Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
Capstones:InternetIden.tyBeginstoBridgetheGaps
KenKlingenstein,Internet2
• WhatisInternetiden2ty• Whatarethesuccesses• Addressingthegaps
– Stabilizingtheso<wareandstandards–TIER– Expandingfedera2onandstar2nginterfedera2on– Bridgingsocialandorganiza2onaliden2ty– Developingasetofincidenthandlingapproaches– SolvingtheaGributereleaseandconsentchallenges
• WhatamatureInternetiden2tyworldmightlooklike
Topics
• HasevolvedasalayeroftheInternetoverthelast20years,providinguserswiththeabilitytoauthen2cateandgetaccesstoresourcesaroundtheworld
• Amixofsocial,organiza2onalandgovernmentaliden2typroviders,usingPKI,SAMLandOIDCprotocolstocarrypayloads– Iden2typroviders(IdP)andrelyingpar2es(RP)– Sovereigniden2tyadvocatespersist
• Amixofassurancelevels,fromunknowntoveryhigh• Thepayloadoftheasser2ons–aGributesandclaims(Booleanvalues)–arethemost
importantcomponent,forprivacy,accessibility,accesscontrol,etc.
Internetiden2ty
KimCameron’sLawsofIden2ty
4
• Federatediden2tyasaparadigm– Drama2cgrowthwithinR&Eandothersectors– Nowtheopera2onalmodelingovernmentsaroundtheworld– Hasbecomewithvariants,theInternetIden2tylayer
• Mul2factorauthen2ca2on• Interna2onaliza2on
– Workingwithprivacyandsecuritydifferences– Workingwithculturalandsocietaldifferences
• Ini2alintegra2onwithsocialiden22es
Successes
• Stabilizingtheso<wareandstandards• Growingfedera2onandstar2nginterfedera2on• Bridgingsocialandorganiza2onaliden2ty• Developingasetofincidenthandlingapproaches• SolvingtheaGributereleaseandconsentchallenges
Capstones–AddressingtheGaps
• Keyopensourcecomponentsoftheso<wareensemble,suchasShibbolethandJagger(themostcommonfedera2onmetadatamanager)areinadequatelysupported
• TIERisanInternet2effortintrustandiden2tytoleveragepreviousworkintoasustainablesetofbasicbutsufficientcomponentstoruncampusIAM– IncludesShibboleth,Grouper,Comanage,aGributereleaseandconsent,provisioning,etc.– TrustandIden2tyincludesmanagementofcommunitystandardssuchaseduPerson,Baseline
Prac2ces,etc.• Organiza2onssuchasKantaraandIETFarebeingusedtodis2llinteroperabilityspecs
aboutfederatedmetadata,themovetodynamicmetadata,etc.
Stabilizingtheso<wareandstandards
• K-12StewardProgram– Allowsmemberstoregisterandmanagelocalorganiza2onsinInCommon,servingK-12,localnon-
profits,etc– Ascalingextensionofthetrustmodelthatmustbemanagedverycarefully
• BaselinePrac2cesbeingadopted– Sothatyoucancountonyourfederatedpartners– Someopsthoughts(keyrollover,so<warepatches,etc)– SomeIdMthoughts(iden2fiers)
• eduGAIN-Interna2onalinterfedera2on– 40+countries,2500IdP’sandthousandsofRelyingPar2es– Addressingcurrentstresses
• Metadatasize– Drivingtheneedfordynamicmetadataandmetadataquery
• Seman2candsyntac2cdifferences– Names,affilia2ons,etc.
• GDPRandinterna2onalprivacylaws
Growingfedera2onandstar2nginterfedera2on
• Social2SAMLandSAML2SocialGateways– Allowsstudents,theirparents,thepublic,ci2zenscien2sts,etcaccesstoorganiza2onal
resources• Raiseslotsofdevilsinthedetails
– Iden2typroofing,authen2ca2onstrength,etc.– Iden2fierdiscrepancies–informatandpolicy
• Buildingfedera2onsthatincludeOpenIdConnect– OpenIdintendedforbi-lateralrela2onships– Mul2-lateralR&ESAMLfedera2onsdesigninginfrastructuretoaddrichertrust,iden2fier
mappings,etc.
BridgingSocialandOrganiza2onalIden2ty
• Inafederatedworld,acri2calneedtoexchangeiden2tysecurityinforma2oninatrustworthyfashionamongpartners.– Accounttake-overinthesocialworld;passwordrecoveryimpacts– Federatedlogout– Malfunc2oningso<ware,e.g.theORCIDincident– AccountcompromiseatIdP
• Severaleffortsdevelopingelementstoimproveincidenthandling– SIRTFI
• CERN-ini2atedtrustmarkforsecuritycontacts,2melyresponses,etc
– Thesec-eventworkwithinIETF• JSONtokenandavarietyoftransportstocommunicateiden2tyevents(passwordreset,accounttakeover,etc)
Incidenthandling
• TwoIdP’s(outof2000)discoveredtobemisconfiguredandpoten2allycompromisingtrustbyleavingadooropenthatcouldallowausertoclaimanother’sscholarlyrecord.
