workshop personalization
DESCRIPTION
Slides for a workshop on personalization, authorization and authentication.TRANSCRIPT
Is that a UPN or an email address?->
Workshop AAP, 31 maart 2009Leon P. Kuunders @minbzk.nl
q.o.t.d.
"Besides the noble art of gettingthings done, there is the nobleart of leaving things undone.The wisdom of life consists in
the elimination of non essentials."- Lin Yutang
Is that a UPN or an email address?->
Workshop AAP, 31 maart 2009Leon P. Kuunders @minbzk.nl
workshop topic
AuthNAuthZ
Personalization
Is that a UPN or an email address?->
Workshop AAP, 31 maart 2009Leon P. Kuunders @minbzk.nl
rules
1) religion is not a subject2) “celebrate the differences”
3) fail and learn
Is that a UPN or an email address?->
Workshop AAP, 31 maart 2009Leon P. Kuunders @minbzk.nl
goal
Personalization with the exchange of the least possible
identity related information.
(is this user-centric identity management?)
Is that a UPN or an email address?->
Workshop AAP, 31 maart 2009Leon P. Kuunders @minbzk.nl
definitions
Authentication: “The act of proving who you are, and ”
Authorization: “the act of getting what you need, ”
Personalization: “the way you want it.”
Persona: mask
Identity: formed by context
Attributive use of descriptions: context information
Referential use of descriptions: definiteness on the persona. 1) 2)
Is that a UPN or an email address?->
Workshop AAP, 31 maart 2009Leon P. Kuunders @minbzk.nl
things done
Een SAML front-end voor DigID test tussen Buza en rijksoverheid.nl
Is that a UPN or an email address?->
Workshop AAP, 31 maart 2009Leon P. Kuunders @minbzk.nl
things done
Een OpenID + Ax test tussen BZK en FaSam.
Is that a UPN or an email address?->
Workshop AAP, 31 maart 2009Leon P. Kuunders @minbzk.nl
show hands
OpenID/OauthSAMLv2
Infocards/CardspaceXACML/PIP, PEP, PAP, PDP
Attribute/Claims Based Access Control
Is that a UPN or an email address?->
Workshop AAP, 31 maart 2009Leon P. Kuunders @minbzk.nl
Tools
Identity Stores (You)Network (Maurice)Wisdom (everyone)
Is that a UPN or an email address?->
Workshop AAP, 31 maart 2009Leon P. Kuunders @minbzk.nl
semantics anyone?
EpistemologyOntology
Is that a UPN or an email address?->
Workshop AAP, 31 maart 2009Leon P. Kuunders @minbzk.nl
backup
Is that a UPN or an email address?->
Workshop AAP, 31 maart 2009Leon P. Kuunders @minbzk.nl
Is that a UPN or an email address?->
Workshop AAP, 31 maart 2009Leon P. Kuunders @minbzk.nl
everything is a file
Is that a UPN or an email address?->
Workshop AAP, 31 maart 2009Leon P. Kuunders @minbzk.nl
user centric
Is that a UPN or an email address?->
Workshop AAP, 31 maart 2009Leon P. Kuunders @minbzk.nl
Notes
• Van den Hoven first suggested that Keith Donellan (1966) distinguished between referential use of descriptions and attributive use of descriptions.
• Huits-Manders suggests that better privacy protection can be achieved by using this difference. Both types represent identity-relevant information.
(Searl: 'de re'/'de dicto' and 'rev'/'att' have primary v. secondary aspects as real distinctions)
From 1) + 2) the question follows: how does this difference influence Identity & Access Management?
Derived principle (1): an authoritative IdP does not send referential descriptions.
Derived principle (2): an authoritative IdP can relay questions on referential descriptions.
Is that a UPN or an email address?->
Workshop AAP, 31 maart 2009Leon P. Kuunders @minbzk.nl
Authentication (AuthN)
user-id/ww
token voor de gebruiker/ token van de gebruiker
(“They can read minds nowadays, you know that? Only numbers so far, because that's all they could test on mice.”)
pas
token voor de gebruiker/ token van de gebruiker
(the mind-read mice!, cloning!)
Consume
Provide
Is that a UPN or an email address?->
Workshop AAP, 31 maart 2009Leon P. Kuunders @minbzk.nl
Is that a UPN or an email address?->
Workshop AAP, 31 maart 2009Leon P. Kuunders @minbzk.nl
Authorization (AuthZ)
getting what you need versus offering what you have?
Line of thought: in a network everything of value is a controlled endpoint.
Access is granted based upon proof
Proof can be anything that is agreed upon.
Trust is irrelevant. Resistance is not.
Is that a UPN or an email address?->
Workshop AAP, 31 maart 2009Leon P. Kuunders @minbzk.nl
Personalisation
Is this 'Context Delivery Architecure'?
Attributes? Who you are, what you
do, with whom, where and when, and with what... anything else?
TweakUI? What You Need Is
What You get. (WYNIWYG 2.0)
This is not a webpage.
Is that a UPN or an email address?->
Workshop AAP, 31 maart 2009Leon P. Kuunders @minbzk.nl
Diagram (via Jeroen, Anoigo)
Is that a UPN or an email address?->
Workshop AAP, 31 maart 2009Leon P. Kuunders @minbzk.nl
but first
Is that a UPN or an email address?->
Workshop AAP, 31 maart 2009Leon P. Kuunders @minbzk.nl
success
Is that a UPN or an email address?->
Workshop AAP, 31 maart 2009Leon P. Kuunders @minbzk.nl
Is that a UPN or an email address?->
Workshop AAP, 31 maart 2009Leon P. Kuunders @minbzk.nl
or
Is that a UPN or an email address?->
Workshop AAP, 31 maart 2009Leon P. Kuunders @minbzk.nl
Is that a UPN or an email address?->
Workshop AAP, 31 maart 2009Leon P. Kuunders @minbzk.nl
Is that a UPN or an email address?->
Workshop AAP, 31 maart 2009Leon P. Kuunders @minbzk.nl
Is that a UPN or an email address?->
Workshop AAP, 31 maart 2009Leon P. Kuunders @minbzk.nl