1 / 11

Identity Management in Open Environments

Identity Management in Open Environments. Manel Medina UPC/ SeMarket medina@escert.upc.edu Estíbaliz Delgado ESI estibaliz.delgado@esi.es Diego Fernández ISDEFE dfvazquez@isdefe.es. Content. Security Requirements Security Architecture Quantitative Identity Trustworthiness

urbain
Télécharger la présentation

Identity Management in Open Environments

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Identity Management inOpen Environments Manel Medina UPC/ SeMarket medina@escert.upc.edu Estíbaliz DelgadoESI estibaliz.delgado@esi.es Diego FernándezISDEFE dfvazquez@isdefe.es

  2. Content • Security Requirements • Security Architecture • Quantitative Identity Trustworthiness • Quality Attributes and metrics • Concluding remarks

  3. Security Requirements • * Perspectives: • business, legal, user and technical • * User can choose any trusted digital identity • * Identity management, through identity federation allows • the multi-identification and role assignment • * Trust environment: • user and service need a common recognition • Integrated: PKI and different biometric identification methods (LAP compliant)

  4. Security Architecture: Fundam.

  5. Security Architecture: Additional • Discovery, find trustable services. • Reliability, to prevent Denial of Service • Management, continuity security policy • Storage, long term preserve documents • Policy, provide trust to the whole circle. • Coordination or agreement, security related to the components behaviour • P2P Interaction, user and SP collaboration • User Assistance, social engineering threats

  6. Identity Trustworthiness • Trust Management • Service Level Agreement • Quantitative Framework • Identity manag. system trustworthiness level • Monitoring and enhancement of Trust, Security and Dependability (TSD) • monitoring quality metrics on the system • periodically evaluating their trustworthiness • controlling them

  7. Quantitative Trustworthiness • User satisfaction about the requirements and expected QoS • Trustworthiness Model • Trustworthiness Evaluation and Trustee’s decision-making • Trusted’s profile is defined and described in a Quality Profile: Trustor Quality Attrib. metrics • Trustworthiness Profile: Trustee requirements • Trust Management Framework Model • Trustee evaluate Trusted trustworthiness level

  8. Quality Attributes

  9. Trust control parameters • Threshold supplied by the Trustee, (Th), • calculated Trustworthiness value (Tr) • 'extract' the Quality Metrics of trusted: • Development Time: • Run Time: • e.g.: “Availability” QA is modelled as: “response_time” (rt) and “uptime” (up): • Pavailability = (rt < 16) and (up > 1000)

  10. Examples of trust control • A negative compliance of the required trust level may result in: • Replacement of a service e.g. • deactivation of a component c2 that offers a security functionality and being substituted by a safer one. • the initialization of a component c2 that allows the new component. • A decrease in measure m1 may • trigger a re-estimation of the trust attributes and compliance re-evaluation. • be re-instantiated in a different mode of operation or in a controlled environment.

  11. Conclusions • Integrate security measurement tools: • prevent abuse of confidence from other components of the environment • Create chains of trust between users and (web) service providers through SLA: • multiple controls, business, ethics, PDP • Identity attributes have to be shared • personal attributes will not be lost, damaged or misused by any of the intermediaries involved complex web services provision

More Related