OpenID – Identity in the CLOUD? Nat Sakimura (=nat) twitter.com/_nat www.sakimura.org/en/
Bom dia.
Chamo-me Nat Sakimura <ul><li>Vim do japan </li></ul><ul><li>Eu nao falo portugues. </li></ul><ul><li>So … I have to conti...
Thank you for inviting me here <ul><li>Portugal – Japan Relationship started in 1543 </li></ul><ul><li>466 th Year </li>...
Who am I? <ul><li>Digital Identity since 2000 </li></ul><ul><li>Founder, OpenID Japan </li></ul><ul><li>Community Board M...
CHANGE
<ul><li>User Controlled Identity </li></ul><ul><li>Minimal Disclosure </li></ul><ul><li>Faster and Safer Transaction </li>...
CLOUD
<ul><li>Faster </li></ul><ul><li>Cheaper </li></ul><ul><li>Safer … </li></ul><ul><ul><li>Well, System is, but what about a...
Survey Result <ul><li>1000 samples. </li></ul><ul><li>July 2007 </li></ul><ul><li>Over 16 accounts </li></ul><ul><li>Can ...
2 Types of Federation <ul><li>Closed Federation </li></ul><ul><ul><li>Out of bound trust exchange </li></ul></ul><ul><ul><...
OpenID in 1 minute <ul><li>Assertion Format : Tag=Value </li></ul><ul><li>Protocol for req/resp of the Assertion </li></ul...
… but is it enough? <ul><li>Roles and Authorization </li></ul><ul><li>Audit and Trust formation </li></ul><ul><li>Relation...
Roles and Authorization <ul><li>Need to extract attributes from the authoritative sources </li></ul><ul><ul><li>E.g. HR sy...
Audit & TRUST
OpenID is Dynamic <ul><li>Federation: Out of bound TRUST formation </li></ul><ul><li>OpenID: “Open”  “Promiscuous” </li...
Reputation <ul><li>Reputation is a subjective evaluation of the assertion about a subject being true based on factual an...
O pen R eputation M anagement S ystem
 
Relationship Management and non-repudiation
Contract Exchange (CX) <ul><li>(Legal) Contract + Non-repudiation </li></ul><ul><ul><li>^^^ Relationship </li></ul></ul><...
CX Basic Flow (Simplified Version) This is a special case of the generalized “Base Model” that is explained later. This sp...
CX Features <ul><li>Non-repudiation and Integrity </li></ul><ul><ul><li>Leveraging on Public Key signing </li></ul></ul><u...
CX Basic Flow (Artifact+Synchronous)
CX Basic Flow (Artifact+Asynchronous) OP Service End Point XRD Access Service Get XRD to obtain service end point and the ...
Very Similar to OAuth? <ul><li>Yes. </li></ul><ul><li>But with </li></ul><ul><ul><li>Identity Framework </li></ul></ul><...
JAL-Hotel SSO & Data Transfer Sequence
Overview <ul><li>Though it would be desirable for its customer to be able to buy hotels etc. when he buys air-tickets at i...
User I/F Sequence <ul><li>For this purpose, JAL provides a hotel search frontend aggregating all her hotel partners (Fig.1...
sequence
Fig.1 JAL: Search Result Press “Reservation Details”
Fig.2 Myu : Hotel Selection Confirmation Press Confirm
Fig.3 User Login <ul><li>Press Login </li></ul>“ You can login with your JMB *1 Membership Number” *1 JMB==JAL Mileage...
Fig.4 (Optional: JAL : OpenID Login) It is an OP Identifier Login. When the user is already logged into JAL Site, this...
Name Address Tel Mail Credit Card Number This Transction Only Until June 16, 2009 <ul><li>Press “Agree & Proceed” </li></u...
Fig.6 Hotel : Name Confirm Now, you are logged in to the Hotel Site. This screen is double checking if you are making a b...
Fig.7 Hotel : Room Confirm
Fig.8 Hotel : Payment Method Confirm Credit Card Wire Transfer CVS Payment
Fig.9 Hotel : Credit Card Confirm Masked for security reason When user selects “Credit Card”, the number etc. are prefil...
