Date post: | 24-Dec-2015 |
Category: |
Documents |
Upload: | pauline-jean-lane |
View: | 214 times |
Download: | 0 times |
July 25, 2005 PEP Workshop, UM 2005 1
A Single Sign-On Identity Management System
Without a Trusted Third PartyBrian Richardson and Jim GreerBrian Richardson and Jim Greer
ARIES LabARIES Lab
Department of Computer ScienceDepartment of Computer Science
University of SaskatchewanUniversity of Saskatchewan
July 25, 2005 PEP Workshop, UM 2005 2
OverviewOverview
Purpose:Purpose: To create a personal information To create a personal information
management system for online management system for online businesses/consumersbusinesses/consumers
Why?Why? Help users manage their personal Help users manage their personal
information and be aware of who has itinformation and be aware of who has it Help businesses comply with some Help businesses comply with some
areas of privacy legislationareas of privacy legislation
July 25, 2005 PEP Workshop, UM 2005 3
MotivationMotivation
Legislation: Legislation: Canada’s Personal Information Protection and Canada’s Personal Information Protection and
Electronic Documents Act (PIPEDA)Electronic Documents Act (PIPEDA) Privacy Concerns: Privacy Concerns:
The increasing concerns of Internet users The increasing concerns of Internet users about what information online businesses about what information online businesses recordrecord
Tool Support: Tool Support: The lack of an available privacy tool that The lack of an available privacy tool that
allows for management of multiple identitiesallows for management of multiple identities
July 25, 2005 PEP Workshop, UM 2005 4
Privacy Tools and Privacy Tools and ResearchResearch
P3PP3P TRUSTeTRUSTe Privacy CriticsPrivacy Critics PISAPISA PPCSPPCS EPAEPA EPALEPAL
SAMLSAML FIMFIM PRIMEPRIME FIDISFIDIS Liberty AllianceLiberty Alliance MS .NET PassportMS .NET Passport MS InfocardsMS Infocards
July 25, 2005 PEP Workshop, UM 2005 5
Design GoalsDesign Goals
Goal: try to design a personal information Goal: try to design a personal information service, service, but with the following restrictions:but with the following restrictions: Does NOT:Does NOT:
use a third-party for management of personal information use a third-party for management of personal information require passing identity information between businessesrequire passing identity information between businesses
Does permit: Does permit: multiple identities from within a single user accountmultiple identities from within a single user account greater access for users managing their personal greater access for users managing their personal
informationinformation businesses to comply with disclosure rules defined by businesses to comply with disclosure rules defined by
PIPEDAPIPEDA
July 25, 2005 PEP Workshop, UM 2005 6
Identity Management Identity Management Architecture (IMA)Architecture (IMA)
The IMA system has two main components:The IMA system has two main components:
1.1. IMA Toolbar/Manager (Client): IMA Toolbar/Manager (Client): An application that attaches to the user’s An application that attaches to the user’s
web browser and handles the management web browser and handles the management of all user identities and web browsing of all user identities and web browsing history.history.
2.2. IMA Web Service (Business): IMA Web Service (Business): A web service that each participating A web service that each participating
business provides to allow users of the business provides to allow users of the IMA Manager to send and receive identity IMA Manager to send and receive identity information.information.
July 25, 2005 PEP Workshop, UM 2005 7
Architecture OverviewArchitecture Overview
IMA User
Machine with IMA Toolbar installed
IMA Manager
Application
IMA Participating Business
Database
Visits participating business’s web site
Browsing the Internet
Store identitiesand profiles
Communicate with businessthrough web service interface
Create/Update identities, view profile information, etc.
July 25, 2005 PEP Workshop, UM 2005 8
Key FeaturesKey Features
The three key features of the IMA system:The three key features of the IMA system: Provides for the creation and management Provides for the creation and management
of multiple discrete personal identities.of multiple discrete personal identities. Allows users to restrict the access that Allows users to restrict the access that
businesses have to identifying information.businesses have to identifying information. Provides users with the ability to request Provides users with the ability to request
from a business what personal information from a business what personal information is storedis stored
July 25, 2005 PEP Workshop, UM 2005 9
HypothesisHypothesis
The two key questions this research answers The two key questions this research answers are:are:
– Does the IMA System provide users with Does the IMA System provide users with more flexibility and control over the more flexibility and control over the management of their personal information management of their personal information than a third-party system does? than a third-party system does?
