venerdì ott 16, 2009

The Cube of Identity

Next week there will be the ICT Security Forum at Rome, and I'm preparing a speech for this event about "Identity in the Cloud: what's next trust level", where I'm going to talk about how the new paradigms as Web 2.0, Software as a Service (SaaS) and cloud computing have introduced new needs related the security and the privacy of the information and how digital identity is critical and success factor to manage authentication and authorization complexity in a distributed environment, and what kind of level of assurance can be reached.

With the prospective to give to the audience an harmonized unique graphic view of the most important open identity standard technologies, I've created a Cube.

The idea to use a Cube as representation of open Identity technologies was borne when I've studied the Venn of Identity with the goal to introduce OAuth protocol in the Venn graph. Discussing with Eve Maler about this opportunity, she suggested the need to separate the front-channel from back-channel, she also mentioned that she hadn't found a way to combine OAuth with the original Venn in a way she was happy, as you can see in the her recently publishing a Venn of Identity in web Service. I thought, this can be reachable with the front-face and back-face of a Cube!!  

As you can see in the above cube picture, each front-face have a corresponding back-face (i.e. OpenID->OAuth, SAML->Id-WSF, InfoCard->WS-\*) or if you rotate (imagine) the cube you can have different prospectives (inter-enterprise/SaaS, consumer, ect.).  There are also some other interesting aspects as adjacent property, related to create an hybrid system (See bootstrapping the Identity metasystem), that is, combining or chaining systems and enabling transaction between them (i.e SAML -> OpenID, InfoCard -> ID-WSF, SAML->OAuth). Is this a magic cube of Identity? Comment it ;)

These models/systems could open interesting opportunity for the Italian National Centre for IT in Public Administration (CNIPA) which is involved in defining a National Federated Identity Management system based on SAML2.0, implementing a user-centric mechanism used to authorize and control the access to application services over SPCoop (Public Cooperative System). 

About

Federated Identity Management, Security, Service Oriented Architecture

Search

Categories
Archives
« aprile 2014
lunmarmergiovensabdom
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
    
       
Today