Closing keynote: Identity management and the Cardiff giant

Federating the next generation

Abstract

The first years of federated identity management were focused on building the substrate for simple login and attribute transport.

While not yet complete, mechanical interoperation, transport, and integration are pretty well understood and deployment has proceeded at a rapid pace.

Through continued hard work we should see the initial roll-out mostly completed in five or ten years. The interesting questions that will arise over that timeframe center not on which protocols are chosen, nor how integration is achieved. We will investigate these more likely pressing pragmatic questions and the roles of providers and federation in answering them:

  1. Will discovery ever get 'solved'?
  2. Who provides identity, and how will they protect privacy and integrity of authority?
  3. Who verifies identity, and what do they verify?
  4. Why don't we just use Facebook Connect and Google Friend Connect?  

Presenter

Nate Klingenstein

Nate Klingenstein

Nate Klingenstein is Senior Technical Analyst with Internet2. He is has been a member of the Shibboleth core team since 2001, where he has led the support and documentation efforts, while contributing to architecture of protocols and software. He has done pioneering research on several facets of federated identity, including cobbling together one of the first federated identity based virtual organization deployments, integrating multiple identity sources through attribute aggregation, and invented novel methods for holder-of-key federated identity, creating stronger trust and assurance. He has worked directly with Japan, as Visiting Researcher at the National Institute of Informatics, the Cal State System, the University of North Carolina, and others to help them build identity deployments for their communities. He developed the Holder-of-Key Web Browser SSO Profile of SAML, allowing SAML to be used at the highest levels of assurance by tying the assertion to the establishment of a TLS session. He is an active member of the OASIS Security Services (SAML) SSTC, the OpenID Security Committee, and co-chair of the APAN Middleware WG.

Bookmark and Share