Contract Management
Fig.10 JAL: Managing the contracts/relationship A Contract date Actual Data View Detail Stop Data Provision (contract term...
Fig.11 JAL: Contract Termination
Situations in Japan
Success in Japan
WHY?
<ul><li>Marketing Strategy </li></ul><ul><ul><li>Why not using OpenID? </li></ul></ul><ul><li>Focus on Peace of Mind </li...
SECURITY
<ul><li>OpenID can be insecure </li></ul><ul><li>Bolt it up with “Security Profile” </li></ul><ul><li>https identifier onl...
COMMUNITY
How such a success were made possible? <ul><li>Tackled three domains in pallarel. </li></ul>Consumers Business & Tech Co...
Consumers <ul><li>Education </li></ul><ul><ul><li>Using Media/Press extensively to educate. </li></ul></ul><ul><ul><li>Co...
Business <ul><li>Education </li></ul><ul><ul><li>In person visits to well over 100 companies across the industries. </li>...
Balanced Composition <ul><li>48 Companies </li></ul><ul><li>Not only technical </li></ul><ul><ul><li>Technology is there t...
Balanced Composition As of Nov.1, 2008 Note: Some mebes wishes not to announce their participation in public so they are n...
Government <ul><li>Education </li></ul><ul><ul><li>Visit key institutions to have discussion on the applicability of OpenI...
Notable Activities (not including individual company visits) <ul><li>4/1 OIDF-J Kickoff Meeting </li></ul><ul><li>4/23 Off...
OpenID Foundation Japan Structure Membership Corporation (OIDF-J) Fee *2 Activity Proposal Board of Trustees (3) (For fi...
Building Bridges Harmonize
<ul><li>Swahili Word: “Bridge” </li></ul><ul><li>Rooted in Arabics: “Harmonize” </li></ul><ul><li>BUILDING BRIDGES BETWEEN...
The Bi-Cameral Model Board of Trustees Member A Member B Member N Leadership Council WG 1 DG 1 DG/WG N Coordination (Memb...
Membership Types <ul><ul><li>Participant </li></ul></ul><ul><ul><ul><li>No cost, able to participate in all DG’s and have ...
Workflow <ul><li>Incubation (Discussion Groups) </li></ul><ul><ul><li>Anyone can start and participate </li></ul></ul><ul>...
Benefits to Existing Initiatives <ul><ul><li>Existing .orgs can join as Members or Trustees to shepherd their activitie...
Benefits to Participants <ul><ul><li>One organization to join, no financial barrier to participation </li></ul></ul><ul><u...
Recent Development in Japan besides more and more companies announcing support such as NTT…
<ul><li>Payment Profile based on CX </li></ul><ul><ul><li>Banks, Telcos, etc. </li></ul></ul><ul><li>Schema Profiling </l...
<ul><li>Government Authentication Guideline </li></ul><ul><ul><li>Appropriate Identification &Authentication </li></ul></u...
×   your id ea.
of 68

Nat Sakimura Presentation / CloudViews.Org Cloud Computing Conference 2009

Published on: Mar 3, 2016
Published in: Technology      
Source: www.slideshare.net


Transcripts - Nat Sakimura Presentation / CloudViews.Org Cloud Computing Conference 2009

  • 1. OpenID – Identity in the CLOUD? Nat Sakimura (=nat) twitter.com/_nat www.sakimura.org/en/
  • 2. Bom dia.