– Does the IMA System support business Does the IMA System support business compliance with current privacy compliance with current privacy legislation? legislation?
July 25, 2005 PEP Workshop, UM 2005 10
.NET Passport.NET PassportPassport
User
PassportBusiness
.NET Passport
Return user’s passport account
Provide user’s sign-in information
Sign-in using passport
Create a passport account
July 25, 2005 PEP Workshop, UM 2005 11
Liberty AllianceLiberty Alliance
User
Liberty AllianceBusiness
AProvides
user’saccount
Liberty AllianceBusiness
B
Requests user’s account
User creates an accountwith a business they trust
User logs in at business B which has a relationship with business A
July 25, 2005 PEP Workshop, UM 2005 12
IMAIMA
IMA User IMABusiness
Provides user with access to updateAnd review personal information
IMA client provides authentication info to business if an established relationship exists
July 25, 2005 PEP Workshop, UM 2005 13
Identity-to-Business Identity-to-Business AssociationsAssociations
IMAManager
IdentityAnonymous
IdentityPersonal
IdentityWork
Business A Business B Business C
July 25, 2005 PEP Workshop, UM 2005 14
Managed RelationshipsManaged Relationships
.NET Passport
Liberty Alliance
IMA
Passport
Liberty Alliance
IMA
July 25, 2005 PEP Workshop, UM 2005 15
ImplementationImplementation
IMA ToolbarIMA Toolbar IMA ManagerIMA Manager IMA Web ServiceIMA Web Service Example participating business web Example participating business web
sitesite XML DataXML Data
July 25, 2005 PEP Workshop, UM 2005 16
IMA ToolbarIMA Toolbar
Participation IconParticipation Icon Account logged inAccount logged in Identity listIdentity list ““Go” (associate Go” (associate
identity)identity) Eye logo, opens Eye logo, opens
the IMA Manager the IMA Manager applicationapplication
July 25, 2005 PEP Workshop, UM 2005 18
IMA Web ServiceIMA Web Service public bool Authenticate( … ) public bool Authenticate( … ) public void AddIdentity( … ) public void AddIdentity( … ) public Ima.Manage.Identity GetIdentity( .. ) public Ima.Manage.Identity GetIdentity( .. ) public void UpdateIdentity( … ) public void UpdateIdentity( … ) public void AddProfile( … )public void AddProfile( … ) public Ima.Manage.Profiles GetProfile( … ) public Ima.Manage.Profiles GetProfile( … ) public void UpdateProfile( … ) public void UpdateProfile( … ) public void AddHistoryItem( … )public void AddHistoryItem( … ) public void AddVisitor( … )public void AddVisitor( … )
July 25, 2005 PEP Workshop, UM 2005 21
EvaluationEvaluation
The IMA system was evaluated on The IMA system was evaluated on two criteria to show how it answers two criteria to show how it answers the research questions posed by the research questions posed by this thesis:this thesis:
1.1. Access to Personal InformationAccess to Personal Information
2.2. Privacy Legislation CompliancePrivacy Legislation Compliance
July 25, 2005 PEP Workshop, UM 2005 22
Access to Personal Access to Personal Information Comparison Information Comparison
CriteriaCriteria1.1. Ability to edit information Ability to edit information 2.2. Tracking of business to identity associations Tracking of business to identity associations 3.3. Viewing of information stored at a business Viewing of information stored at a business 4.4. Removing of information stored at a businessRemoving of information stored at a business5.5. The creation of multiple discrete identities The creation of multiple discrete identities 6.6. The ability to link an identity to a businessThe ability to link an identity to a business7.7. No reliance on third party storageNo reliance on third party storage8.8. Tracking of information provided to a business Tracking of information provided to a business 9.9. Automatically pushes out information updates Automatically pushes out information updates
to businesses that information has been used at to businesses that information has been used at
July 25, 2005 PEP Workshop, UM 2005 23
Access to Personal Access to Personal InformationInformation
Comparison ResultsComparison ResultsSummary of Information Access Comparison
0
1
2
3
4
5
6
7
8
9
10
.Net Passport Liberty Alliance Info-Cards IMA
