Download - Gov Identity Mgmt Presentation
-
7/30/2019 Gov Identity Mgmt Presentation
1/42
Industry Solutions DirectorMicrosoft WW Public Sector
-
7/30/2019 Gov Identity Mgmt Presentation
2/42
Agenda
Megatrends and Government Challenges
Identity Management
Summary of Benefits
Case Studies: Identity Management at Work
Appendix: U-Prove Technology
-
7/30/2019 Gov Identity Mgmt Presentation
3/42
Today governments are facing a numberof megatrends and challenges
Improving Staff Productivity
Increasing Operational Efficiency
Working Collaboratively and
Taking Advantage of Shared Services
Leveraging the Power of Technology
Caring for the Environment
Delivering Social Care
Improving Customer (Citizen and Business)
Service Delivery
Improving Compliance and Accountability
Raising Standards in Education
Sustaining the Local Economy
Continuous Cost Reduction
More Efficient and Greener
IT Infrastructure
Increased Citizen Interaction
-
7/30/2019 Gov Identity Mgmt Presentation
4/42
eGovernment Identity Management SolutionsAddress a Number of these Challenges
Identity Management
solutions create digital
identities for citizens andenterprises, manage
their lifecycle, and
provide services for
user identification,
authentication, and
authorization across
borders and across
multiple identity systems.
Efficient and securedelivery of e-services
Seamless userexperience acrossboundaries
Simplifiedmanagement
Applicationdevelopementefficiency
Improving Staff Productivity
Increasing Operational Efficiency
Working Collaboratively and Taking
Advantage of Shared Services
Leveraging the Power
of Technology
Caring for the Environment
Delivering Social Care
Improving Customer (Citizen and
Business) Service Delivery
Improving Compliance
and Accountability
Raising Standards in Education
Sustaining the Local Economy
-
7/30/2019 Gov Identity Mgmt Presentation
5/42
Identity Management Key Benefits
IT can centrally manage accessto applications and data,regardless of location
Authentication method independenceacross applications
More efficient application ofsecurity policy
Open interfaces between the eIDinfrastructure and the consumingapplications or cloud services
Developers can externalizeauthentication / authorization
Faster, nimbler developmentof services Win. Identity Foundation
Secure eIDs enable eGovservices delivery, while reducingcost and fraud
Support for multiple authenticationmethods and security levels ofaccess to government services
Privacy, minimum ID disclosure
ID Federation across agencies,including cloud/hosted services
Single Sign On (SSO) experienceacross borders, platforms andauthentication methods
Federated access rights ondocuments posted on extranets
-
7/30/2019 Gov Identity Mgmt Presentation
6/42
Passwordresetandaccessrequestshandledthroughhelpdesk
AgencyXismanaging
AgencyYaccounts
Current SituationTime and labor intensive process
Multipleidentitiesandlimitedsign-onhelpDifferentsignonrequirementsforapplications
Remoteaccesssolutionw/
separateidentities
AgencyYismanaging
AgencyXaccounts
-
7/30/2019 Gov Identity Mgmt Presentation
7/42
Always-onaccessbuiltinto
platform
Moresecure,simplified
accessacrossagencies
AgencyXIDsareusedinthecloud
Singleidentityacrossresources
Identity and Access ManagementSimple and easy
-
7/30/2019 Gov Identity Mgmt Presentation
8/42
Key Government Challenges
Improving Staff Productivity
Increasing Operational Efficiency
Working Collaboratively and Taking Advantage of Shared Services
Leveraging the Power of Technology
Caring for the Environment
Delivering Social Care
Improving Customer (Citizen and Business) Service Delivery Improving Compliance and Accountability
Raising Standards in Education
Sustaining the Local Economy
Desktop Productivity Software
Data Warehousing
Collaboration &Content Mgmt
Customer Rel.Management
ApplicationIntegration
Mail
Server Operating System
Mobile Operating SystemDesktop Operating System
UnifiedCommunication
IntegratedDevelop
ment
Environment
Enterprise Res.Planning
SystemsManagement
Identity & AccessMgmt
Security Workflow
-
7/30/2019 Gov Identity Mgmt Presentation
9/42
Identity Management with Partners
ExampleofSolutionAreawithPartnerSolutions
Office
Dynamics ERP Dynamics CRM BizTalk Exchange
