true user-centric identity management · 2006-12-05 · true user-centric identity management dr...
TRANSCRIPT
true user-centric identity management
Dr Jan CamenischTechnical Leader PRIMEProject Leader CryptographyIBM Research Zurich
IBM Zurich Research Lab
True User-Centric Identity Management © 2006 IBM Corporation
True User-Centric Identity Management
In the Information Society, users can act and interact in a safe and secure way while retaining control of their private sphere.
IBM Zurich Research Lab
True User-Centric Identity Management © 2006 IBM Corporation
Simple ID Management: Accountability & Privacy
IBM Zurich Research Lab
True User-Centric Identity Management © 2006 IBM Corporation
Simple ID Management: Accountability & Privacy
IBM Zurich Research Lab
True User-Centric Identity Management © 2006 IBM Corporation
Simple ID Management: Accountability & Privacy
???
IBM Zurich Research Lab
True User-Centric Identity Management © 2006 IBM Corporation
Simple ID Management: Accountability & Privacy
Anonymity could allow for undetectable sharing!
IBM Zurich Research Lab
True User-Centric Identity Management © 2006 IBM Corporation
Conclusion: Partial Identities
Different IDs/Pseudonyms Credentials on Different Nyms Controlled Release of Attributes Enable Accountability & Anonymity
IBM Zurich Research Lab
True User-Centric Identity Management © 2006 IBM Corporation
idemix – A Private Credential System
Strong Flexible Authentication – “New” signatures and encryption schemes
– User have different pseudonyms with different parties;– Credentials are issued to pseudonyms and are
transferrable;– Controlled release of attributes;– Different transactions cannot be linked;– Anonymity is revocable in designated cases;– A number of mechanisms to prevent abuse (money
laundering, shared access,...).
www.zurich.ibm.com/security/idemix
IBM Zurich Research Lab
True User-Centric Identity Management © 2006 IBM Corporation
What Technologies Are Needed?
Attributed Based Access control
Policies towards users Enforcement of Policies Change of Business
Processes
Privacy Policy Data minimization Easy Management of Partial
Identities Usable Interfaces
(Anonymous Communication)
IBM Zurich Research Lab
True User-Centric Identity Management © 2006 IBM Corporation
Privacy-Enhancing ID Mgmt for Europe
A Holistic Approach– Legal, Social & Economic Framework– Architecture– Prototype of architecture & user interface– Application demonstrator (e-learning, LBS)– Tutorials (general public, end-user, experts)– Research in all areas
www.prime-project.eu
True User-Centric Identity Management is Possible!
IBM Zurich Research Lab
True User-Centric Identity Management © 2006 IBM Corporation
11
Enable dynamic, automatic capture of people information from disparate information repositories
Facilitate integration with diverse identity management systems
Ease management of identity, profile, reputation and relationship data across repositories
YOUEm
ail
or I
MCo
mmunities of
Interest
WebsitesBuddy Lists
Enterprise
Apps
Virtual
Spaces
Higgins Trust Framework
Eclipse
An Eclipse open source project supported by IBM,Novell and Parity that will:
Open Source Framework Enhances Identity Management
http://wiki.eclipse.org/index.php/Higgins_Wiki
IBM Zurich Research Lab
True User-Centric Identity Management © 2006 IBM Corporation
Still a long way to go
........ but we are underway
Jan Camenisch [email protected]/higginswww.zurich.ibm.com/security/idemix