Posts filed under ‘Lib_Alliance’
On reflection, it turns out that a trusted system may actually be untrustworthy.
I was looking at some of the recorded presentations that I missed at the Managing Identity in New Zealand conference in April. If the delightful Wordle tool could make word clouds from videos, then one of the prominent words in the presentations would be “trust.” There were probably few, if any, presentations that didn’t use that word in conjunction with identity systems.
Just what is the relationship between identity systems and trust? Given that every presenter thought it is a critical component of an identity system, it’s worth trying to uncover the relationship between the two.
To me the word trust seemed to cover a wide spectrum of meanings- different people used the word to mean different things. At one extreme is what I’d call technical trust while at the other is business trust.
A good example of technical trust is Stefan Brand’s presentation about Credentica’s U-Prove™ technology. He would probably define trust in terms of protocols, cryptographic proof, encryption, non-repudiation, digital signatures, message integrity, unlinkability, etc. Trust would, in this case, be the outcome from the technical features of an identity system.
At the other extreme is what a person like the Privacy Commissioner means by trust. She used it to mean “protect them [people] from the many possible harms that can arise from misuse of their personal information”; “to give credible, proveable reassurances”; and “people to feel too insecure to give out their information, and crippling e-govt and e-commerce systems.” She goes on to quote a minister that “Damage the trust of citizens and you damage the notion of citizenship, and governing becomes that much harder.”
I visualise the relationship between technical trust and business trust as two concentric circles. The smaller, inner one is technical trust and the larger, outer one business trust to represent:
- technical trust is a sub-set of business trust, i.e. it is impossible to achieve business trust without first getting technical trust; and
- technical trust on its own is insufficient, i.e. for an identity system to be trustworthy, it must have both technical trust and business trust. Otherwise, we get a (technically) trusted system that is untrustworthy from a business or user perspective.
Vendors of identity systems tend to focus on technical trust and make passing references to business trust. That’s one of the things that make the Liberty Alliance attractive- it has a focus on both technical and business trust.
As an aside, locally we seem to be getting there as evidenced by a recent post Govt moves forward with online ID by Richard Wood.
I’m just back from attending eGovernment 2008 in Canberra. For me, the big draw was an opportunity to attend a three hour workshop focussed on the UK’s Government Gateway. I sure wasn’t disappointed- the insights into the Government Gateway were quite an eye opener.
Attending the conference also led me to reflect on how online authentication is working for the Queen’s subjects in the UK, Australia, and New Zealand. It’s quite fascinating how each of them reflect diverse approaches and are also very much a product of their times.
First, Australia. Still very PKI focussed, as in standard X.509 certs in the user’s computer. There are some good intentions from the federal policy body AGIMO (Australian Government Information Management Office) to move on to solutions that work for people (not computers) but the mindset of the average government official is definitely digital certs.
A good example of this focus is the success of VANguard. VANguard’s authentication service is probably best described as an authentication broker whose main function is to allow for interoperability of digital certs issued by various CAs. This is a good step so that businesses (it’s mostly business-focussed) can use the same digital cert with multiple RPs. It’s a back-end hub so that various front-ends and portals, such as bizgate in South Australia, can draw on its functionality. Still, it has all the limitations inherent in the old PKI designs.
It’ll be interesting to see how AGIMO’s proposed National e-Authentication Framework will differ from their existing AGAF (Australian Government e-Authentication Framework) which is separate for businesses and individuals.
Back to the UK’s Government Gateway. From the outside, so much of the focus has been on the UK’s plans for a national identity card that people, including me, can’t distinguish the good stuff they have done and are continuing to do in the online authentication space from the bad. Jim Purves, Head of Product Strategy in the Cabinet Office gave terrific insights into the chequered history of the Gateway as well as plans going forward.
The Gateway is very privacy-protective, very focussed on providing authentication and SSO for the UK Government’s online services. They are introducing SAML 2 soon but that also has the downside of continued support for all the current protocols. They’ve had some significant funding challenges in the past but now have “strategic investors” from within government so the future is bright. Trust and confidence in the Gateway is at an all-time high.
Purely speculative on my part but I think they’ve got a big cloud on the horizon- when the national identity card folks come calling. That could potentially lead to a fundamental change in approach. That’s the unfortunate steamrolling impact of the national identity card. Also interesting how they handle pan-European interoperability but, with a strong Liberty Alliance foundation, I imagine they are well placed to handle that.
So, how does NZ stack up? The proper comparison is with the GLS or Government Logon Service (which will be re-branded igovt later this year). There’s no doubt that the GLS is the most privacy-protective of the lot and has all the right moving bits.
But, there is clearly one area that the GLS should look at- adding a web services (ID-WSF) capability in addition to the current browser re-direct (ID-FF). That will provide many new opportunities off the same infrastructure, such as acting as an authenticating receiver for XML messages. The UK’s Government Gateway currently does that for all electronic tax filings direct from standard tax and accounting packages.