• Therewasnoknowncompromise,buttheeventexposedasetofgapsinprocess.– IdPfederatedintegritytes2ng– Eventno2fica2onfromIdP– Responsibili2esoffederatedoperator,interfedera2onoperatorandcampusIdPnot
understood.– Measuredresponsemechanismsbyrelyingpar2es
• Aninteres2ng,andoverdue,opportunitytomature
TheORCIDincident
• AGributereleasehasproventobeanunexpectedchallenge– (Over-)Protec2vedatastewards– Lackofconsentinfrastructure– Primi2vepolicymanagementtools
• Policiesandprac2cesvarywidely– Europeanpoliciesinconsistent;GDPRchangeseverything– TrustmarkssuchasR&Shavelimitedsuccess– Socialappsincentbadprivacy
• Hub-and-spokefedera2onsandhomogeneouscountriesdobeGer
SolvingaGributereleaseandconsentchallenges
• Componentstocreateascalableconsentexperienceandinfrastructure– Aninfrastructurethatdeliversthecapabili2esandtheinforma2onto
allowusersandadministratorsmanagetheiraGributereleasefromtheiriden2typrovideratscale
– Auserinterfacethatenablesausertomakeeffec2veandinformeddecisionsaboutaGributerelease
– Toolsforanenterprisetomanagethatuserexperience• CatalyzedbyanNSTICgrantfromNIST,becomingpartoftheTIER
suite• Website
– hGps://spaces.internet2.edu/display/ScalableConsent/Scalable+Consent+Home
ScalableConsent
13
Next-genUIEnterpriseManagement
Console
AGributeSource
Consent-informedAGributeRelease
Manager(CARMA)
AGributeReleasePolicyServiceForIns2tu2ons(ARPSI)
ConsentEventrecords
ConsentPolicyServiceForUsers
(COPSU)
IdPTOSP
User
InformedContentManager
CARMA
• Thefuelthatdriveseffec2veandinformeduserconsentdecisions• Limited,thoughextensiblesetsofmarks,assessments,policies,etc.thatarepartofthe
UX– IconsforIdPandSP– SPIsRequiredandOp2onalAGributeNeeds– Display-namesanddisplay-valuesforaGributes– Trustmarkinforma2on– Explanatoryapplica2on-specificdialogueboxes(e.g.whyaGributeisneeded)– Privacyandthird-partyusepolicypointer– Addi2onalinforma2onfeeds
• VeGed,self-asserted,reputa2onsystems,etc• Far-reachinginsights-hGps://arxiv.org/abs/1608.05661
InformedContent
• ”Youarewhatyourelease”• Blindclickthroughisnotthegoal;Aninformedandeffec2vedecision.
– Goodfirst2medwellexperience;goodfurthersuppressionorrevoca2onop2ons• Originalnext-geninterfacedesignedbyCMUResearchersinUsablePrivacy• AdaptedandenhancedbyDukeUI/UXgroupwithitera2veusertes2ng
– hGp://people.duke.edu/~mkm16/projects/consent/• Somesurprisingresults
– Usersunderstandwhat’shappening– InbothUSandEuropeantes2ng,usersshowsomeinterestincontrollingconsent
Gepngtherightuserexperience
• Consistent,informeduserexperienceacrossavarietyofplaqormsandprotocols• Integra2onofins2tu2onalandindividualaGributes
– Loca2on– Emergencycontactandmedicalinforma2on– Personalschedules
• Teachingstudentshowtomanagetheirprivacy– Well-designedapproachesappeartobewell-received– Byshapingtheirexpecta2ons,wehelpthemshapeamarketplace
• Providingnewop2onsforaccessibility– AccessibilitywithPrivacy
CARMAopeningupnewcapabili2es
• Usershaveinformedandeffec2vetoolsformanagingtheiriden22esandaGributereleasepreferences
• Applica2onsbecomeaGribute-awareandimplementprivacystrategiessuchasdataminimiza2onandtargetedopaqueiden2fiers
• Iden2typrovidersoperateschemaandbusinessprocessestosupportrichuseraGributeinforma2on,includingci2zenandaccessibilityneeds,andadoptiden2typortabilityapproachesforcrea2ngamarketplace
• Trustmarksprovideuserswithvaluableinforma2oninmakingcontentandtrustmarkissuersusestandardauditapproachesforvalida2ngmarkholders
Wherewe’reheaded