Windows Server
Windows MobileWindows Client
UnifiedCommunication
VisualStudio
MOSS
SQL Server System Ctr. AD/ADFS Forefront .NET Framework
Microsoft Consulting / Partner Solutions
SolutionComponent
OptionalComponent
-
7/30/2019 Gov Identity Mgmt Presentation
10/42
Office
Dynamics ERP Dynamics CRM BizTalk Exchange
Windows Server
Windows MobileWindows Client
UnifiedCommunication
VisualStudio
MOSS
SQL Server System Ctr. AD/ADFS Forefront .NET Framework
Microsoft Consulting / Partner Solutions
SolutionComponent
OptionalComponent
Identity Management with Partners
ExampleofSolutionAreawithArchitecturemapping
WithProductsowned/needed
You already own these products
Products needed to complete this solution
Forefront Identity ManagerUnified Access Gateway
Windows CardSpaceWindows Identity Foundation
Rights Mgmt Services CALor part of ECAL
SolutionDetail
Windows 7 includes SmartcardMinidriver concept, and Windows
Biometric Framework (WBF)
Active DirectoryFederation Services
(ADFS) 2.0
-
7/30/2019 Gov Identity Mgmt Presentation
11/42
Identity Management
Solution Area
-
7/30/2019 Gov Identity Mgmt Presentation
12/42
Some definitions
Term Meaning
Authentication Prove that you are eligible for a particular
online service (not necessarily revealing your
full identity)
Authorization What are your access rights or access levels
Federated Identity Trusting on-line users based on some other
entitys proof of authentication
Claims-based access Authorization by means of claims (attributes)Eg. Surname = Jiricek
Age>18 = Yes
Minimal Disclosure of
Personal Information
Reveal the minimal needed set of claims during
authentication & authorization
PII Personal Identifiable Information
-
7/30/2019 Gov Identity Mgmt Presentation
13/42
Requirements of Identity in eGovernment Services
Reduce Cost of e-Service Delivery
Identity as a Shared Service
Reuse existing IdP infrastructures
Remove unnecessary overhead
Improve Security and Trust
Jointly defined ID assurance levels
Identity across organiz. boundaries
Dynamic, claims-based access
Simplify Handling of Identity
Across on-premise and cloud Flexible for architecture changes
Agnostic to authentication methods
Improve User Centricity / Uptake
Users in control of personal data Minimal disclosure of personal data
Consistent User Experience
-
7/30/2019 Gov Identity Mgmt Presentation
14/42
Secure identity on-line as an enabler
Lower Risk Transactions
Less assurance required
Beyond a certain point, a high level
of identity assurance is necessary
to complete a transaction
Higher Risk Transactions
More assurance required
-
7/30/2019 Gov Identity Mgmt Presentation
15/42
e-Identity 1.0 Concept
Local User Directory
WebApplication
1. Require credentials
2. Enter credentials
Identity and Access Management are built
into each web service
User experience is application specific
PII disclosure follows data in local directory
4. Grant/deny accessBrowser
Service Provider
ID Mgmt
End User
-
7/30/2019 Gov Identity Mgmt Presentation
16/42
Identity Metasystem Concept(Vendor and technology neutral)
Identity Provider
End User Relying Party
Web
Application
Claims Provider
1. Require claims
4. Send claims
Establish trust
between
the Service
Provider
and the Identity
Provider
5. Grant/deny accessBrowser
Service Provider
Takes user directory and
authentication out of the application
Makes Identity Provider a shared service
Delivers consistent user experience
-
7/30/2019 Gov Identity Mgmt Presentation
17/42
How Identity Metasystem Contributes
Policy objectives Identity Federation Claims-based Access:
Identity = shared service Less cost for developers
Consistent user
experience
Minimal disclosure of
personal information
Common Identity
Assurance levels
Dynamic effect of identity
attributes (claims)
ID externalized fromapplications agnostic
to IdPs / authN
Same for on-premise andcloud
Reducing Cost
User Centricity
Security & Trust
Simplicity & Flexibility
-
7/30/2019 Gov Identity Mgmt Presentation
18/42
Microsoft Identity and Access ManagementBuilding Blocks
Self-service / automation of administration, workflows, password
reset, and group management
Secure remote access for employees, partners and contractors on
managed / unmanaged PCs and mobile devices.
