eID Summer Summit eID Summer Summit 28 June 2005 28 June 2005 EAP’s Sponsored and in Partnership with 7 Laws of 7 Laws of Identity Identity Kim Cameron Kim Cameron Chief Architect of Identity and Chief Architect of Identity and Access Access MS Corp, Redmond MS Corp, Redmond Microsoft and e- ID
20
Embed
EID Summer Summit 28 June 2005 EAP’s Sponsored and in Partnership with 7 Laws of Identity Kim Cameron Chief Architect of Identity and Access MS Corp, Redmond.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
eID Summer eID Summer SummitSummit
28 June 200528 June 2005
EAP’s Sponsored and in Partnership with
7 Laws of 7 Laws of IdentityIdentity
Kim CameronKim CameronChief Architect of Identity and AccessChief Architect of Identity and AccessMS Corp, RedmondMS Corp, Redmond
Microsoft and e-ID
Microsoft Confidential
The Laws of IdentityThe Laws of Identity
http://www.identityblog.comhttp://www.identityblog.comKim CameronKim CameronArchitect of Identity and AccessArchitect of Identity and AccessMicrosoft CorporationMicrosoft Corporation
Problem StatementProblem Statement
The Internet was built without a way to The Internet was built without a way to know who and what you are connecting toknow who and what you are connecting to
Everyone offering an internet service has had Everyone offering an internet service has had to come up with a workaroundto come up with a workaroundPatchwork of identity one-offsPatchwork of identity one-offsWe have inadvertently taught people to be We have inadvertently taught people to be phished and pharmedphished and pharmedNo fair blaming the user – no framework, no No fair blaming the user – no framework, no cues, no control cues, no control
We are “Missing the identity layer”We are “Missing the identity layer”Digital identity currently exists in a Digital identity currently exists in a world world without synergy without synergy because of identity because of identity silossilos
Criminalization of the Criminalization of the InternetInternet
Greater use and greater value attract Greater use and greater value attract professionalized international criminal fringeprofessionalized international criminal fringe
Understand ad hoc nature of identity patchworkUnderstand ad hoc nature of identity patchworkPhishing and Pharming (Phraud) at 1000% CAGRPhishing and Pharming (Phraud) at 1000% CAGRCombine with “stash attacks” reported as “identity Combine with “stash attacks” reported as “identity losses”…losses”…
Unwinding of acceptance where we should be Unwinding of acceptance where we should be seeing progress.seeing progress.
Opportunity of moving beyond “public-ation”Opportunity of moving beyond “public-ation”Need to intervene so web services can get out of the Need to intervene so web services can get out of the starting gatestarting gate
The ad hoc nature of internet identity The ad hoc nature of internet identity cannot withstand the growing assault of cannot withstand the growing assault of professionalized attackersprofessionalized attackers
We can predict a deepening public crisisWe can predict a deepening public crisis
An Identity MetasystemAn Identity Metasystem
Diverse needs of players mean integrating Diverse needs of players mean integrating multiple constituent technologiesmultiple constituent technologies
Not the first time we’ve seen this in computingNot the first time we’ve seen this in computingThink back to things as basic as abstract display Think back to things as basic as abstract display services made possible through device driversservices made possible through device drivers
Or the emergence of sockets and TCP/IPOr the emergence of sockets and TCP/IPUnified Ethernet, Token Ring, Frame Relay, X.25 and even Unified Ethernet, Token Ring, Frame Relay, X.25 and even the uninvented wireless protocolsthe uninvented wireless protocols
We need a “unifying identity metasystem”We need a “unifying identity metasystem”Protect applications from complexities of systemsProtect applications from complexities of systems
Allow digital identity to be loosely coupled Allow digital identity to be loosely coupled
Avoid need to agree on dominant technologies Avoid need to agree on dominant technologies a a priori priori – they will emerge from the ecosystem– they will emerge from the ecosystem
The role of “The Laws”…The role of “The Laws”…
We must be able to We must be able to structure our structure our understandingunderstanding of digital identity of digital identity
We need a way to avoid returning to the We need a way to avoid returning to the Empty PageEmpty Page every time we talk about digital identityevery time we talk about digital identityWe need to inform peoples’ thinking by teasing apart We need to inform peoples’ thinking by teasing apart the factors and dynamics explaining the successes and the factors and dynamics explaining the successes and failures of identity systems since the 1970sfailures of identity systems since the 1970sWe need to develop hypotheses – resulting from We need to develop hypotheses – resulting from observation – that are testable and can be disprovedobservation – that are testable and can be disprovedThe Laws of Identity offer a “good way” to express this The Laws of Identity offer a “good way” to express this thoughtthoughtBeyond mere conversation, the Blogosphere offers us Beyond mere conversation, the Blogosphere offers us a a cruciblecrucible. The concept has been to employ this crucible . The concept has been to employ this crucible to to harden and deepen the laws.harden and deepen the laws.