All in all, interesting times and much thinking…
… how the Identity Governance Framework (IGF) continues to evolve. There’s a recent Liberty webcast by Phil Hunt of Oracle New Standards to Protect Privacy Through Governing Policy to get a good feel for the state of play.
… how CardSpace and U-Prove integration pans out. Paul’s conjectured integration is food for thought. So is the comment to his post by Christian Paquin (now part of Microsoft’s Identity and Access Group) that”One design goal (at least, for me) will be to minimize the integration changes for all participants involved in the data flow.”
… how identity-based encryption continues to progress. Interesting article in The Register about a research paper released at the Eurocrypt 2008 conference describing a new cryptographically strong “primitive” that advances functional encryption. Functional encryption tries to simplify things over PKI by allowing data to be encrypted using attributes directly tied to the recipients.
… the fascinating discussions at Liberty’s Privacy Summit. An interesting recent presentation by Sun’s Robin Wilton is a good example which gives a good overview of the ‘Ladder’, ‘Onion’ and ‘Silo’ models.
If you’re like me and come across an article or news item about search engines, you quickly skip to the next thing. After all, Google’s already got that sorted, right? Why worry about two-bit wannabes?
So, when I came across a blog post in TechRepublic called Sanity check: Can Mahalo save us from Google, Digg, and Wikipedia? I smiled at what was obviously a provocative title (that’s polite for “cheap trick”) and started moving on. But… the post kept getting more and more interesting; blogger Jason Hiner kept getting more and more persuasive.
His basic point is that Google is great for problem solving but not that hot for information gathering.
Intrigued, the next step was to check out Mahalo (“thank you” in Hawaiian), a human search engine in beta from the controversial Jason Calacanis. Mahalo’s “goal is to hand-write and maintain the top 50,000 search terms.”
Jason Hiner had based his article on doing a search for “WiMAX” across Google, Wikipedia, and Mahalo. I did the same by first searching for OpenID and immediately saw his point.
Right at the top it says “Also try: Yahoo OpenID” and then gave seven links that were spot on. It also had well laid out Guide Note, News, Criticisms, Blogs and Commentaries, Related Searches, and User Recommended Links.
Good stuff for people in information gathering mode.
Contrast that with the Google search for OpenID which suddenly started looking to be a bit of a scattergun result.
What Mahalo is trying to do is of course not unique. Ask tried and failed to scale the model. Yahoo! Answers is another approach to human-assisted search services while Google’s Knol is yet another twist.
It is still early days for Mahalo but I think it’s worth keeping an eye on. Even if the search term you are looking for isn’t one that Mahalo’s editors have covered, such as SAML, it caters for the long tail by displaying results from Google with tabs for other search engines, YouTube, Del.icio.us, etc.
Anyone surprised that OpenID is covered but not SAML or Liberty Alliance?
As the last post for the year, there was a temptation to look back and reflect on the past year. All that changed after I heard a recording of Jon Udell interviewing Dick Hardt in IT Conversations. It made me realise how the real opportunities and challenges lie ahead of us, not behind.
In the interview, Dick talks about the work being done for the Government of British Columbia, Canada (BC) to develop a claims-based identity metasystem. Essentially, the work is an Identity 2.0 and Info Cards rendition of traditional government to people interactions.
New Zealand’s approach, GOAAMS delivered under the “igovt” banner, is perhaps best understood from the 2007 IDDY Award webcast. Both the slides and the webcast recording (needs WebEx Player) are now available.
The drivers that Dick articulated for BC are the same for NZ:
- better service delivery that requires information held across various government departmental and organisational silos to somehow be brought together in a secure and privacy-protective manner; and
- giving citizens better access to the information held about them by government.
However, the implementation paths are different. The BC project is based on Info Cards while the NZ one will probably go down the Liberty Alliance’s specs path but allowing Info Cards as an optional UI.
One thing everyone will agree with is that both implementation paths have their own pros and cons. Over time, hopefully differences will not matter too much but given the current state of interoperability, they do. And that translates into substantial differences in architecture, customer experience, the “mental model”, requirements on information providers, ability to join up service delivery, and the uptake strategy.
While the similarities in outcomes between the BC and NZ approaches are important, it is the differences in implementation that provide a great insight into the opportunities and challenges for both governments. Work on comparing and contrasting the two should throw up areas that both governments need to consider in their respective efforts.
To me, that is a very important piece of work to do next year.
In the meantime, it’s time to get the barbie (BBQ) going and break out the beer. I hope you have a great holiday and, like me, come back refreshed and ready for a cracker year ahead.
One of the two new projects that the Microsoft New Zealand Innovation Centre is funding involves integration of Windows CardSpace with SAML 2.0.
The project is to make the Authentication Programme’s all-of-government shared services, called “igovt”, accessible via CardSpace. According to Microsoft, “this technology will enable users to safely provide their digital identity to online services.”
Working on the project will be Microsoft’s Mark Rees together with Kiwi IT firm Datacom over the next four months. Igovt is based on SAML and the Microsoft-funded project will go some way in implementing CardSpace-SAML interoperability.
CardSpace and igovt make a great combination.
