A secure and auditable Federated Identity and Access Management Infrastructure. Serge Bertini Director, Security Canada

A secure and auditable Federated Identity and Access Management Infrastructure Serge Bertini Director, Security Canada

The Role of the Identity While Perimeters dissolve Applications become more distributed Access is anywhere, anytime, through any device I dentity enables and requires security, control, manageability and accountability in a distributed network

Market Pain The Environment - Long history of inter-company integration initiatives Some success EDI, Supply-chain portals, custom data integrations, industrylevel initiatives Value-chains/outsourcing continuing to evolve for organizations Can t currently scale integrations to reach mass deployments - Ubiquitous Internet & Internet-compliant technologies - Technical & industry specific standards & agreements coming together

Market Pain Closer collaboration with customers & business partners - Support the business - Improve speed, cost, quality - Get ahead of your competitors Improved user experience Reduce application development, maintenance, & support costs Provide reliable, scalable, & manageable security - No technical one-offs by leveraging standards

Market Pain Types of potential applications are infinite - Employee benefits outsourcing, other outsourcing, broker/agent integration, information supplier to a business, government services, consumer services, wireless content Benefits - Provide easier access to partner services to delight end-users - Reduce helpdesk calls from users (forgotten passwords) - Reduce integration costs by leveraging standards - Reduce credential startup & user management costs By leveraging the credentials of partners - Differentiate services from competitors

Today s Collection of Net Identity Silos J oe s F i s h Mar k et.com Tropical, Fresh Water, Shell Fish, Lobster,Frogs, Whales, Seals, Clams

What does traditional Ineffective and Inefficient Identity Management bring? No standard mechanism to trust identities from multiple sources Duplicate Information Probability because of Silo of Identity Information Costly/Inefficient Identity Management Security Risk Exposure leading to Compliance and Privacy issues

How does Federated Identity and Access Management Help?

What is Federation? Federation is the secure propagation of identities across autonomous domains or multiple enterprises - Identity federation provides a foundation for validating users (or services) from various organizations that are part of a network of business partners - Users (or services) can seamlessly access resources provided by trusted partners - Clearly this is largely a security issue - Standards play a large role (SAML) Two basic modes of federation - Browser-based federation End-user visits Web sites hosted by business partners - Document-based federation Business partners communicate through XML documents used to request and obtain Web services

Browser-based Federation Simple form - User is provided SSO from his home (Partner A) site to another site - User is redirected to Partner B - Partner A provides authentication & profile information to Partner B - Partner B uses this information to authorize & personalize User Internet SSO www.partnera.com www.partnerb.com

Document-based Federation PartnerA PartnerB Internet Web Service Container Web Service Consumers Web Service B XML Form - Web Service consumers (could be users or applications) communicate across the Internet via XML forms in a SOAP envelope to Partner B s Web Service. - Partner B authenticates Partner A and enables access to its Web Service - Results communicated back to Partner A

High-level Federation Environment requirements Federated Identity Management framework To enable Business Trust Agreements To solve privacy issues To be able to link different identities with each other To facilitate ease of use - avoiding multiple registrations to services Identities may have responsibilities based on the policies of organizations and may have the ability to be federated across different domains End-to-end auditing and tracking of the identity providing that audit trail for security and compliance purposes. Easy and standard interfacing to 3 rd parties using main stream Internet technologies (Web Services, XML/SOAP -> Liberty Alliance, SAML)

Why is the Federated Model Important? Centralized Model Open Federated Model Network identity and user information in single repository Centralized control Single point of failure Links similar systems Network identity and user information in various locations No centralized control No single point of failure Links similar and disparate systems Central Provider Provider Provider Provider Provider Provider Provider

Federated Identity Management Federation reflects how relationships are kept in the real-world Not all identity information is held in one place No centralized single point of failure Opportunity for any trusted business or entity to become a trusted identity provider More than single sign-on It s how personal information is authenticated, shared and managed

Where to Safeguard User's Information Single Point Model Credit History Health History Travel History Single Identity Operator Insurance Records Meal Preferences Open Federated Model Health History Loyalty Program Health& Travel Insurance Insurance Records Travel History Travel Agent Retail Bank Credit History Airline Meal Preferences Hotel Chain Meal Preferences Car Rental Car Type Preferences

Federation Hubs.vs. End-Points Scaling End-Point End-Point Auditing Manageability Hub www. CompanyB.com Reliability Multi-Protocol User Administration Hubs have different needs than End-Points!