  • 3. Chamo-me Nat Sakimura <ul><li>Vim do japan </li></ul><ul><li>Eu nao falo portugues. </li></ul><ul><li>So … I have to continue in English </li></ul>~ ~ ~
  • 4. Thank you for inviting me here <ul><li>Portugal – Japan Relationship started in 1543 </li></ul><ul><li>466 th Year </li></ul><ul><li>Real Pleasure to be here to talk to you </li></ul><ul><li>and would like to thank the organizers making my visit possible! </li></ul>
  • 5. Who am I? <ul><li>Digital Identity since 2000 </li></ul><ul><li>Founder, OpenID Japan </li></ul><ul><li>Community Board Member, OpenID Foundation </li></ul><ul><li>Founding Board Member, Kantara Initiative </li></ul><ul><li>Senior Researcher, Nomura Research Institute </li></ul>… And My Mission is …
  • 6. CHANGE
  • 7. <ul><li>User Controlled Identity </li></ul><ul><li>Minimal Disclosure </li></ul><ul><li>Faster and Safer Transaction </li></ul><ul><li>a Reality </li></ul>
  • 8. CLOUD
  • 9. <ul><li>Faster </li></ul><ul><li>Cheaper </li></ul><ul><li>Safer … </li></ul><ul><ul><li>Well, System is, but what about account Management? </li></ul></ul>The Internet CRM HR ERP CRM HR ERP Federated Identity
  • 10. Survey Result <ul><li>1000 samples. </li></ul><ul><li>July 2007 </li></ul><ul><li>Over 16 accounts </li></ul><ul><li>Can remember only 3 pairs </li></ul><ul><li>Result: Same e-mail & password everywhere </li></ul>
  • 11. 2 Types of Federation <ul><li>Closed Federation </li></ul><ul><ul><li>Out of bound trust exchange </li></ul></ul><ul><ul><li>Federation Operator </li></ul></ul><ul><ul><li>E.g. SAML, Shib, etc. </li></ul></ul><ul><li>Open Federation </li></ul><ul><ul><li>Dynamic Federation Setup – sometimes promiscuous </li></ul></ul><ul><ul><li>Scales easier. Good for the Internet </li></ul></ul><ul><ul><li>E.g. OpenID – Identity in the Cloud </li></ul></ul>
  • 12. OpenID in 1 minute <ul><li>Assertion Format : Tag=Value </li></ul><ul><li>Protocol for req/resp of the Assertion </li></ul><ul><ul><li>Discovery of IdP through XRDS </li></ul></ul><ul><ul><li>Dynamic association through DH </li></ul></ul><ul><li>Supported by AOL, Yahoo!, France Telecom, Google, Facebook, etc. </li></ul><ul><ul><li>Soon to come? Microsoft, NTT </li></ul></ul>Identity in the Cloud
  • 13. … but is it enough? <ul><li>Roles and Authorization </li></ul><ul><li>Audit and Trust formation </li></ul><ul><li>Relationship Management and Non-repudiation </li></ul>
  • 14. Roles and Authorization <ul><li>Need to extract attributes from the authoritative sources </li></ul><ul><ul><li>E.g. HR system </li></ul></ul><ul><li>In Realtime </li></ul><ul><ul><li>No syncing </li></ul></ul><ul><li>Connect different protocols </li></ul><ul><ul><li>LDAP + OpenID </li></ul></ul><ul><ul><li>SAML + OpenID </li></ul></ul><ul><ul><li>WS-* + OpenID etc. </li></ul></ul><ul><ul><li>e.g., once logged into a corporate network, can log in to cloud service seamlessly. </li></ul></ul>
  • 15. Audit & TRUST
  • 16. OpenID is Dynamic <ul><li>Federation: Out of bound TRUST formation </li></ul><ul><li>OpenID: “Open”  “Promiscuous” </li></ul><ul><li>How do I trust the other party? </li></ul><ul><li>Creating ad hoc white list does not scale. </li></ul><ul><ul><li>It becomes essentially same as Federation </li></ul></ul><ul><li>Where does the Trust come from? </li></ul><ul><li>Third party trust </li></ul><ul><li>Audit & Market Feedback </li></ul>
  • 17. Reputation <ul><li>Reputation is a subjective evaluation of the assertion about a subject being true based on factual and/or subjective data about it, and is used as one of the factors for establishing trust on that subject for a specific purpose. </li></ul><ul><li>A Reputation Score of a Player (Reputee) on the Type (Criteria) by other players (Reputor) is the subjective probability assigned by the Reputor that the Reputee fulfils the Criteria. </li></ul>
  • 18. O pen R eputation M anagement S ystem
