Advances in Digital Identity Steve Plank Identity Architect

Identity no consistency Naming DNS Connectivity IP

taught users type web page usernames & passwords

what is identity?

attributes: given. Name sn preferred. Name date. Of. Birth over 18 over 21 over 65 image steve planky 170685! true false

self asserted what claims i make about myself verifiable what claims another party makes about me

elvis presley only 1 of them is real probably

trust make these claims

SECURITY TOKEN steve plank over 18 over 21 under 65 image

security token service give it something DIFFERENT SECURITY TOKEN Username Password Biometric Signature Certificate “Secret”

identity metasystem

participants subject identity provider relying party (website)

identity provider relying party identity provider SAML x 509 WS-* security token service WS-* identity selector subject relying party

identity selector

human integration consistent experience across contexts

cards self-issued • • contains claims about my identity that I assert not corroborated stored locally signed and encrypted to prevent replay attacks managed • • • provided by banks, stores, government, clubs, etc locally stored cards contain metadata only! data stored by identity provider and obtained only when card submitted

login with self issued card user objec t tag login relying party (website)

select self issued card Planky user relying party (website)

create token from card Planky FN: Steve LN: Plank Email: splank CO: UK user relying party (website)

sign, encrypt & send token Planky user relying party (website)

login with managed card user objec t tag login identity provider relying party (website)

select managed card Woodgrove Bank identity provider user relying party (website)

request security token Woodgrove Bank user auth. N: X 509, kerb, SC, U/pwd … identity provider relying party (website)

request security token response Woodgrove Bank user sign, encrypt send identity provider relying party (website)

<body> <form id=