1. User Control and Consent1. User Control and Consent
Digital identity systems must only reveal Digital identity systems must only reveal information identifying a user with the information identifying a user with the user’s consentuser’s consent
Relying parties can require authenticationRelying parties can require authentication
The user can choose to comply or “walk away”The user can choose to comply or “walk away”
The system should appeal by means of The system should appeal by means of convenience and simplicity and win the user’s convenience and simplicity and win the user’s trusttrust
Put the user in control of what identities are used and Put the user in control of what identities are used and what information is releasedwhat information is released
Protect against deception (destination and misuse)Protect against deception (destination and misuse)
Inform user of auditing implicationsInform user of auditing implications
Retain paradigm of consent across all contextsRetain paradigm of consent across all contexts
2. Minimal Disclosure for 2. Minimal Disclosure for Limited UseLimited Use
The solution that discloses the least The solution that discloses the least identifying information and best limits its identifying information and best limits its use is the most stable long term solutionuse is the most stable long term solution
Consider Information breaches to be inevitableConsider Information breaches to be inevitable
To mitigate risk, acquire and store information To mitigate risk, acquire and store information on a “need to know” and “need to retain” basison a “need to know” and “need to retain” basis
Less information implies less value implies less Less information implies less value implies less attraction implies less riskattraction implies less risk
““Least identifying information” includes Least identifying information” includes reduction of cross-context information reduction of cross-context information (universal identifiers)(universal identifiers)
Limiting information hoarding for unspecified Limiting information hoarding for unspecified futuresfutures
3. Justifiable Parties3. Justifiable Parties
Digital identity systems must limit Digital identity systems must limit disclosure of identifying information to disclosure of identifying information to parties having a necessary and justifiable parties having a necessary and justifiable place in a given identity relationshipplace in a given identity relationship
Justification requirements apply both to the Justification requirements apply both to the subject and to the relying partysubject and to the relying party
Example of Microsoft’s experience with Example of Microsoft’s experience with PassportPassport
In what contexts will use of government In what contexts will use of government identities succeed and fail?identities succeed and fail?
Parties to a disclosure must provide a Parties to a disclosure must provide a statement about information usestatement about information use
4. Directed Identity4. Directed Identity
A unifying identity metasystem must A unifying identity metasystem must support both “omni-directional” identifiers support both “omni-directional” identifiers for public entities and “unidirectional” for public entities and “unidirectional” identifiers for private entitiesidentifiers for private entities
Digital identity is always asserted with respect Digital identity is always asserted with respect to some other identity or set of identitiesto some other identity or set of identitiesPublic entities require well-known “beacons”Public entities require well-known “beacons”
Examples: web sites or public devicesExamples: web sites or public devices
Private entities (people) require the option to Private entities (people) require the option to not be a beaconnot be a beacon
Unidirectional identifiers used in combination with a Unidirectional identifiers used in combination with a single beacon: no correlation handlessingle beacon: no correlation handles
Example of Bluetooth and RFID – growing Example of Bluetooth and RFID – growing pushbackpushbackWireless was also mis-designed in light of this Wireless was also mis-designed in light of this lawlaw
5. Pluralism of 5. Pluralism of Operators and TechnologiesOperators and Technologies
A unifying identity metasystem must A unifying identity metasystem must channel and enable the inter-working of channel and enable the inter-working of multiple identity technologies run by multiple identity technologies run by multiple identity providersmultiple identity providers