Externalize identity logic from applications for a more secure,
flexible and interoperable identity model based on claims.
Repository for identities to centrally configure and administer
system, user, and application settings.
Standards-based platform for federated access and single sign-on
to applications on-premise, in the cloud, and cross-organizations
Secure remote access with Windows 7 PCs to organizational
resources without VPN just on Internet
Integrates single sign-on and centralized authorization into your
web applications. Supports most of common federation standards.Access Control Service
-
7/30/2019 Gov Identity Mgmt Presentation
19/42
Evolution of Microsoft Identity Manager
Identity Synchronization
User Provisioning
Certificate andSmartcard Management
Office Integration for Self-Service
Support for 3rd Party CAsExtensible authentication (OTP...)
Group & DL Management
Workflow and Policy
UserManagement
Group
Management
CredentialManagement
Common Platform
WorkflowConnectorsLoggingWeb Service APISynchronization
PolicyManagement
-
7/30/2019 Gov Identity Mgmt Presentation
20/42
Positioning FIM 2010 to BDMs (non-technical)
-
7/30/2019 Gov Identity Mgmt Presentation
21/42
Forefront Unified Access Gateway (UAG)
-
7/30/2019 Gov Identity Mgmt Presentation
22/42
Newsflash: SharePoint 2010 is Claims-enabled
22
Set trust
GovEmployeeorCitizen
Browser SameforSharePoint2010
OnLine
(ComingH1CY11)
On-Premise
External Id. Provider
SAML 2.0 / WS-FedADFS 2.0
Note: OpenID needs claims
transformation
Security Design principle Benefit
Passwords not synchronized to cloud Addresses passwords security concern
Federating with Enterprise identity mgmt Enterprises retain their credential policy
Enterprise 2-factor authN possible
Dynamic authentication Instant mapping of user attributes
Access
Authenticate
-
7/30/2019 Gov Identity Mgmt Presentation
23/42
Government Agency
Integrated scenarios: Office 365 Identity options
1. Microsoft Online IDs (cloud-based only)
AD
MS Online
Directory Sync
Identity
platform
Provisioning
platformLync
Online
SharePoint
Online
ExchangeOnline
Federation
Gateway
Active Directory
Federation
Server 2.0
Trust
IdPDirectory
Store
Admin Portal
Authentication
platformIdP
Microsoft
Office 365 Services
2. Microsoft Online IDs + DirSync (synchd with on-premise)
3. Federated IDs + DirSync: True Single Sign-On
End user
Administrator
-
7/30/2019 Gov Identity Mgmt Presentation
24/42
CloudApplication
Access Control Service
Enduser
Browser
ServiceBus
Federated & Claims-Based Access to Azure ServicesCloud- Using Access Control Service
Authenticate
Get access!
