Web Authentication Enhancement WAE nee DIX Friday 0900

Web Authentication Enhancement (WAE - nee DIX) Friday, 0900 -1130 Room 519 A

List of Problems to Solve • Identify myself to a web site – i. e. , log in so that the web site knows I’m the same person who was there before • Give my personal information to a web site – i. e. , fill out a form with my personal information without having to type it for the 1000 th time.

Constraints on the solution • Prevent others from claiming they're me to the web site • Prevent the web site from claiming they're me to other web sites • Prevent others from seeing my personal information • Prevent the web site from getting information I don't want to give it • Have 3 rd parties verify my identity or personal information for the web site • Have 3 rd parties hold my personal information that I will want to give to the web site

EKR’s taxonomy • • • Capture-Resistant Credentials (CRC) Hijack-Resistant Authentication (HRA) Portable Credentials (PC) Fill-in of Personal Information (FPI) Common User Credentials (CUC) Continuity of Identity (CI) User-Friendly Names (UFN) Assertion of External Claims (AEC) Independent Assertion of Claims (IAC) Private Authentication (PA)

Figuring out an architecture • Job of the BOF is to choose which things are important • There are tradeoffs; first you have to decide what problem you want to solve • May take some divide-and-conquer; No half-solutions, but no ocean-boiling