CSP Forum 2014, Athens, May STORK 2.0 in motion! Identity as a Service and the emerging Attribute Economics <Petros KAVASSALIS, Univ. of the Aegean, i4m Lab & CTI, Greece> <Stelios LELIS, Univ. of the Aegean, i4m Lab, Greece>
STORK 2.0 in a nutshell A common framework for cross-border federation and delivery of electronic identity in Europe In online-processes web authentication via multi-attributes digital identities e-mandate provision (vital for legal entities) e-signature cross-border transfer Open standards (SAML 2.0, HTTP POST, WebSSO) Allowing different deployment models Centralized (aka PEPS proxy nodes) Decentralized (aka middleware ) Pilots in real-world environment (examples, open a bank account, diploma supplement, mandates with detailed power description etc.) Previous STORK until Dec. 2011 - STORK 2.0: 2013-15, go pilot now, go in real life after the end of STORK 2.0 2
What is a digital identity today? A digital identity is a composite document Multi-section; each section includes a personal attribute Multi-provider; attributes are collected from multiple Identity and Attribute Providers -- IdPs and APs providing service at different quality levels (LOA) Is managed by a federated identity structure (which also manages the user consent process) Is created through the collection of attributes from IdPs and APs members of the federation Is delivered to a Service Provider (SP), and consumed by the SP in an online authentication are access control process 3
STORK 2.0 is a large EU online identity federation identity as a service STORK EU-EEA MS proxy nodes MS B ***In US: Backend Attribute Exchange (BAE) but only for Federal Government Services Identity and Attribute Providers 4
It is essentially: (i) a network of proxy nodes (PEPS) IdP AP C-PEPS SP S-PEPS 5
It is essentially: (ii) an attribute collection and aggregation service STORK 2.0 ACS 6 1 2 7 AtP1 AP SP SP 11 10 3 9 8 AtP2 5 attribute collection service 4 IdP Interaction with the user National IdP 6
STORK enabled applicatons STORK 2.0 in (industry) perspective: strengthen links with key players from my point of view common enterprise technologies WS-REST AP SP IdP industry nodes (academia, banks etc.) common syntax, semantics common enterprise technologies SSO-WS-workflow Streamline to increase efficiency 7
STORK 2.0 enabler for an EU market for identity attributes from my point of view What is a market for attributes? The product? Attributes stored in various databases around the world Trend product: digital badges for professional qualifications Early example: facebook list of friends The buyers? In the beginning, the Online Service Providers now the emerging Attribute Brokers Example: ID DataWeb (IDW) Attribute Exchange Network (AXN) eidas creates a positive environment for identity attributes commerce STORK can play the role of enabler and rule-setting for personal data protection, privacy, transparency, non-discrimination etc. 8
New Developments on the Enterprise Integration Architecture and Internet of Things side Bring Your Own Identity! Gartner: By 2020, 60% of digital identities interacting with the enterprise will come from external identity providers through a competitive marketplace up from less than 10% today Attribute-Based Access Control (ABAC) Access rights are granted to users upon request and through the use of policies which combine attributes together. Capability-Based Access Control (new) Attributes for autonomic things and services Access tokens embedded in things and services that provide permission access Personal Identity Attributes meet Object Attributes 9
Towards Attribute (industrial) economics How much attributes should be transferred to Attribute Consumers (Service Providers, ABAC systems etc )? What is the optimal quantity of the disclosed personal information? Too much attributes introduce: Privacy costs (for the customer) Exploration and storage costs (for the Attributes Consumer, SP etc.) Is there room for negotiation in the definition of the requested attributes for a transaction access authorization? Price-based negotiation? Brokerage? A price overhead for reselling attributes? 10