Dangers On the Net Today Identity Theft Phishing Spam Too much data/privacy

How We Can Build Trust The biggest concern of the Federation Customer is privacy Privacy is not a technical issue Privacy does not mean that nobody knows anything about me It is about managing the trust of the Federated Customer by agreeing to the scope and holding information in trust What could an architecture for privacy and trust management look like?

Architecture for Trust Management Definitions Security Management Identity Management Policy Authorization Authentication Identity A combination of business and technology practices which define how a relationship is conducted and services are performed A set of rules governing decisions about what the user can do: access to information, services or resources Assertion of validity of a set of credentials. Credentials express a person s identity. A Yes/No answer Basic set of information that creates a unique entity (a name with a corresponding set of attributes) http://www.projectliberty.org

Architecture for Trust Management Real World Example: Drivers License Security Management Identity Management Policy Authorization Authentication Identity 4. The fact that we do have police; the rules that allow me to drive with my national license in other countries 3. The policeman will then see which kind of vehicle you are authorized to drive and if you are allowed to drive the one you are operating now 2. Assertion of validity: The policeman compares the document with you. Result: A Yes/No answer 1. Name, address, picture identify the driver and provide together with the document the credentials expressing that the carrier is identical to the person that passed the driving tests

How Federated Customers Will Trust Policies Policy and its audit are guaranteed and certified by a approved public or private agency Policies and their transactions should be insured. Insurances cover for possible policy violations and fraud Liability and non-repudiation solved Φ Trust is based on policies and the audit of those -- not just on security

Typical Use Cases

Common Federated ID Model: Before Identity Mgmt Timo must log-in to portal with an ID and password After selecting a TV site he must log-in again Log-in s like above can require 80+ clicks and more than 30 seconds of time on a typical mobile phone keypad Users often give up in frustration, limiting use of mobile data services

Common Federated ID Model: After Identity Mgmt Timo has chosen to link his three favorite sites When Timo logs into the portal, the mobile operator automatically authenticates him Timo clicks on the TV and is automatically signed-on Timo goes to his bookmarks and instantly logs-on to his email

Case Study Federation at Benefits Management Outsourcer Organization - Provides employee benefits outsourcing services to large corporations Goal - Provide browser-based federation services to employees of business customers Provide SSO between client & benefits outsourcer SSO an added feature of their offering - Reduce service costs & increase Web system usage - Reduce cost of open-enrollment period Status - ~15 in production at end of 2004

Federation Additional Use Cases: Policy Provisioning - Access Control (cont d) Financial Regulatory Use cases Customer Data Use Or Disclosure An employee in a financial services company wishes to use customer data and does not know the constraints on the use of the data. System must evaluate constraints and grant or deny access. Cross-Marketing A telemarketing employee in the insurance affiliate of a consumer bank receives a request to cross-market an insurance product to a consumerbanking customer based on the age of the customer and household information derived from other accounts held by parties at the same address. Service Delivery A member of the IT department receives a request to deliver a data extract to Statement Services Corporation. Sensitive customer data (e.g., account numbers and balances) are encrypted at the database level.

Centralized Audit and Control

Security Breach Identified Critical Customer Facing Business Application Automate User Suspension Use Audit Trail To identify culprit

Privacy and Our Future If we do not start to take privacy concerns seriously we might as well abandon web services Trust is the highest valued part of a business relationship We have to plan and build privacy management into our systems from the very beginning

Privacy Needs to be Managed Like Security, Privacy cannot be just installed -- and forgotten It has to be continuously managed The published policies and the adherence to those to be regularly audited Successful companies will have a Chief Privacy Officer (CPO)

What s Next? Potential Impediments for adoption - Business issues Contractual/liability issues? How will you coordinate with your federation partner? What happens when things go wrong, who does the user call? What government regulations/privacy policies may apply? Who pays for the federation? What is the model of payment? Rights to audit security practices of federation partner might be required - Technical issues New area of technology Interoperability This is why federations are largely occurring between close partners

Overall Summary Federated Identity and Access Management: - Interoperability between business partners - Apply policies across trusted business partners; thus providing a better level of automation and transparency - Built on open standards - Device and platform agnostic - Being adopted across different agencies with applicability of different use cases Business and Public Policy issues of Identity and Access Management being addressed: - Business guidelines - Privacy controls built into the specifications - Privacy & security best practices - Enable compliance with global privacy legislation and industry regulations (e.g., PIPEDA, Article 29, GLBA, HIPAA)