CardSpace provides an intuitive and natural user interface for people to manage their identity and authentication to online services. As CardSpace (and other identity selectors) progress towards the tipping point and CardSpace itself gets refined, a new paradigm for accessing secure online services is brewing.
On the other hand, igovt provides people with the option to verify their identity to NZ government agencies, online and in real-time, to a high level of confidence. In addition, igovt lets people use a single logon (password, token, etc.) to access all online government services. All of this with the highest levels of privacy protection.
When people verify their identity, one of the core design principles of igovt is for people to fully understand and view what identity information is being sent to the agency (Service Provider). In addition, active consent is a critical element of privacy protection. Currently this requires a browser re-direct to the igovt website, something that CardSpace will admirably eliminate, without any reduction in user control or privacy protection.
The areas that were identified as A-priority tasks represent some major issues facing deployers and are worth listing (details are available in the meeting notes):
- IdP discovery
- WS-Federation/SAML metadata lessons
- WS-Federation/SAML metadata distribution and lifecycle
- Interop endpoints
Already there has been some progress in the telecon of 9 October. So, for people interested in interoperability issues, it’s worth keeping an eye on the work.
A colleague presented a use case at the September workshop covering the work being done in New Zealand. One of the interesting things, from my perspective, was to see how the roadmap has evolved to cover a wider range of identity attributes with parallel increase in use of the Liberty Alliance specs.
I thought the final slide was interesting as it examines the case for convergence over interoperability. Both Concordia and the industry in general has settled for interoperability but my colleague made some excellent points why the goal of convergence still remains important to deployers:
- “Interoperability solves a business problem today, but…
- Ongoing fight against divergence
- Requires Interop elements (explicit or implicit)
- Creates future work to manage
- Difficult to manage across organisational boundaries
- Convergence prevents business problems tomorrow…
Having said that, it’s probably fair to say that out-of-the-box interoperability between identity protocols is a difficult enough (but worthy) immediate objective.
I’ve been watching the posts on the Identity Oracle from the sidelines so far. There was the post from Bob Blakley who discussed the importance of identity metadata providers aka Identity Oracles.
However, what really got my attention was a comment from Frank Yeh to Bob Blakley’s post, “So in order for the Meta-Identity Service Provider to have something of value… the data must be validated by someone when entered.” In the same vein, Phil Hunt from Oracle said, “… a better approach would be thinking in terms of an identity meta-system consisting of many authoritative providers of different types of claims. Each provider only asserts claims over which it has some authority and/or business interest in doing so.”
And there you have it. These two comments neatly describe one of the core drivers for New Zealand’s IDDY Award winning concept. The working title for the concept goes by the somewhat intimidating name of GOAAMS or Government Online Attribute Assertion Meta System.
GOAAMS provides a framework by which authoritative information (including identity metadata) held by government agencies about people and organisations can be asserted directly from the source at their request, online and in real time, to other government agencies. Each agency will only assert that information for which it is the authoritative source.
Extending the concept to sources/consumers of authoritative information in the private sector is under consideration but does pose some policy and legislative challenges.
The benefits, as described in the Liberty Alliance press release are, “the convenience of being able to request and control the sending of authoritative information as well as quicker and more consistent government services and entitlement decisions within a secure and privacy-respecting framework.”
For agencies, the business benefits are, “Participating organizations can access authoritative information in real-time and directly from the source. This leads to reduced compliance costs for businesses, lower operational costs and reduces risks by avoiding paper documents as a secondary source of information.”
So, not only is the Identity Oracle a viable concept, it’s one that is actively under the consideration of the New Zealand Government.
Getting back up to speed after a great holiday can be a painful experience. One nugget, though old news by now, made my day.
Liberty Alliance has chosen the New Zealand Government as one of its winners of the 2007 IDDY Awards in the new emerging application / proof-of-concept category. Getting international recognition for the work we’re doing is a huge boost, particularly as it was for our future direction rather than what’s being currently implemented:
“The New Zealand Government is developing a user centric framework to better utilize the Internet to meet strategic eGovernment transformation goals, enabling every citizen and participating organization to use the authoritative data held about them online and in real-time, rather than having to repeatedly submit the same information across government systems.”
More detailed information about “GOAAMS” is available in Liberty’s press release which has this good description of the user benefits:
“GOAAMS offers citizens the convenience of being able to request and control the sending of authoritative information as well as quicker and more consistent government services and entitlement decisions within a secure and privacy-respecting framework.”
Liberty Alliance has just published a case study called New Zealand Sets the Pace for SAML 2.0 Deployments (pdf, 249 KB). It represents a lot of effort put in by my colleagues and Liberty- well done guys!
The Case Study is quite comprehensive and contains updated information about the work that the New Zealand Government is doing in the area of identity management and authentication. It also highlights the natural synergy between organisations deploying user-centric federated identity management systems and Liberty.
In my first post to this blog, I had mentioned “User-centric Information Sharing: A key enabler to transform government” as an area of interest in NZ going forward. The Case Study has some more information related to this in the section called Developing the Notion of Attribute Authorities.