  • 20. Relationship Management and non-repudiation
  • 21. Contract Exchange (CX) <ul><li>(Legal) Contract + Non-repudiation </li></ul><ul><ul><li>^^^ Relationship </li></ul></ul><ul><li>Mobile Friendly </li></ul><ul><li>Asynchronous </li></ul><ul><li>OpenID Foundation CX Working Group </li></ul><ul><ul><li>The first really international WG ;-) </li></ul></ul>
  • 22. CX Basic Flow (Simplified Version) This is a special case of the generalized “Base Model” that is explained later. This special case is optimized for OpenID. Relying Party (RP) OpenID Provider (OP) 1. User access the service 1 3. User Consent verified 3 2. RP creates signed “Offer” and sends it to OP “ Offer” 2 RP 4. OP creates the signed “Contract” based on the “Offer” 4 “ Contract” OP “ Offer” RP
  • 23. CX Features <ul><li>Non-repudiation and Integrity </li></ul><ul><ul><li>Leveraging on Public Key signing </li></ul></ul><ul><li>Confidentiality </li></ul><ul><ul><li>Encrypting the message by the receiving party’s public key </li></ul></ul><ul><li>Extensible Contract (i.e., need to define those elsewhere) </li></ul><ul><ul><li>Contract “Payload” </li></ul></ul><ul><li>Applicable to limited functionality user agents such as Mobile Phones </li></ul><ul><ul><li>“ Artifact” binding </li></ul></ul><ul><li>Asynchronous Messaging </li></ul><ul><ul><li>“ Ticket” and “Notification” </li></ul></ul><ul><li>Use cases revolving around “User Consent” </li></ul><ul><ul><li>Use case that “User requesting to RP” and “User giving consent at OP” is not the same. </li></ul></ul><ul><ul><li>Cases that the user signs the “Proposal” instead of the RP. </li></ul></ul>
  • 24. CX Basic Flow (Artifact+Synchronous)
  • 25. CX Basic Flow (Artifact+Asynchronous) OP Service End Point XRD Access Service Get XRD to obtain service end point and the public key of the OP. Create “Offer” and sign Send “Offer” to OP Return Ticket for the “Offer” Browser Redirect to show OP the Ticket (Optional) Get XRD to obtain service end point and the public key of the Obtain User Consent on the Offer pointed by the Ticket. Create “TransactionID” Browser Redirect to send “TransactionID” to RP Done! Save TrabsactionID RP Service End Point XRD Store Offer Other Processing Send Notification that a Contract for the TransactionID has benn created Create Signed Contract GET Contract based on TransationID Return the (encrypted) Contract Store the Contract
  • 26. Very Similar to OAuth? <ul><li>Yes. </li></ul><ul><li>But with </li></ul><ul><ul><li>Identity Framework </li></ul></ul><ul><ul><li>Legal Framework </li></ul></ul><ul><ul><li>(arguably) Simpler </li></ul></ul><ul><ul><li>Related works: </li></ul></ul><ul><ul><ul><li>ProtectServe etc. </li></ul></ul></ul>
  • 27. JAL-Hotel SSO & Data Transfer Sequence
  • 28. Overview <ul><li>Though it would be desirable for its customer to be able to buy hotels etc. when he buys air-tickets at its site, since JAL is a Transportation provider, it is not allowed to sell Hotel rooms etc. As such, it partners with several hotel reservation sites and refers her customer to them. </li></ul><ul><li>For this purpose, JAL provides a hotel search frontend aggregating all her hotel partners. When user makes a selection there, the user will be taken to the hotel reservation site. Usually, he has to create an account there but in the current system, user can login with JAL’s account. The protocol used there is OpenID, although it does not show it. Together with the login, it also sends the verified personal information including credit card number with user’s consent. </li></ul><ul><li>Since the transaction amount ranges anywhere from US$100 to over $1,000 , and the data sent are sensitive, both sides needed non-repudiation, integrity, and confidentiality. Unfortunately, non of the existing OpenID extension gave these properties. So, it was decided to go with the TX extension proposed in December 2007 (at iiw). </li></ul><ul><li>The system went LIVE on May 28, 2008. </li></ul>