Benefits:
Externalizes handling Identity and Access from Azure apps (less work for the developers) Acts as Trust gateway between multiple customers and apps for easy administration
Interoperates with many federation standards / Identity Providers
Low cost but valuable service for Azure developers
-
7/30/2019 Gov Identity Mgmt Presentation
25/42
AppFabric Access Control Service 2.0 - Interoperability
Ref: Samples and Documentation on http://acs.codeplex.com/
Intro session on http://channel9.msdn.com
http://acs.codeplex.com/http://channel9.msdn.com/shows/Identity/Introducing-the-New-Features-of-the-August-Labs-Release-of-the-Access-Control-Service/http://channel9.msdn.com/http://channel9.msdn.com/http://channel9.msdn.com/http://channel9.msdn.com/shows/Identity/Introducing-the-New-Features-of-the-August-Labs-Release-of-the-Access-Control-Service/http://acs.codeplex.com/http://acs.codeplex.com/ -
7/30/2019 Gov Identity Mgmt Presentation
26/42
Customer Case Studies
-
7/30/2019 Gov Identity Mgmt Presentation
27/42
UK Government Gatewaywww.gateway.gov.uk
27
Uses Identity federation to allow
other departments to authenticate,
offering protocols
WS-Federation
Liberty Alliance
SAML 1.1 and SAML 2.0
Supports multiple levels ofidentity assurance via
Pin activated password
X.509 Certificates
Chip&Pin cards
One-Time Password (OTP)
http://www.gateway.gov.uk/http://www.gateway.gov.uk/ -
7/30/2019 Gov Identity Mgmt Presentation
28/42
UK Ministry of Defence Federating with UK Gateway
Customer ProfileCustomer: Ministry of Defence, UKSegment: Central GovernmentSeats: 320,000 personnel incl. 40,000 reservists. Approx 10,000 of them are remote users
Used UK Govt Gateway forChip&PIN authentication, MSIntelligent Apps Gway (IAG)for secure remote access,
Internet Security andAcceleration Server (ISA),Identity Lifecycle Manager2007 etc.
Identity & Access customsolution by Capgemini, EDS,Gemalto, Avaleris, MCS
Solution
Remote worker expenseclaims settled in 24 Hoursinstead of days or weeks
Saves taxpayers Many Millions
of Pounds in 10 yrs Secure access via One-Time
Passwords (OTP)
Integrates well with otherOracle based applications
Consolidates multiple formsof Digital Identity
CustomerResults/Benefits
10,000 of their orphanedusers without online accessto Line of Business applics.
E.g. field users expense
claims took weeks to sendand process on paper forms
Identified 20 routine HRapplications as a priority forsecure remote access tosave operating costs.
Customer Challenge
http://www.microsoft.com/casestudies/Case_Study_Detail.aspx?casestudyid=4000003478
http://www.microsoft.com/casestudies/Case_Study_Detail.aspx?casestudyid=4000003478http://www.microsoft.com/casestudies/Case_Study_Detail.aspx?casestudyid=4000003478 -
7/30/2019 Gov Identity Mgmt Presentation
29/42
Customer ProfileCustomer: Regional Government of Biscay (Spain)Segment: Local and Regional GovernmentProject: Citizen Service Platform (Largest Implementation to Date)
Identity Semantics Suite: Anidentity management layerenabling government to useexisting eIDs from otherauthorities for authentication
and transactional services. Admin. Compliance Suite: Meet
administrative law requirementssuch as signing and long-termarchiving.
Solution
Transparent management ofidentity and authenticationservices using own and 3rdparty eIDs.
Enable transactional servicesand Compliance with the 2010legal deadline.
Citizen-centric approachfacilitates access to citizenservices as well as the use ofthe platform by civil servants.
CustomerResults/Benefits
Political: realize a ground-breaking project building onbroadband access provided tothe population in the region
Regulatory: Compliance with2007 law requiring online publicservices by 2010 using diversecitizen eIDs.
IT: rationalize and update thetechnology platforms in usageacross the 100+ city-halls.
Customer Challenge
Regional Government of Biscay (Spain)Identity Solution for the Citizen Service Platform
-
7/30/2019 Gov Identity Mgmt Presentation
30/42
Vancouver Coastal Health: Seamless Collaborationhttp://www.microsoft.com/casestudies/Case_Study_Detail.aspx?CaseStudyID=4000007158
Customer ProfileThe Province of British Columbia, Canada, provides public services, such as healthcare, education, andtransportation, to the residents of British Columbia. Vancouver Coastal Health is one of the healthagencies in British Columbia.Segment: Health and Social Services
The Province decided toimplement a shared serviceeHealth Viewer, based onWindows Identity
Foundation infrastructure. Authorization managed by
claims-based access andfederation with employeeshome Active DirectoryFederation Services 2.0.
