Upload File

Download - REFEDS. Rome, October 2009 Attribute space: LoAs, aggregation and reputation

Transcript
Page 1: REFEDS. Rome, October 2009 Attribute space: LoAs, aggregation and reputation

REFEDS. Rome, October 2009

Attribute space: LoAs, aggregation and reputation

Page 2: REFEDS. Rome, October 2009 Attribute space: LoAs, aggregation and reputation

REFEDS. Rome, October 2009

Setting the Landscape

Page 3: REFEDS. Rome, October 2009 Attribute space: LoAs, aggregation and reputation

REFEDS. Rome, October 2009

LoLoAs (not an erratum)

• The LoA concept has originally been associated to quality of credentials Two-factor authentication vs username/password… SAML AuthN Context emphasized this NIST (and NIST-like) classifications did as well

• Attributes constitute the core of an identity• LoA on asserted attributes are key to take

informed decisions• And that brings us to different Levels of Levels of

Assurance

Page 4: REFEDS. Rome, October 2009 Attribute space: LoAs, aggregation and reputation

REFEDS. Rome, October 2009

The Axes

Page 5: REFEDS. Rome, October 2009 Attribute space: LoAs, aggregation and reputation

REFEDS. Rome, October 2009

Attribute Authorities• Entities providing additional attributes about users

Not available at their home IdP Mostly because of management reasons

• Key for the VO promise• Explosion of authoritative AttAuts is a concern• And they may pose additional privacy challenges• Several implementations currently available

VOMS (originally X.509-based, now with SAML gateway) SWITCH VO management system (Shib-based) FEIDE VO PoC (OAuth) RedIRIS AA (SAML-based) GN3 JRA3T2 (starting) …

Page 6: REFEDS. Rome, October 2009 Attribute space: LoAs, aggregation and reputation

REFEDS. Rome, October 2009

Attribute Aggregators

• User-controlled sources of attributes• Collecting them from AttAuts• The SHINTAU project

Shib-based Demo available at

http://issrg-beta.cs.kent.ac.uk:8080/loademo.html• The Kantara UMA Working Group

Mostly influenced by the OAuth community Attribute access can be considered a particular case No implementation yet http://kantarainitiative.org/confluence/display/uma/

Page 7: REFEDS. Rome, October 2009 Attribute space: LoAs, aggregation and reputation

REFEDS. Rome, October 2009

Reputation Systems

• AttAggs that offer additional interfaces to update attribute values

• Social trust and beliefs Social does not mean necessarily “massive”

• The next step in IdM?• Object of a work-item in TF-EMC2• Few (if any) implementations

The ARETUSA model for BitTorrent Plans to extend the RedIRIS AA

Page 8: REFEDS. Rome, October 2009 Attribute space: LoAs, aggregation and reputation

REFEDS. Rome, October 2009

The Possible Next Steps

• Attribute source discovery Open AttAut, AttAgg, Reputation sources? Are they total or partial members of federations?

• Representation for attribute sources and LoAs Meta-attributes?

• Evaluation procedures for trust on attributes Attribute algebra? LoA set operations?

• Keeping all this in the appropriate practical limits Avoid to make this an academic issue


Top Related

Attribute Examples
Attribute Examples
LOAS Talk Final - animalmigration.organimalmigration.org/migrate/2008_course/LOAS_talk.pdf · 1. Start LOAS 2. Open File a. File, Open Data File b. Navigate to the Desktop c. Look
LOAS Talk Final - animalmigration.organimalmigration.org/migrate/2008_course/LOAS_talk.pdf · 1. Start LOAS 2. Open File a. File, Open Data File b. Navigate to the Desktop c. Look
Microsoft... · Web view2.345 Attribute st 172 2.346 Attribute street 173 2.347 Attribute streetAddress 173 2.348 Attribute structuralObjectClass 174 2.349 Attribute subClassOf 174
Microsoft... · Web view2.345 Attribute st 172 2.346 Attribute street 173 2.347 Attribute streetAddress 173 2.348 Attribute structuralObjectClass 174 2.349 Attribute subClassOf 174
Networks ∙ Services ∙ People Nicole Harris, GÉANT GN4 Project Update “SA5”, or Identity Stuff REFEDS @ Internet2 Technology Exchange 2015
Networks ∙ Services ∙ People Nicole Harris, GÉANT GN4 Project Update “SA5”, or Identity Stuff REFEDS @ Internet2 Technology Exchange 2015
Semantic Analysis with Attribute Grammars Part 1ramakrishna/Compilers-Aug14/slides/12-semantic... · grammars L-attribute grammars, S-attribute grammars, ordered attribute grammars,
Semantic Analysis with Attribute Grammars Part 1ramakrishna/Compilers-Aug14/slides/12-semantic... · grammars L-attribute grammars, S-attribute grammars, ordered attribute grammars,
Microsoft... · Web view2.282 Attribute partialAttributeSet 143 2.283 Attribute pekList 143 2.284 Attribute personalTitle 143 2.285 Attribute photo 144 2.286 Attribute physicalDeliveryOfficeName
Microsoft... · Web view2.282 Attribute partialAttributeSet 143 2.283 Attribute pekList 143 2.284 Attribute personalTitle 143 2.285 Attribute photo 144 2.286 Attribute physicalDeliveryOfficeName
2.009 Product Engineering Processes - MITweb.mit.edu/2.009/www/lectures/30_business.pdf · abc def lmn 009 attribute k-1 attribute k … attribute 4 attribute 3 attribute 2 attribute
2.009 Product Engineering Processes - MITweb.mit.edu/2.009/www/lectures/30_business.pdf · abc def lmn 009 attribute k-1 attribute k … attribute 4 attribute 3 attribute 2 attribute
Home Loas Report
Home Loas Report