  • 29. User I/F Sequence <ul><li>For this purpose, JAL provides a hotel search frontend aggregating all her hotel partners (Fig.1). User makes a selection out of it and clicks the “Reservation Details” button. </li></ul><ul><li>User, then, will be taken to the hotel reservation site for the details and when he decides to buy it, he clicks “Confirm” button. (Fig.2) </li></ul><ul><li>Then, the user will be confronted with login page, from which he can choose to LOGIN by JAL ID. (Fig.3) </li></ul><ul><li>After the authentication (Fig.4), the user will be shown the data transfer contract proposal noting purpose, data item, duration of the use etc.(Fig.5). The contract proposal is actually electronically signed by the data requesting party (in this case, Hotel reservation site.) When the user agrees to it, it is counter signed to make it a “Contract” and “sent back” to the data requesting party. This “Contract” gives “non-repudiation” for both parties. </li></ul><ul><li>The hotel site requests the data in the back channel using this contract. The data is encrypted using the public key of the data requesting party that is included in the contract. This gives “confidentiality” and “integrity”. In this particular case, Name, Gender, Age, Creditcard number etc. are actually sent. These are verified values (Note: JAL has several level of enrollment. The highest class is the member who has JAL issued credit card and has travelled abroad. In this case, the user can be said to be registered with “Government issued Photo-ID (Passport)” in Person, with backing payment method.) </li></ul><ul><li>In the management interface, a user can manage the contract he has (Fig.10). He can terminate the contract whenever he wants to. </li></ul>
  • 30. sequence
  • 31. Fig.1 JAL: Search Result Press “Reservation Details”
  • 32. Fig.2 Myu : Hotel Selection Confirmation Press Confirm
  • 33. Fig.3 User Login <ul><li>Press Login </li></ul>“ You can login with your JMB *1 Membership Number” *1 JMB==JAL Mileage Bank This screen probably needs a rework. Perhaps create a “Login by JMB” Logo-Button” Although there is no mention of OpenID here, this actually is an OP Identifier based OpenID Login.
  • 34. Fig.4 (Optional: JAL : OpenID Login) It is an OP Identifier Login. When the user is already logged into JAL Site, this screen is skipped. <ul><li>Enter JMB number and password and </li></ul><ul><li>Press “LOGIN” </li></ul>
  • 35. Name Address Tel Mail Credit Card Number This Transction Only Until June 16, 2009 <ul><li>Press “Agree & Proceed” </li></ul><ul><li>Make Selection on attributes to send </li></ul><ul><li>Make Selection for the expiration date for this contract </li></ul>Data Usage Policy Data to be provided Expiration date for this contract Explanation *1 Based on http://wiki.openid.net/Trusted_Data_Exchange For the non-repudiation purposes, mutually e-signed contract is created for the transaction Fig.5 JAL: Attribute Transfer Contract*1
  • 36. Fig.6 Hotel : Name Confirm Now, you are logged in to the Hotel Site. This screen is double checking if you are making a booking for yourself. (You can change the name here if you are booking for someone else.) <ul><li>Press Next </li></ul>
  • 37. Fig.7 Hotel : Room Confirm
  • 38. Fig.8 Hotel : Payment Method Confirm Credit Card Wire Transfer CVS Payment
  • 39. Fig.9 Hotel : Credit Card Confirm Masked for security reason When user selects “Credit Card”, the number etc. are prefilled because the data was transferred from JAL to the Hotel site using TX extension.
  • 40. Contract Management
  • 41. Fig.10 JAL: Managing the contracts/relationship A Contract date Actual Data View Detail Stop Data Provision (contract termination)
  • 42. Fig.11 JAL: Contract Termination
  • 43. Situations in Japan
  • 44. Success in Japan
  • 45. WHY?