Characteristics that make a system ideal in Characteristics that make a system ideal in one context disqualify it in anotherone context disqualify it in anotherExample of government versus employer Example of government versus employer versus individual as consumer and human versus individual as consumer and human beingbeingCraving for “segregation” of contextsCraving for “segregation” of contextsImportant new technologies currently Important new technologies currently emerging – must not glue in a single emerging – must not glue in a single technology or require “fork-lift” upgradetechnology or require “fork-lift” upgradeConvergence can occur, but only when there is Convergence can occur, but only when there is a platform (identity ecology) for that to a platform (identity ecology) for that to happen inhappen in
6. Human Integration6. Human Integration
A unifying identity metasystem must A unifying identity metasystem must define the human user as a component define the human user as a component integrated through protected and integrated through protected and unambiguous human-machine unambiguous human-machine communicationscommunications
We’ve done a good job of securing the first We’ve done a good job of securing the first 5,000 miles but allowed penetration of the last 5,000 miles but allowed penetration of the last 2 feet2 feetThe channel between the display and the brain The channel between the display and the brain is under attackis under attackNeed to move from thinking about a protocol Need to move from thinking about a protocol to thinking about a ceremonyto thinking about a ceremonyExample of Channel 9 on United AirlinesExample of Channel 9 on United AirlinesHow to achieve highest levels of reliability in How to achieve highest levels of reliability in communication between user and rest of communication between user and rest of systemsystem
7. Consistent Experience 7. Consistent Experience Across ContextsAcross Contexts
A unifying identity metasystem must A unifying identity metasystem must provide a simple consistent experience provide a simple consistent experience while enabling separation of contexts while enabling separation of contexts through multiple operators and through multiple operators and technologiestechnologies
Make identities “things” on the desktop so Make identities “things” on the desktop so users can see them, inspect details, add and users can see them, inspect details, add and deletedeleteWhat type of digital identity is acceptable in What type of digital identity is acceptable in given context?given context?
Properties of potential candidates specified by the Properties of potential candidates specified by the relying partyrelying partyUser selects one and understands information User selects one and understands information associated with it.associated with it.
Single relying party may accept more than one Single relying party may accept more than one type of identitytype of identity
Facilitate “Segregation Of Contexts”Facilitate “Segregation Of Contexts”
Identity MetasystemIdentity Metasystem
An identity metasystem is framework An identity metasystem is framework that unifies the world of that unifies the world of
and multiple implementationsand multiple implementations
An identity metasystem enables An identity metasystem enables users to manage identity in a users to manage identity in a heterogeneous worldheterogeneous world
15 year old eID Wizard15 year old eID WizardFirst encounter eID InfoSessions First encounter eID InfoSessions Erpe-MereErpe-MereSelected as a finalist in Microsoft’s Selected as a finalist in Microsoft’s World-Wide World-Wide You Can Make a You Can Make a DifferenceDifference scholarship program scholarship programeID Project for Simon & Odil eID Project for Simon & Odil
EAP’s Sponsored and in Partnership with
EAP’s Sponsored and in Partnership with
Joeri Van HerrewegheJoeri Van Herreweghe
““We received many qualified We received many qualified applications from all over the world, and applications from all over the world, and
the judging panel was particularly the judging panel was particularly impressed with your technology impressed with your technology
proposal. We at Microsoft look forward proposal. We at Microsoft look forward to working with you to turn your project to working with you to turn your project
proposal into a reality.”proposal into a reality.”
Mario JobbeMario JobbeTechnical Product ManagerTechnical Product Manager
Academic & Developer Community GroupAcademic & Developer Community GroupServers & Tools BusinessServers & Tools Business
Microsoft Corporation, RedmondMicrosoft Corporation, Redmond
EAP’s Sponsored and in Partnership with
Joeri Van HerrewegheJoeri Van Herreweghe
Small CeremonySmall CeremonyGet in contact with Kim CameronGet in contact with Kim CameronSome travel equipment as presentSome travel equipment as presentPlease give a strong applause for Please give a strong applause for Joeri !Joeri !