true user-centric identity management

Dr Jan CamenischTechnical Leader PRIMEProject Leader CryptographyIBM Research Zurich

IBM Zurich Research Lab

True User-Centric Identity Management © 2006 IBM Corporation

True User-Centric Identity Management

In the Information Society, users can act and interact in a safe and secure way while retaining control of their private sphere.

IBM Zurich Research Lab

True User-Centric Identity Management © 2006 IBM Corporation

Simple ID Management: Accountability & Privacy

IBM Zurich Research Lab

True User-Centric Identity Management © 2006 IBM Corporation

Simple ID Management: Accountability & Privacy

IBM Zurich Research Lab

True User-Centric Identity Management © 2006 IBM Corporation

Simple ID Management: Accountability & Privacy

???

IBM Zurich Research Lab

True User-Centric Identity Management © 2006 IBM Corporation

Simple ID Management: Accountability & Privacy

Anonymity could allow for undetectable sharing!

IBM Zurich Research Lab

True User-Centric Identity Management © 2006 IBM Corporation

Conclusion: Partial Identities

Different IDs/Pseudonyms Credentials on Different Nyms Controlled Release of Attributes Enable Accountability & Anonymity

IBM Zurich Research Lab

True User-Centric Identity Management © 2006 IBM Corporation

idemix – A Private Credential System

Strong Flexible Authentication – “New” signatures and encryption schemes

– User have different pseudonyms with different parties;– Credentials are issued to pseudonyms and are

transferrable;– Controlled release of attributes;– Different transactions cannot be linked;– Anonymity is revocable in designated cases;– A number of mechanisms to prevent abuse (money

laundering, shared access,...).

www.zurich.ibm.com/security/idemix

IBM Zurich Research Lab

True User-Centric Identity Management © 2006 IBM Corporation

What Technologies Are Needed?

Attributed Based Access control

Policies towards users Enforcement of Policies Change of Business

Processes

Privacy Policy Data minimization Easy Management of Partial

Identities Usable Interfaces

(Anonymous Communication)

IBM Zurich Research Lab

True User-Centric Identity Management © 2006 IBM Corporation

Privacy-Enhancing ID Mgmt for Europe

A Holistic Approach– Legal, Social & Economic Framework– Architecture– Prototype of architecture & user interface– Application demonstrator (e-learning, LBS)– Tutorials (general public, end-user, experts)– Research in all areas

www.prime-project.eu

True User-Centric Identity Management is Possible!

IBM Zurich Research Lab

True User-Centric Identity Management © 2006 IBM Corporation

11

Enable dynamic, automatic capture of people information from disparate information repositories

Facilitate integration with diverse identity management systems

Ease management of identity, profile, reputation and relationship data across repositories

YOUEm

ail

or I

MCo

mmunities of

Interest

WebsitesBuddy Lists

Enterprise

Apps

Virtual

Spaces

Higgins Trust Framework

Eclipse

An Eclipse open source project supported by IBM,Novell and Parity that will:

Open Source Framework Enhances Identity Management

http://wiki.eclipse.org/index.php/Higgins_Wiki

IBM Zurich Research Lab

True User-Centric Identity Management © 2006 IBM Corporation

Still a long way to go

........ but we are underway

Jan Camenisch jca@zurich.ibm.comwww.prime-project.euwww.eclipse.org/higginswww.zurich.ibm.com/security/idemix