  • 46. <ul><li>Marketing Strategy </li></ul><ul><ul><li>Why not using OpenID? </li></ul></ul><ul><li>Focus on Peace of Mind </li></ul>
  • 47. SECURITY
  • 48. <ul><li>OpenID can be insecure </li></ul><ul><li>Bolt it up with “Security Profile” </li></ul><ul><li>https identifier only, etc. </li></ul><ul><li>Introduction of extra layer: </li></ul><ul><ul><li>Non-repudiation with use of certificates. </li></ul></ul><ul><ul><li>“Contract Exchange” </li></ul></ul>
  • 49. COMMUNITY
  • 50. How such a success were made possible? <ul><li>Tackled three domains in pallarel. </li></ul>Consumers Business & Tech Communities Government <ul><li>Joint Marketing with other Identity Related Orgs/Activities such as Liberty Alliance Project Japan SIG and Id-Con. </li></ul>“ Harmonization”
  • 51. Consumers <ul><li>Education </li></ul><ul><ul><li>Using Media/Press extensively to educate. </li></ul></ul><ul><ul><li>Cordinated Press conferences, press briefings, etc. with members. </li></ul></ul><ul><ul><li>Even a magazine for an average internet user had headlines on OpenID </li></ul></ul><ul><ul><li>A“must see” news show for business people had a coverage of the OpenID Japan press conference. </li></ul></ul><ul><ul><li>Other Press Coverages </li></ul></ul>WBS (Oct.30) <ul><li>Monitoring </li></ul><ul><ul><li>Periodical Consumer Survay to monitor the effectiveness of the promotion </li></ul></ul>
  • 52. Business <ul><li>Education </li></ul><ul><ul><li>In person visits to well over 100 companies across the industries. </li></ul></ul><ul><ul><ul><li>Banks, Telcos, Internet Marchants, Transportation, etc. </li></ul></ul></ul><ul><ul><li>Sharing of the business cases among the peer group. </li></ul></ul><ul><ul><li>OpenID TechNights Seminars and other seminar opportunities. </li></ul></ul><ul><ul><ul><li>Emphasis on Security and clear the “Myth” </li></ul></ul></ul><ul><li>Make the Business Case </li></ul><ul><ul><li>During the above visits, discuss the possible business models to come up with the one suitable for the company: Service Creation </li></ul></ul>Hotel etc. Reservation (incl. payment) OpenID Based Payment Extending Social Graph to the internet through OpenID
  • 53. Balanced Composition <ul><li>48 Companies </li></ul><ul><li>Not only technical </li></ul><ul><ul><li>Technology is there to serve people </li></ul></ul><ul><li>Leaders of each industry </li></ul><ul><ul><li>Requirement Gathering </li></ul></ul><ul><li>Strong relationship with the government </li></ul><ul><ul><li>Policy Making Involvement </li></ul></ul><ul><li>Partnership with other identity organization </li></ul><ul><ul><li>E.g. Liberty Alliance Project </li></ul></ul>
  • 54. Balanced Composition As of Nov.1, 2008 Note: Some mebes wishes not to announce their participation in public so they are not listed in the web page. Published Member List: http:// www.openid.or.jp/memberlist.html
  • 55. Government <ul><li>Education </li></ul><ul><ul><li>Visit key institutions to have discussion on the applicability of OpenID and other distributed digital identity systems in e-Gove and business settings. </li></ul></ul><ul><ul><ul><li>e.g., Office of the Cabinet, NISC, METI, Ministry of Internal Affairs and Communications </li></ul></ul></ul><ul><ul><li>Leverage on relationship with various government advisors. </li></ul></ul><ul><ul><li>Assist government research in the field. </li></ul></ul><ul><ul><ul><li>e.g., Assurance programs, Digital Signature Usage, Digital Authentication Usage, Consumer reach, etc. (NRI) </li></ul></ul></ul><ul><ul><ul><li>Government Authentication Guidelines </li></ul></ul></ul><ul><ul><ul><li>Telco Guidelines etc. </li></ul></ul></ul>
