Agenda

The Identity Metasystem and claims provide very powerful tools for modeling the identity and access aspects of systems of all scales and complexity. The ideas and principles behind them, however, are simple and very intuitive. This session will lay down the basic concepts behind the Identity Metasystem, will introduce you to the terminology and in general provide a level set on the subject. If you are not fully familiar with the claims based approach, this session will equip you with the means to get the most from the “Identity Metasystem & Claims” track and to proficiently participate in the industry dialogue on this fundamental topic.

The goal of confirming an identity of a user remains a challenge in today’s online and offline worlds. To uphold the fundamental laws of identity that a subject is the same as itself: A ≡ A, different attributes of A must be known to discover A. There are several ways prevalent today. It includes word of mouth such as I know this user or he is who he claims to be, it also includes verifying an identity from trusted third parties like Governments, Certificate Authorities, etc.

The subject presents claims and those claims are used to match to known attributes. If these claims are issued by a trusted third party, they are verified offline or online with the third party. To know that the subject presenting claims is the unique subject, enough claims must be collected and matched with known attributes. The richer the sets of attributes about the subjects, and the increased number of claims the subject can possess, the better it is for the systems that can affirm the equation A ≡ A. Also to enhance this model further, it is essential to confirm these claims about ubjects against known attributes in real time. This will avoid TOC‐TOU errors.

Another dimension to this issue is the total number of claims the subject is presenting. Presenting all the possible claims explicitly, can lead to a bad and slow experience. E.g. In an online world, if a user is asked to enter his driver’s license, his redit card number, password, address, phone number, zip code every time he tries to access a web site, it will be a very unpleasant user experience.

In this presentation, we present how to enhance attributes about an subject that include reputation and behavior of the subject. The claims presented by subjects are transparent to the subject and yet it gives a richer set of attributes matching capabilites of the system.

For example, in an online world, behavioral characteristics include how user uses his system, which machines he uses to access he system, how he uses keyboards, mice, where he shops, what type of item he buys, etc. contrast usability/privacy/security properties of the proposal and tie that to user centric identities.

This presentation will show how Trust that is created in the real world via In-Person Proofing events, can be leveraged to create digital identities and enable safer online transactions. It describes how one of the leading school district in the US is using claims-based access platform to simplify the deployment of educational resources and reduce management costs.

The case study is relevant beyond the educational sector and in many diverse enterprise contexts such as authorization and procurement. It is an invitation to developers—in education and elsewhere—to start building claims-aware applications that span across identity boundaries.

Identities are the foundation for Cloud and SOA Security. Service-orientied approaches to Identity Management, Authorization Management, and Governance are mandatory to support the security and governance requirements in loosely-coupled, service-oriented IT environments. Stuart Boardman will give an overview about the requirements and solutions for as well cloud as SOA security.

You are doing SOA but have you thought enough about how to secure it? Learn from an early adopter of SOA technologies regarding how they have thought about securing a service-oriented architecture and the threats that could affect your enterprise. This session will cover:

• Interoperability and the business challenges of SOA security
• Considerations for adopting an SOA as part of an EA integration strategy
• Incorporation of agile methods for enterprise development
• Securing and managing service-oriented architectures
• How major decisions and changes made in software development will be approached in the future.

This panel will discuss the relevance of Identity and Policy for Enterprise Infrastructure and Enterprise SOA. Covering how an Integrated Identity Infrastructure aligns multiple policy domains, including:

• Identity enabled Cohesive Contextual Policies
• Identity enabled Derived Device Policies
• Identity enabled Access Network Policies
• Identity enabled Session Specific Policies
• Identity enabled OAMP Policies
• Identity enabled QOE Policies
• Identity enabled Privacy Policies
• Identity enabled Service Policies
• Identity enabled Data Centric Policies
• Identity enabled Distributed System Policies
• Identity enabled Log Policies
• Identity enabled Policy Assurance

Service-Oriented Security aligns with the overall Application-Centric approach of Identity and Access Management solutions - with the goal of providing a comprehensive, standards-based, developer-friendly platform. By leveraging and sharing many of the common Identity "Services", Service-Oriented Security allows developers to spend the effort on where it counts the most - the application logic itself. Security will be just a service that can be invoked over a well defined hetrogenous interface based on open Standards. This panel discusses the technologies, the architectural patterns and the organizational approaches for transforming and aligning the enterprise access infrastructure with the business goals.