoft’s Vision for an Identity Metasystem The Laws of Identity Links to both from: http: //msdn. microsoft. com/webservices/under standing/advancedwebservices/ © 2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary. Copyright 2005 Microsoft Corporation 30
© 2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary. Copyright 2005 Microsoft Corporation 31
- Slides: 31