  • 56. Notable Activities (not including individual company visits) <ul><li>4/1 OIDF-J Kickoff Meeting </li></ul><ul><li>4/23 Office of the Cabinet </li></ul><ul><li>4/24 OpenID Tech Night vol.1 </li></ul><ul><li>5/28 JAIPA Seminar “OpenID Day” </li></ul><ul><li>6/4 Ministry of Economy, Trade and Industry </li></ul><ul><li>6/10 OpenID Tech Night vol.2 </li></ul><ul><li>7/6-10 Liberty Alliance Prenary @ Stockholm </li></ul><ul><li>7/18 Liberty Alliance Technology Seminar vol.3 </li></ul><ul><li>7/19-30 Internet Survey </li></ul><ul><li>8/1 OpenID Tech Night vol.3 </li></ul><ul><li>8/18 OpenID Auth 2.0 Translation Completion </li></ul><ul><li>8/20 Mixi Press Conference/Release Endorsement. Technical Meeting. </li></ul><ul><li>8/21 Ministry of Economy, Trade and Industry </li></ul><ul><li>8/21 Keio University (Prof. Kokuryo) </li></ul><ul><li>8/26 Ministry of Internal Affairs and Communication </li></ul><ul><li>8/29 Tokyo Institute of Technology (Prof. Ohyama) </li></ul><ul><li>8/29 Tokyo University (Prof. Sudo) </li></ul><ul><li>9/4 Ministry of Economy, Trade and Industry </li></ul><ul><li>9/8-11 Digital ID World : Panel </li></ul><ul><li>9/18 OIDF Content Provider Advisory Committee </li></ul><ul><li>9/18 Chuo University (Prof. Sugiura) </li></ul><ul><li>9/19 National Information Security Center </li></ul><ul><li>9/28 NEC Product Endorsement </li></ul><ul><li>10/6 Biglobe Press Release Endorsement </li></ul><ul><li>10/6 Rakuten Payment Service Soft Launch </li></ul><ul><li>10/30 OpenID-J Press Conference </li></ul><ul><li>10/31 Submission of TX to OIDF Spec Committee </li></ul><ul><li>11/7 Liberty Alliance Day: Panel </li></ul><ul><li>11/10-14 Internet Identity Workshop </li></ul><ul><li>11/26 Internet Week 2008 </li></ul><ul><li>12/3 Web 2008 Expo </li></ul><ul><li>12/* OIDF-J Plenary </li></ul><ul><li>12/12 OpenID BizDay#1 </li></ul>Cannot list individual company visits because there are too many!
  • 57. OpenID Foundation Japan Structure Membership Corporation (OIDF-J) Fee *2 Activity Proposal Board of Trustees (3) (For fiscal fiduciary) SIG 1 SIG 2 SIG n *1 Funding & Support SIG Leadership Council Advisors (Academic) Advisors ( Government ) Liason ( LAP etc. ) *1 Anticipated Initial SIGs: 1. Marketing, 2. Payment, 3. Assurance, 4. User Interface *2 Fees are deliberately cheap because OIDF-J do not spend much… Fee = approx US$2000+$1000 Break even at 20 members for min. activities: Targeting at 100 members or more. Secretariat (Accounting and Facilitation)
  • 58. Building Bridges Harmonize
  • 59. <ul><li>Swahili Word: “Bridge” </li></ul><ul><li>Rooted in Arabics: “Harmonize” </li></ul><ul><li>BUILDING BRIDGES BETWEEN DIVERSE IDENTITY COMMUNITIES AND PROTOCOLS </li></ul>
  • 60. The Bi-Cameral Model Board of Trustees Member A Member B Member N Leadership Council WG 1 DG 1 DG/WG N Coordination (Members & Non-Members) Staff support report Participants (Members & Non-Members)
  • 61. Membership Types <ul><ul><li>Participant </li></ul></ul><ul><ul><ul><li>No cost, able to participate in all DG’s and have full voting rights in WG’s </li></ul></ul></ul><ul><ul><ul><li>Must first sign the IPR agreement that a Group operates under </li></ul></ul></ul><ul><li>Member </li></ul><ul><ul><ul><li>Receive a Member discount to attend and participate in interoperability workshops & Kantara Initiative meetings/ conferences </li></ul></ul></ul><ul><ul><ul><li>Vote on the adoption of all final Kantara Initiative Recommendations </li></ul></ul></ul><ul><ul><ul><li>Listed as a Member on Kantara Initiative’s web site </li></ul></ul></ul><ul><ul><li>Trustee </li></ul></ul><ul><ul><ul><li>All member rights plus a seat on the Board of Trustees (with associated responsibilities) as well as: </li></ul></ul></ul><ul><ul><ul><ul><li>Exercise fiduciary oversight of Kantara Initiative </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Listed as a Trustee on the Kantara Initiative web site (premium logo placement) </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Preferential right of first refusal (prior to other Members) to actively participate in Kantara Initiative’s marketing and promotional activities at trade shows and other industry events </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Listed as a Trustee in all Kantara Initiative press releases </li></ul></ul></ul></ul>