Solution
Solved the problem takingadvantage of existing ADcredentials
Only one user accountmanagement process
Dynamic access rightsimmediate update effect
System open for broaderfederation with other healthorganizations
CustomerResults/Benefits
Multiple health agenciesand hospitals neededsecure access to patienthealth records, stored in
the provincial systems. Traditionally, that would
involve creating andmaintaining new useraccounts with access rightsfor authorized personnel.
Customer Challenge
http://www.microsoft.com/casestudies/Case_Study_Detail.aspx?CaseStudyID=4000007158http://www.microsoft.com/casestudies/Case_Study_Detail.aspx?CaseStudyID=4000007158 -
7/30/2019 Gov Identity Mgmt Presentation
31/42
Identity Demo: Fraunhofer Fokus U-Prove PoC
Fraunhofer Fokus video (March 2010) 4 min med resolution
http://mms//msvcatalog-2.wmod.llnwd.net/a2249/e1/ds/us/CMG_US/CMG_Microsoft/2f237e0a-1142-4940-9292-a3f3e1f74460.wmvhttp://mms//msvcatalog-2.wmod.llnwd.net/a2249/e1/ds/us/CMG_US/CMG_Microsoft/2f237e0a-1142-4940-9292-a3f3e1f74460.wmvhttp://mms//msvcatalog-2.wmod.llnwd.net/a2249/e1/ds/us/CMG_US/CMG_Microsoft/2f237e0a-1142-4940-9292-a3f3e1f74460.wmvhttp://mms//msvcatalog-2.wmod.llnwd.net/a2249/e1/ds/us/CMG_US/CMG_Microsoft/2f237e0a-1142-4940-9292-a3f3e1f74460.wmv -
7/30/2019 Gov Identity Mgmt Presentation
32/42
Identity Management Partner Solutions(Examples of International IdM Solution Partners)
WISeKey Semantics Suite for Citizen Service Platform covers the fullidentity and compliance lifecycle: identify, access, sign, encrypt, validate,timestamp, and archive. www.wisekey.com/en/solutions/gov/csp
Gemalto Solutions for smartcards, tokens, and secure documents.Started in EMEA, now a global player www.gemalto.com
Omada Identity Manager Solution enhancing FIM 2010 functionality,also SharePoint secure access, Role based engine www.omada.net
Quest One Identity Solution, enhancing FIM 2010 and ADFS.Broad range of infrastructure solutions, multi-platform vendor. www.quest.com
L-1 End-to-end Driver License and National ID card issuance solutions.
