28
Is that a UPN or an email address?-> Workshop AAP, 31 maart 2009 Leon P. Kuunders @minbzk.nl q.o.t.d. "Besides the noble art of getting things done, there is the noble art of leaving things undone. The wisdom of life consists in the elimination of non essentials." - Lin Yutang

Workshop Personalization

Embed Size (px)

DESCRIPTION

Slides for a workshop on personalization, authorization and authentication.

Citation preview

Page 1: Workshop Personalization

Is that a UPN or an email address?->

Workshop AAP, 31 maart 2009Leon P. Kuunders @minbzk.nl

q.o.t.d.

"Besides the noble art of gettingthings done, there is the nobleart of leaving things undone.The wisdom of life consists in

the elimination of non essentials."- Lin Yutang

Page 2: Workshop Personalization

Is that a UPN or an email address?->

Workshop AAP, 31 maart 2009Leon P. Kuunders @minbzk.nl

workshop topic

AuthNAuthZ

Personalization

Page 3: Workshop Personalization

Is that a UPN or an email address?->

Workshop AAP, 31 maart 2009Leon P. Kuunders @minbzk.nl

rules

1) religion is not a subject2) “celebrate the differences”

3) fail and learn

Page 4: Workshop Personalization

Is that a UPN or an email address?->

Workshop AAP, 31 maart 2009Leon P. Kuunders @minbzk.nl

goal

Personalization with the exchange of the least possible

identity related information.

(is this user-centric identity management?)

Page 5: Workshop Personalization

Is that a UPN or an email address?->

Workshop AAP, 31 maart 2009Leon P. Kuunders @minbzk.nl

definitions

Authentication: “The act of proving who you are, and ”

Authorization: “the act of getting what you need, ”

Personalization: “the way you want it.”

Persona: mask

Identity: formed by context

Attributive use of descriptions: context information

Referential use of descriptions: definiteness on the persona. 1) 2)

Page 6: Workshop Personalization

Is that a UPN or an email address?->

Workshop AAP, 31 maart 2009Leon P. Kuunders @minbzk.nl

things done

Een SAML front-end voor DigID test tussen Buza en rijksoverheid.nl

Page 7: Workshop Personalization

Is that a UPN or an email address?->

Workshop AAP, 31 maart 2009Leon P. Kuunders @minbzk.nl

things done

Een OpenID + Ax test tussen BZK en FaSam.

Page 8: Workshop Personalization

Is that a UPN or an email address?->

Workshop AAP, 31 maart 2009Leon P. Kuunders @minbzk.nl

show hands

OpenID/OauthSAMLv2

Infocards/CardspaceXACML/PIP, PEP, PAP, PDP

Attribute/Claims Based Access Control

Page 9: Workshop Personalization

Is that a UPN or an email address?->

Workshop AAP, 31 maart 2009Leon P. Kuunders @minbzk.nl

Tools

Identity Stores (You)Network (Maurice)Wisdom (everyone)

Page 10: Workshop Personalization

Is that a UPN or an email address?->

Workshop AAP, 31 maart 2009Leon P. Kuunders @minbzk.nl

semantics anyone?

EpistemologyOntology

Page 11: Workshop Personalization

Is that a UPN or an email address?->

Workshop AAP, 31 maart 2009Leon P. Kuunders @minbzk.nl

backup

Page 12: Workshop Personalization

Is that a UPN or an email address?->

Workshop AAP, 31 maart 2009Leon P. Kuunders @minbzk.nl

Page 13: Workshop Personalization

Is that a UPN or an email address?->

Workshop AAP, 31 maart 2009Leon P. Kuunders @minbzk.nl

everything is a file

Page 14: Workshop Personalization

Is that a UPN or an email address?->

Workshop AAP, 31 maart 2009Leon P. Kuunders @minbzk.nl

user centric

Page 15: Workshop Personalization

Is that a UPN or an email address?->

Workshop AAP, 31 maart 2009Leon P. Kuunders @minbzk.nl

Notes

• Van den Hoven first suggested that Keith Donellan (1966) distinguished between referential use of descriptions and attributive use of descriptions.

• Huits-Manders suggests that better privacy protection can be achieved by using this difference. Both types represent identity-relevant information.

(Searl: 'de re'/'de dicto' and 'rev'/'att' have primary v. secondary aspects as real distinctions)

From 1) + 2) the question follows: how does this difference influence Identity & Access Management?

Derived principle (1): an authoritative IdP does not send referential descriptions.

Derived principle (2): an authoritative IdP can relay questions on referential descriptions.

Page 16: Workshop Personalization

Is that a UPN or an email address?->

Workshop AAP, 31 maart 2009Leon P. Kuunders @minbzk.nl

Authentication (AuthN)

user-id/ww

token voor de gebruiker/ token van de gebruiker

(“They can read minds nowadays, you know that? Only numbers so far, because that's all they could test on mice.”)

pas

token voor de gebruiker/ token van de gebruiker

(the mind-read mice!, cloning!)

Consume

Provide

Page 17: Workshop Personalization

Is that a UPN or an email address?->

Workshop AAP, 31 maart 2009Leon P. Kuunders @minbzk.nl

Page 18: Workshop Personalization

Is that a UPN or an email address?->

Workshop AAP, 31 maart 2009Leon P. Kuunders @minbzk.nl

Authorization (AuthZ)

getting what you need versus offering what you have?

Line of thought: in a network everything of value is a controlled endpoint.

Access is granted based upon proof

Proof can be anything that is agreed upon.

Trust is irrelevant. Resistance is not.

Page 19: Workshop Personalization

Is that a UPN or an email address?->

Workshop AAP, 31 maart 2009Leon P. Kuunders @minbzk.nl

Personalisation

Is this 'Context Delivery Architecure'?

Attributes? Who you are, what you

do, with whom, where and when, and with what... anything else?

TweakUI? What You Need Is

What You get. (WYNIWYG 2.0)

This is not a webpage.

Page 20: Workshop Personalization

Is that a UPN or an email address?->

Workshop AAP, 31 maart 2009Leon P. Kuunders @minbzk.nl

Diagram (via Jeroen, Anoigo)

Page 21: Workshop Personalization

Is that a UPN or an email address?->

Workshop AAP, 31 maart 2009Leon P. Kuunders @minbzk.nl

but first

Page 22: Workshop Personalization

Is that a UPN or an email address?->

Workshop AAP, 31 maart 2009Leon P. Kuunders @minbzk.nl

success

Page 23: Workshop Personalization

Is that a UPN or an email address?->

Workshop AAP, 31 maart 2009Leon P. Kuunders @minbzk.nl

Page 24: Workshop Personalization

Is that a UPN or an email address?->

Workshop AAP, 31 maart 2009Leon P. Kuunders @minbzk.nl

or

Page 25: Workshop Personalization

Is that a UPN or an email address?->

Workshop AAP, 31 maart 2009Leon P. Kuunders @minbzk.nl

Page 26: Workshop Personalization

Is that a UPN or an email address?->

Workshop AAP, 31 maart 2009Leon P. Kuunders @minbzk.nl

Page 27: Workshop Personalization

Is that a UPN or an email address?->

Workshop AAP, 31 maart 2009Leon P. Kuunders @minbzk.nl

Page 28: Workshop Personalization

Is that a UPN or an email address?->

Workshop AAP, 31 maart 2009Leon P. Kuunders @minbzk.nl