  • 62. Workflow <ul><li>Incubation (Discussion Groups) </li></ul><ul><ul><li>Anyone can start and participate </li></ul></ul><ul><ul><li>Used to gather community support for a new Work Group or Leadership Council funding request </li></ul></ul><ul><li>Active (Working Groups) </li></ul><ul><ul><li>Charter approved by Leadership Council to ensure it complies with goals, purpose, and principals of Kantara Initiative </li></ul></ul><ul><ul><li>Each charter must include a reference to the IPR agreement it wishes to operate under (a menu of agreements possible is maintained by the BoT) </li></ul></ul><ul><ul><li>Produces all output that may lead to final Kantara Initiative Recommendations (per vote of full Membership) </li></ul></ul><ul><li>Complete/inactive/sunset </li></ul><ul><ul><li>Once work concludes or becomes inactive, WG is sunset by Leadership Council </li></ul></ul>
  • 63. Benefits to Existing Initiatives <ul><ul><li>Existing .orgs can join as Members or Trustees to shepherd their activities through the Kantara Initiative process </li></ul></ul><ul><ul><li>Kantara Initiative WG’s are open to anyone and voting is a right granted to all without requirement of paying membership, so existing organizations can apply for WG status of their existing or new activities </li></ul></ul><ul><ul><ul><li>Brings benefit of Kantara Initiative institutional support to that activity </li></ul></ul></ul><ul><ul><li>On a case-by-case basis, Members who are also solution-developing organizations can negotiate specific shared infrastructure and staffing arrangements, even without any commitments of merging with Kantara Initiative over time (which is always an option but not required). </li></ul></ul>
  • 64. Benefits to Participants <ul><ul><li>One organization to join, no financial barrier to participation </li></ul></ul><ul><ul><li>Inclusive scope and mission of all solution technologies and operational frameworks </li></ul></ul><ul><ul><li>Global scope, involvement, and reach, with more participants and broader constituency than any single pre-existing .org </li></ul></ul><ul><ul><li>Collaborative environment across disciplines (technical, business, policy, privacy, etc) </li></ul></ul><ul><ul><li>Allows diversity of projects, put into a meaningful context </li></ul></ul><ul><ul><li>Simple & painless process to start work quickly, openly, yet with proven IPR processes and procedures in place </li></ul></ul><ul><ul><li>Leverage trademark programs for interoperability, conformance, compliance, and accreditation </li></ul></ul>
  • 65. Recent Development in Japan besides more and more companies announcing support such as NTT…
  • 66. <ul><li>Payment Profile based on CX </li></ul><ul><ul><li>Banks, Telcos, etc. </li></ul></ul><ul><li>Schema Profiling </li></ul><ul><ul><li>Attribute Schema </li></ul></ul><ul><li>Multi Protocol Interop </li></ul><ul><ul><li>SAML <-> OpenID </li></ul></ul><ul><ul><li>(WS-* <-> OpenID) </li></ul></ul>
  • 67. <ul><li>Government Authentication Guideline </li></ul><ul><ul><li>Appropriate Identification &Authentication </li></ul></ul><ul><ul><li>Appropriate level of Digital Signature </li></ul></ul><ul><li>IDP Transtion </li></ul><ul><ul><li>When IDP goes out of business </li></ul></ul><ul><ul><li>Very important for Identity 2.0 </li></ul></ul><ul><li>Reputation & Trust </li></ul>
  • 68. ×   your id ea.

Related Documents