Workshop Personalization

download Workshop Personalization

of 28

  • date post

    08-Jul-2015
  • Category

    Technology

  • view

    438
  • download

    2

Embed Size (px)

description

Slides for a workshop on personalization, authorization and authentication.

Transcript of Workshop Personalization

  • q.o.t.d."Besides the noble art of gettingthings done, there is the nobleart of leaving things undone.The wisdom of life consists inthe elimination of non essentials."- Lin Yutang

  • workshop topicAuthNAuthZPersonalization

  • rules1) religion is not a subject2) celebrate the differences3) fail and learn

  • goalPersonalization with the exchange of the least possible identity related information.

    (is this user-centric identity management?)

  • definitionsAuthentication: The act of proving who you are, and Authorization: the act of getting what you need, Personalization: the way you want it.Persona: maskIdentity: formed by contextAttributive use of descriptions: context informationReferential use of descriptions: definiteness on the persona. 1) 2)

  • things doneEen SAML front-end voor DigID test tussen Buza en rijksoverheid.nl

  • things doneEen OpenID + Ax test tussen BZK en FaSam.

  • show handsOpenID/OauthSAMLv2 Infocards/CardspaceXACML/PIP, PEP, PAP, PDPAttribute/Claims Based Access Control

  • ToolsIdentity Stores (You)Network (Maurice)Wisdom (everyone)

  • semantics anyone?EpistemologyOntology

  • backup

  • everything is a file

  • user centric

  • NotesVan den Hoven first suggested that Keith Donellan (1966) distinguished between referential use of descriptions and attributive use of descriptions.Huits-Manders suggests that better privacy protection can be achieved by using this difference. Both types represent identity-relevant information. (Searl: 'de re'/'de dicto' and 'rev'/'att' have primary v. secondary aspects as real distinctions)From 1) + 2) the question follows: how does this difference influence Identity & Access Management?Derived principle (1): an authoritative IdP does not send referential descriptions.Derived principle (2): an authoritative IdP can relay questions on referential descriptions.

  • Authentication (AuthN)user-id/wwtoken voor de gebruiker/token van de gebruiker (They can read minds nowadays, you know that? Only numbers so far, because that's all they could test on mice.)pastoken voor de gebruiker/token van de gebruiker (the mind-read mice!, cloning!)Consume Provide

  • Authorization (AuthZ)getting what you need versus offering what you have?Line of thought: in a network everything of value is a controlled endpoint.Access is granted based upon proofProof can be anything that is agreed upon.Trust is irrelevant.Resistance is not.

  • PersonalisationIs this 'Context Delivery Architecure'?Attributes?Who you are, what you do, with whom, where and when, and with what... anything else?TweakUI?What You Need Is What You get. (WYNIWYG 2.0)This is not a webpage.

  • Diagram (via Jeroen, Anoigo)

  • but first

  • success

  • or