CSG Spring 2014- Identity Workshop: Ken Klingenstein

Federation today

Federated identity in private industry still tends to bilateral federation, but in government and R&E multilateral federation is becoming the norm.

US Government Efforts: FICAM (Classic identity services for government; slowly growing); NSTIC (Aimed at Next Gen services, privacy, etc. Has distinct governance and pilots efforts. Created by President Obama in 2009; Scoping is a finesse: affecting government identity interactions, but it wants to influence the commercial marketplace, but big commercial providers are not showing up. Idenity needs to be global, but post-Snowden is difficult.

What’s not working: Populating, releasing, and using attributes (attribute retentive instittuions); Social identity provdiers rules of engagement are very tricky – e.g. Yahoo reassigning email addresses. International layers fo rules (e.g. is IP address personally identifiable info?); New businesses without rules yet; The economics of higher LOA – Benefit to SP, cost to IdP. If you offer MFA on your campus, everybody in the federation benefits. 

Future of trust

Metadata growing rapidly and increasingly dynamic. Metadata needs fo cross federation boundaries and interoperate. Campus may want metadata from multiple aggregations. Interoperate includes syntactic and semantic meanings of tags.

– We’re leaving /etc/hosts and heading towards DNS

The future of technical trust – approaches: Metadata registries (Base level open source software (PEER), what is the trust model that allows me to deposit metadata about a third party? Metadata exchange protocls – MDX, moving through IETF standards processes; Several implementations exist for SAML and JSON metadata. Services instances that want to register and exchange metadata; developing a metadata aggregator for Shibboleth.

Policy – Implementing a trust for a COI requires addressing appropriate trust elements using two structures: Trust marks and trust frameworks. Work under way on an accessibility mark, a minor’s mark. Some marks may have a MUST/SHOUD/MAY format.

Now moving away from trust to the end user experience, provide privacy consent mechanisms.

Lifestyles of the Attribute Rich and Privacy Preserved (LARPP)

A tool for managing privacy attributes. Several CSG campuses participating. Tool cane out of the Swiss federation – over a third of the schools in Switzerland have adopted the tool. Work going on to describe accessibility attributes that can help software adapt. 

One interesting use case has to do with filtering out attributes released by social software (e.g. GMail). 

PrivacyLens – Open source privacy manager funded by NSTIC – available on GitHub.

Fulfilling the original federated vision

Scholarly Identity

CILogin – convets federated identity into grid credentials for national comput and data storcs

ORCID, SCienCV, etc.

 Currently space is disjointed – Federated identity, ORCID, Institutional scholarly record systems, Publishers and scholarly societies, Agencies, and Grant management systems. All use separate IDs. 

SciENCV = Science Experts Network Curriculum Vitae; SciENCV working group – lots of federal agencies participating. Voluntary researcher profile system. How do we get institutional attributes into SciEnCV? Each agency is doing things separately, want to link using ORCID. Need lines and flows in this scholarly identity space. Need to find leverage points and make it sustainable. Constituencies and economic interests are not well aligned.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: