html5-img
1 / 30

Identity-based Service Interaction

Identity-based Service Interaction. SWACOM: WP2. Mohammad M. R. Chowdhury Ph.D. candidate UniK-University Graduate Center / University of Oslo SWACOM meeting, Stavanger, June 8, 2007. About Me?. Education: Ph.D candidate, UniK/Oslo University, July 06 - present

bridie
Télécharger la présentation

Identity-based Service Interaction

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Identity-based Service Interaction SWACOM: WP2 Mohammad M. R. Chowdhury Ph.D. candidate UniK-University Graduate Center / University of Oslo SWACOM meeting, Stavanger, June 8, 2007

  2. About Me? • Education: • Ph.D candidate, UniK/Oslo University, July 06 - present • MSc., Telecommunication Eng. Helsinki University of Technology, 2004 • BSc., EEE, Bangladesh University of Eng. & Tech., 2002 • Work Experience: • Ph.D. candidate, UniK, (July 06 - present) • Deputy Superintendent Eng., Radio Planning GrameenPhone/Telenor, Bangladesh • Leturer, AIUB, Bangladesh • RA & TA, University of Vaasa, Finland Mohammad M. R. Chowdhury, SWACOM meeting, Stavanger June 08, 2007

  3. Contents • Identity: Real world to digital world • Related works • Role-based identity • Integrated identity mechanism for service access • Controling corporate and social identities in communities • Semantic Identity (SemID) • Conclusion • Future works Mohammad M. R. Chowdhury, SWACOM meeting, Stavanger June 08, 2007

  4. In philosophy, identity1 is whatever makes an entity definable and recognizable, in terms of possessing a set of qualities or characteristics. • Identity1 is an umbrella term used throughout the social sciences for an individual's comprehension of him or herself as a discrete, separate entity. • Digital identity1 also has another common usage as the digital representation of a set of claims made by one digital subject about itself or another digital subject. • An online identity1 is a social identity that network users establish in online communities. As more more services are accessible in digital world, digital identities and their management will play a vital role in secure service access and privacy ….. Source: 1 Wikipedia Mohammad M. R. Chowdhury, SWACOM meeting, Stavanger June 08, 2007

  5. Identity: Real world to digital world Passwords everywhere • Gartner says (annual IT security summit 2005) 80% of organizations will reach a password breaking point by 2007. Real world Identities Digital world identities Identity Digital world Mohammad M. R. Chowdhury, SWACOM meeting, Stavanger June 08, 2007

  6. Our objectives • How to represent user’s identity (role-based identity) and where to store user’s identity (SIM card + secure identity space in the network) • Integrated identity mechanism to interact with both remote and proximity services • Community-aware identity management in corporate and social environment (through semantic web technology) Mohammad M. R. Chowdhury, SWACOM meeting, Stavanger June 08, 2007

  7. Related works • ”The Laws of Identity” – By Kim Cameron ”……. laws define a unifying identity metasystem that can offer the Internet, the identity layer it needs ” • Windows Cardspace – ”……..uses variety of virtual cards, each retrieving security token from Identity providers (that issued cards) for authentication and identification to services.” • SXIP – ”…….User stores identity data to Homesite (issued by SXIP). Website (SXIP membersite) consumes identity data by sending SXIP requests for user data from Homesite. Homesite authenticate and identity users.” • Liberty Alliance Project – ”……. to establish open standards, guidelines and best practices for federated identity management. It allows consumers and users of Internet-based services and e-commerce applications to authenticate and sign-on to a network or domain once from any device and then visit or take part in services from multiple Web sites. ” • Smart card vendors – Gemalto, NXP ”…….. Developed high capacity SIM card for Identity provision, storing certificates, rights etc.” Mohammad M. R. Chowdhury, SWACOM meeting, Stavanger June 08, 2007

  8. Related works (cont.) • SXIP, Cardspace provide identity movement over the Internet only • Cardspace requires user’s PC/terminal always (to use installed cards) • No integrated approach for remote and proximity service access • What are the alternatives for numerous physical identities (cards) user currently carrying? • No notion of community-aware identity management and privacy assurance Mohammad M. R. Chowdhury, SWACOM meeting, Stavanger June 08, 2007

  9. We propose ’Role-based Identity’ Mohammad M. R. Chowdhury, SWACOM meeting, Stavanger June 08, 2007

  10. Human roles Mohammad M. R. Chowdhury, SWACOM meeting, Stavanger June 08, 2007

  11. Role-based Identity • My digital identity • My personal identities (PID): Identify ourselves in our very personal interactions, e.g. access financial services • My corporate identities (CID): Identify ourselves in our corporate/professional interactions, e.g. access work premises, office LAN/VPN • My social identities (SID): Identify ourselves in our society/ community/ interpersonal interactions, e.g. access to address books, calendar, my community, friends, interests, preferences Mohammad M. R. Chowdhury, SWACOM meeting, Stavanger June 08, 2007

  12. Mohammad M. R. Chowdhury, SWACOM meeting, Stavanger June 08, 2007

  13. Security infrastructure ESIM (Extended SIM card): SIM card might have two modules - Module 1: low sec. + medium sec. - Module 2: high sec. Mohammad M. R. Chowdhury, SWACOM meeting, Stavanger June 08, 2007

  14. Realisation: • Nice to know: SIM card • Need to Know: SIM + PIN/Password • Have to know: SIM + PIN + PKI, OTP • Nice to know:Access to network + Access to network identity space + Access SIDs • Need to know:Access CIDs • Have to know:Access PIDs Mohammad M. R. Chowdhury, SWACOM meeting, Stavanger June 08, 2007

  15. Integrated Identity Mechanism for Service Access Fig. Generic architecture of integrated identity mechanism. Mohammad M. R. Chowdhury, SWACOM meeting, Stavanger June 08, 2007

  16. Technology out there to control and manage user’s personal identities to interact services Example: • e-identification through SIM card (activating BankID in SIM card through SIM+PKI) • BankID in Norway, Sweden Then what about controling corporate and social identities (preferences, attributes etc.) in community/group environment to access service or resources? Mohammad M. R. Chowdhury, SWACOM meeting, Stavanger June 08, 2007

  17. Motivation Mohammad M. R. Chowdhury, SWACOM meeting, Stavanger June 08, 2007

  18. Expectation • Mushfiq, Josef members of Communication group of UniK, can access each other’s conf. papers but cant access the pictures, only family members can see these ---- Access resources based on relationships (corporate identity),partition data, add privacy • Mushfiq knows Manav. So, Manav can see which group Mushfiq belongs to. But cant see the other members of the group (As Manav is not a member of Communication group). ----- add privacy Mohammad M. R. Chowdhury, SWACOM meeting, Stavanger June 08, 2007

  19. Mohammad M. R. Chowdhury, SWACOM meeting, Stavanger June 08, 2007

  20. Expectation • Can Maria see the photos taken by Frank? Because Maria is mother of Paul, Frank is father of Anna and Paul, Anna both are members if class 2 of Sogn school. --- Access resources based on relationships (corporate identity) We propose Semantic Web Technology to take care of these expectations. Mohammad M. R. Chowdhury, SWACOM meeting, Stavanger June 08, 2007

  21. Why Semantic Web? • Current Web – only to present knowledge/web content to humans • Semantic Web (SW) – Next generation of contemporary web in which content of web is expressed in a form that can be understood, interpreted and used by computers, software agents to find, share and information more easily. • The semantic web comprises the standards and tools of XML, XML Schema, RDF, RDF Schema and OWL. • We propose SemID (Semantic Identity) where OWL, Web Ontology Language is used to formalize and define the proposed identity management domain. • OWL is chosen because it facilitates greater machine interpretability of Web content than that supported by XML, RDF, and RDF Schema (RDF-S) by providing additional vocabulary along with a formal semantics. • Ontology with foaf is public so cannot support privacy requirements. Mohammad M. R. Chowdhury, SWACOM meeting, Stavanger June 08, 2007

  22. SemID • Is proposed to provide role-based access control and privacy assurance service in project oriented corporate working environment. • Access control and privacy goals are achieved through the formal definitions of policies and rules using OWL DL (a sub-language of OWL). USE CASE: Mohammad M. R. Chowdhury, SWACOM meeting, Stavanger June 08, 2007

  23. Screen shots of SemID ontology • We model the ontology of the use USE CASE scenario using protégé-OWL ontology editor platform. Mohammad M. R. Chowdhury, SWACOM meeting, Stavanger June 08, 2007

  24. Identity has Group (hasGroup). • Identity has Visibility (hasVisibility). • Identity has Role (hasRole). • Role has Policy (hasPolicy). • Role has visibility of Group (hasVisibilityOfGroup). • Policy has Rule (hasRule). • Rule has Subject (hasSubject). • Rule has Resource (hasResource). • Rule has Action (hasAction). Mohammad M. R. Chowdhury, SWACOM meeting, Stavanger June 08, 2007

  25. A Policy (P) represents the privilege reserved for each role in a community and expressed through a set of Rules (R1, R2 , … Rn). Therefore Policy P = {R1, R2, ….Rn} • Essentially a Rule (R) is a function that takes an access request as input and results an action (permit, deny or not applicable). • The Rule is composed of the Subject (S), Resource (R) and Action (A) • In this ontology Subject refers to the Identity (CID), Resource refers to project resource (Deliverables, documents etc.). This is how Rule takes care of access control service • hasVisibility and hasVisibilityOfGroup property take care of privacy assurance • For further details log into www.semid.org Now a software (enterprise content management) can be developed based on the proposed ontology. Mohammad M. R. Chowdhury, SWACOM meeting, Stavanger June 08, 2007

  26. SreenShots of the Software

  27. SreenShots of the Software Mohammad M. R. Chowdhury, SWACOM meeting, Stavanger June 08, 2007

  28. Conclusion • Role-based identity is proposed. • Distributed in nature (SIM + Network) • PIDs in SIM, CIDs in SIM+Network, SIDs in Network. • Identity-based service access is proposed using mobile infrastructure to meet low to high security requirements. • Mobile phone as identity handler. • Semantic Web can take care of the control of CIDs and SIDs in community environment. • SemID is proposed in project oriented corporate environment to deal with access control and privacy requirements. Mohammad M. R. Chowdhury, SWACOM meeting, Stavanger June 08, 2007

  29. Future works • Extend the current SemID further to add some more roles (like supervisors etc etc.) • Concepts similar to SemID can be extended to currently open social community domain to add privacy (LinkedIn and Facebook are open to all registered users!!) • To invoke identity management ontologies from mobile environment to access services Mohammad M. R. Chowdhury, SWACOM meeting, Stavanger June 08, 2007

  30. Thank You ? comments or suggestions Mohammad M. R. Chowdhury, SWACOM meeting, Stavanger June 08, 2007

More Related