Recent Changes - Search:

Research@UNIK

Admin & Tools

Mobile Networking

edit SideBar

UniK, Kjeller

WorkingSystems

  • Federated, Bowser based: OpenID, LID
    • Open ID :-

OpenID starts with the concept that anyone can identify themselves on the Internet the same way websites do-with a URI. 'how you prove ownership of a URI - authentication'. With OpenID Authentication, your username is your URI, and your password (or other credentials) stays safely stored on your OpenID Provider (which you can run yourself, or use a third-party identity provider). To login to an OpenID-enabled website (even one you've never been to before), just type your OpenID URI. The website will then redirect you to your OpenID Provider to login using whatever credentials it requires. Once authenticated, your OpenID provider will send you back to the website with the necessary credentials to log you in. OpenID framework use 'Strong Authentication' where needed.

Beyond Authentication, the OpenID framework provides the means for users to share other components of their digital identity. By utilizing the emerging OpenID Attribute Exchange specification, users are able to clearly control what pieces of information can be shared by their Identity Provider, such as their name, address, or phone number.

Strength

Drawback

  • LID :-

Light weight identity. LID is the original URL-based identity protocol, and part of the OpenID movement. LID uses standard URLs as identifiers. For example, the URL http://lid.netmesh.org/liddemouser/ is the LID identifier for a hypothetical individual called Mr. LID Demo User. Anybody can host LID digital identities at a URL of their choosing, as long as they have control over the URL and the ability to run a program (CGI script) at that URL. For URLs where that is not possible, Yadis delegation allows a LID URL to point at one or more identity services hosted by different sites.

Unlike other digital identity systems, LID is organized in a base protocol called MinimumLID, and an ever-growing list of services on top of it. This enables LID to be a foundation for digital-identity related innovation by many parties. Any implementor chooses which or how many LID profiles to support to meet their needs.

Some of the already-defined profiles include:

  • LID single sign-on
  • LID for controlled profile data exchange using vCards -- define subsets of information for different clients
  • LID for controlled, decentralized social networking using FOAF -- different subsets of information for different clients
  • LID for authenticated messaging and blogging -- no more forged return addresses

LID relies on existing technologies to the maximum extent possible:

  • XML and XPath (but not WS-*)
  • REST
  • PGP / GPG
  • standard browsers without requiring plug-ins or extensions
  • LID also supports OpenID authentication

Strength

Drawback

  • SXIP -

Identity 2.0, proposes an Internet-scalable and user-centric identity architecture that mimics real-world interactions. The Simple eXtensible Identity Protocol (SXIP) was designed to address the principles defined by the Identity 2.0 model. It provides a seamless user experience with services such as Single Sign-On and Automatic Form Fill. The end users are individuals who manage the exchange of their identity data via their client, typically a web browser. Users are able to create an identity profile at a homesite where Identity data is stored with user’s personas. In the SXIP protocol, a user’s persona is represented by a persona URL. The Sxip network rootsite, an authority for the Sxip network is responsible for issuing unique identifiers for those personas. The data is released from homesite in response to request from membersites upon user’s consent. Membersites are typically websites that consume identity data in order to provide services. SXIP 2.0 makes it easy for users move the location of the identity data stored with a persona, without loosing the identifier associated with the persona. SXIP uses two-factor authentication solution to access services, like, online bank, which requires strong authentication mechanism. Another new feature called authoritative sites gives the user the ability to put credentials from the authoritative site on their homesite and later transfer those credentials to the relying party. This is an interesting way to hide the use of PKI behind a layer of software. By adding homesite functionality a website can provide authentication and identification of users. SXIP is created especially for internet domain.

Strength

Drawback

  • Centralized, Browser based: Yahoo BBAuth, MSPassport/LiveID
    • Yahoo BBAuth -
    • MSPassport/LiveID -
  • Federated, OS based: Microsoft InforCard/CardSpcae
    • Microsoft CardSpace -

CardSpace uses a variety of virtual cards to identify users, each retrieving data from an identity provider. The process begins with an application requesting a relying party’s policy. The policy indicates the accepted format of security token and what claims this token must contain. Once this information is returned and passed to CardSpace, the system displays the card selection screen. User acquired these information cards from identity providers. Once the user clinks on an appropriate card, CradSpace issues a request for security token to identity provider associated with that card. Identity provider returns a security token that is passed on to the replying party. CardSpace isn’t even aware of what format this token is in. For greater security, user can choose to protect individual information cards with personal identification numbers (PINs), requiring a user to enter this value before the information card is used. Secure communication using SSL is not secure enough. SSL certificates actually prove only that a given site name has a particular DNS name. Microsoft is working on with others in the industry to create a new level of certificate that can contain more information than a traditional SSL certificate; including the name, location and logo of the organization it was issued to.

Strength

Drawback

  • All of the above: Liberty Alliance
    • Liberty Alliance -

Strength

Drawback

Edit - History - Print - Recent Changes - Search
Page last modified on April 17, 2007, at 04:30 PM EST