Majority market shares in USA and Russia, expanding globally www.l1id.com
Indusa Global ICAO ePassport (with biometrics), Border control based onbiometric identification, secure eIDs. www.indusaglobal.com
http://www.wisekey.com/en/solutions/gov/csphttp://www.gemalto.com/http://www.omada.net/http://www.quest.com/http://www.l1id.com/http://www.indusaglobal.com/http://www.indusaglobal.com/http://www.l1id.com/http://www.quest.com/http://www.omada.net/http://www.omada.net/http://www.gemalto.com/http://www.gemalto.com/http://www.wisekey.com/en/solutions/gov/csp -
7/30/2019 Gov Identity Mgmt Presentation
33/42
Identity Management is Based on Familiar MicrosoftProducts [that you already own under EA]
Primary products Windows Server & Certificate Services ADDS or AD LDS, AD FS 2.0 Forefront Identity Manager Unified Access Gateway
SQL Server for large scale eID implementations Windows Identity Foundation
Attached products
Forefront Protection Suite System Center CardSpace
Optional products SharePoint Server (Resource and Policy mgmt)
-
7/30/2019 Gov Identity Mgmt Presentation
34/42
Summary: Identity Management
Microsoft, together with solutions partners,
delivers Identity Management solutions that:
Enable citizens, businesses, and employees
to securely access information they need to
be more productive
Integrate with the existing infrastructure and
accelerate application development
Are able to dynamically adapt to changing
needs, threats, and legal requirements
-
7/30/2019 Gov Identity Mgmt Presentation
35/42
Next Steps
Meeting to discus how to best fit theIdentity Management solution to your needs
Engage Microsoft to perform a Planning
and Architecture Design Session (ADS)
Build the business case for aIdentity Management solution
Deploy Solution
-
7/30/2019 Gov Identity Mgmt Presentation
36/42
Identity Management for SW Architects
Microsoft IAM Platform entry point on MSDNBlogs, videos, webcasts, whitepapers http://msdn.microsoft.com/en-us/security/aa570351.aspxGeneva Team Blog on MSDN good summary of external content - link
Windows Azure AppFabric Access Control ServiceAll AppFabric overview: http://www.microsoft.com/windowsazure/appfabric/Access Control Service video on MSDN Channel9Access Control Service sample code: http://acs.codeplex.com/
Identity Developer Training Kit downloadable pack (March2010 update):Contains a set of hands-on labs, documents and references that will help you to learn how to take advantage ofMicrosoft's latest identity and access control developer's products and services.http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=c3e315fa-94e2-4028-99cb-904369f177c0
Identity Developer Step-By-Step Claims Based AccessExplains how claims-based access works in common scenarios:http://blogs.msdn.com/vbertocci/archive/2009/05/15/more-details-about-the-identity-developer-training-kit.aspx
http://msdn.microsoft.com/en-us/security/aa570351.aspxhttp://blogs.msdn.com/card/archive/2009/11/18/windows-identity-foundation-wif-rtm-announced.aspxhttp://www.wisekey.com/en/solutions/gov/csphttp://www.microsoft.com/windowsazure/appfabric/http://channel9.msdn.com/shows/Identity/Introducing-the-New-Features-of-the-August-Labs-Release-of-the-Access-Control-Service/http://acs.codeplex.com/http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=c3e315fa-94e2-4028-99cb-904369f177c0http://blogs.msdn.com/vbertocci/archive/2009/05/15/more-details-about-the-identity-developer-training-kit.aspxhttp://blogs.msdn.com/vbertocci/archive/2009/05/15/more-details-about-the-identity-developer-training-kit.aspxhttp://blogs.msdn.com/vbertocci/archive/2009/05/15/more-details-about-the-identity-developer-training-kit.aspxhttp://blogs.msdn.com/vbertocci/archive/2009/05/15/more-details-about-the-identity-developer-training-kit.aspxhttp://blogs.msdn.com/vbertocci/archive/2009/05/15/more-details-about-the-identity-developer-training-kit.aspxhttp://blogs.msdn.com/vbertocci/archive/2009/05/15/more-details-about-the-identity-developer-training-kit.aspxhttp://blogs.msdn.com/vbertocci/archive/2009/05/15/more-details-about-the-identity-developer-training-kit.aspxhttp://blogs.msdn.com/vbertocci