Embed Size (px)
Transcript of Workshop Personalization
q.o.t.d."Besides the noble art of gettingthings done, there is the nobleart of leaving things undone.The wisdom of life consists inthe elimination of non essentials."- Lin Yutang
rules1) religion is not a subject2) celebrate the differences3) fail and learn
goalPersonalization with the exchange of the least possible identity related information.
(is this user-centric identity management?)
definitionsAuthentication: The act of proving who you are, and Authorization: the act of getting what you need, Personalization: the way you want it.Persona: maskIdentity: formed by contextAttributive use of descriptions: context informationReferential use of descriptions: definiteness on the persona. 1) 2)
things doneEen SAML front-end voor DigID test tussen Buza en rijksoverheid.nl
things doneEen OpenID + Ax test tussen BZK en FaSam.
show handsOpenID/OauthSAMLv2 Infocards/CardspaceXACML/PIP, PEP, PAP, PDPAttribute/Claims Based Access Control
ToolsIdentity Stores (You)Network (Maurice)Wisdom (everyone)
everything is a file
NotesVan den Hoven first suggested that Keith Donellan (1966) distinguished between referential use of descriptions and attributive use of descriptions.Huits-Manders suggests that better privacy protection can be achieved by using this difference. Both types represent identity-relevant information. (Searl: 'de re'/'de dicto' and 'rev'/'att' have primary v. secondary aspects as real distinctions)From 1) + 2) the question follows: how does this difference influence Identity & Access Management?Derived principle (1): an authoritative IdP does not send referential descriptions.Derived principle (2): an authoritative IdP can relay questions on referential descriptions.
Authentication (AuthN)user-id/wwtoken voor de gebruiker/token van de gebruiker (They can read minds nowadays, you know that? Only numbers so far, because that's all they could test on mice.)pastoken voor de gebruiker/token van de gebruiker (the mind-read mice!, cloning!)Consume Provide
Authorization (AuthZ)getting what you need versus offering what you have?Line of thought: in a network everything of value is a controlled endpoint.Access is granted based upon proofProof can be anything that is agreed upon.Trust is irrelevant.Resistance is not.
PersonalisationIs this 'Context Delivery Architecure'?Attributes?Who you are, what you do, with whom, where and when, and with what... anything else?TweakUI?What You Need Is What You get. (WYNIWYG 2.0)This is not a webpage.
Diagram (via Jeroen, Anoigo)