Systems Reviewed
Information Access/Update/Management
Comparison Answers
No
Unknown
Yes
July 25, 2005 PEP Workshop, UM 2005 24
Privacy Legislation Privacy Legislation ComplianceCompliance
Comparison CriteriaComparison Criteria Based on PIPEDA and DPA Based on PIPEDA and DPA
principlesprinciples1.1. Consent must be obtainedConsent must be obtained
2.2. Limit collection of personal dataLimit collection of personal data
3.3. Limit use, disclosure, and retention Limit use, disclosure, and retention
4.4. Ensure the accuracy of information Ensure the accuracy of information
5.5. Give individuals access to their Give individuals access to their informationinformation
July 25, 2005 PEP Workshop, UM 2005 25
Privacy CompliancePrivacy ComplianceComparison SummaryComparison Summary
Summary of Privacy Legislation Compliance Comparison
0
1
2
3
4
5
6
.Net Passport Liberty Alliance Info-Cards IMA
Systems Reviewed
Business Responsibilities to Support Compliance
with PIPEDA
No
Partially
Yes
July 25, 2005 PEP Workshop, UM 2005 26
Benefits of the IMA Benefits of the IMA SystemSystem
For Internet Users:For Internet Users: More control over More control over
personal informationpersonal information Stay informed of what Stay informed of what
information has been information has been given to a businessgiven to a business
Ability to view, add, Ability to view, add, modify, and remove modify, and remove personal informationpersonal information
Update information for Update information for multiple businesses by multiple businesses by entering it onceentering it once
For Businesses:For Businesses: Improved compliance Improved compliance
with privacy legislationwith privacy legislation Identity information Identity information
managed and updated managed and updated by usersby users
More accurate contact More accurate contact information since users information since users can correct mistakescan correct mistakes
Improves business’s Improves business’s ability to personalize ability to personalize contentcontent
July 25, 2005 PEP Workshop, UM 2005 27
ChallengesChallenges Issues in the IMA system that will need to Issues in the IMA system that will need to
be addressed:be addressed: Security of informationSecurity of information Information stored on client machineInformation stored on client machine Account theftAccount theft
Posing as another user to retrieve their personal Posing as another user to retrieve their personal information from a businessinformation from a business
LeachingLeaching Businesses using the IMA web service to gather Businesses using the IMA web service to gather
identity information but not:identity information but not: making their participation publicmaking their participation public providing users with access to their profile providing users with access to their profile
July 25, 2005 PEP Workshop, UM 2005 28
ContributionsContributions Lack of reliance on third party for Lack of reliance on third party for
management of personal informationmanagement of personal information Use of multiple discrete identities all Use of multiple discrete identities all
managed from a single user accountmanaged from a single user account Identity-to-Business associations, Identity-to-Business associations,
managed for you by the IMA systemmanaged for you by the IMA system Disclosure, correction, and removal of Disclosure, correction, and removal of
personal information managed by userpersonal information managed by user Improved compliance for businesses with Improved compliance for businesses with
privacy legislation disclosure privacy legislation disclosure requirementsrequirements
July 25, 2005 PEP Workshop, UM 2005 29
Future WorkFuture Work
IMA system:IMA system: Address security issuesAddress security issues Account access from multiple locationsAccount access from multiple locations
Possible focus switch: Possible focus switch: look at how existing systems (i.e., look at how existing systems (i.e.,
Passport and Liberty Alliance) could be Passport and Liberty Alliance) could be adapted to support:adapted to support: Multiple identitiesMultiple identities Disclosure on demandDisclosure on demand