/archive/2009/05/15/more-details-about-the-identity-developer-training-kit.aspxhttp://blogs.msdn.com/vbertocci/archive/2009/05/15/more-details-about-the-identity-developer-training-kit.aspxhttp://blogs.msdn.com/vbertocci/archive/2009/05/15/more-details-about-the-identity-developer-training-kit.aspxhttp://blogs.msdn.com/vbertocci/archive/2009/05/15/more-details-about-the-identity-developer-training-kit.aspxhttp://blogs.msdn.com/vbertocci/archive/2009/05/15/more-details-about-the-identity-developer-training-kit.aspxhttp://blogs.msdn.com/vbertocci/archive/2009/05/15/more-details-about-the-identity-developer-training-kit.aspxhttp://blogs.msdn.com/vbertocci/archive/2009/05/15/more-details-about-the-identity-developer-training-kit.aspxhttp://blogs.msdn.com/vbertocci/archive/2009/05/15/more-details-about-the-identity-developer-training-kit.aspxhttp://blogs.msdn.com/vbertocci/archive/2009/05/15/more-details-about-the-identity-developer-training-kit.aspxhttp://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=c3e315fa-94e2-4028-99cb-904369f177c0http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=c3e315fa-94e2-4028-99cb-904369f177c0http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=c3e315fa-94e2-4028-99cb-904369f177c0http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=c3e315fa-94e2-4028-99cb-904369f177c0http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=c3e315fa-94e2-4028-99cb-904369f177c0http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=c3e315fa-94e2-4028-99cb-904369f177c0http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=c3e315fa-94e2-4028-99cb-904369f177c0http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=c3e315fa-94e2-4028-99cb-904369f177c0http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=c3e315fa-94e2-4028-99cb-904369f177c0http://acs.codeplex.com/http://acs.codeplex.com/http://channel9.msdn.com/shows/Identity/Introducing-the-New-Features-of-the-August-Labs-Release-of-the-Access-Control-Service/http://channel9.msdn.com/shows/Identity/Introducing-the-New-Features-of-the-August-Labs-Release-of-the-Access-Control-Service/http://www.microsoft.com/windowsazure/appfabric/http://www.microsoft.com/windowsazure/appfabric/http://www.wisekey.com/en/solutions/gov/csphttp://blogs.msdn.com/card/archive/2009/11/18/windows-identity-foundation-wif-rtm-announced.aspxhttp://msdn.microsoft.com/en-us/security/aa570351.aspxhttp://msdn.microsoft.com/en-us/security/aa570351.aspxhttp://msdn.microsoft.com/en-us/security/aa570351.aspx -
7/30/2019 Gov Identity Mgmt Presentation
37/42
Privacy By Design -
U-Prove Technology Appendix
-
7/30/2019 Gov Identity Mgmt Presentation
38/42
Increased Privacy Concerns - Minimize PII Disclosure
PII = Personal Identifiable Information
-
7/30/2019 Gov Identity Mgmt Presentation
39/42
Existing standards, but some risks remain...
http://xml.coverpages.org/IMI-Standard.htmlInformation Cards Identity Selector
www.projectliberty.org
http://www.fokus.fraunhofer.de/de/fokus_testbeds/secure_eidentity-lab/projekte/u_prove/index.html
http://www.fokus.fraunhofer.de/de/fokus_testbeds/secure_eidentity-lab/projekte/u_prove/index.htmlhttp://www.fokus.fraunhofer.de/de/fokus_testbeds/secure_eidentity-lab/projekte/u_prove/index.htmlhttp://www.fokus.fraunhofer.de/de/fokus_testbeds/secure_eidentity-lab/projekte/u_prove/index.htmlhttp://www.fokus.fraunhofer.de/de/fokus_testbeds/secure_eidentity-lab/projekte/u_prove/index.htmlhttp://www.projectliberty.org/http://xml.coverpages.org/IMI-Standard.htmlhttp://xml.coverpages.org/IMI-Standard.htmlhttp://xml.coverpages.org/IMI-Standard.html -
7/30/2019 Gov Identity Mgmt Presentation
40/42
Identity Metasystem Using U-Prove Technology
40
A. Token
requestB. Token
response
1. Request
access2. Policy
3. Token
STS
Client
User-centric
trust
Identity Provider Relying Party
IPIP
-
7/30/2019 Gov Identity Mgmt Presentation
41/42
U-Prove Technology Released
www.microsoft.com/uprove
http://www.microsoft.com/U-Provehttp://www.microsoft.com/U-Prove -
7/30/2019 Gov Identity Mgmt Presentation
42/42
Thank [email protected]
mailto:[email protected]:[email protected]:[email protected]:[email protected]