Digital identity has been under a constant evolution for the last 30 years. It started from a simple access control via user account within a system to a shared credential among the systems, then to the federated identity and bring-your-own-identity (BYOI). Modern usages are not only for access control but include such purposes like digital on-boarding (account opening), employee and customer relationship management. Among the many technologies out there, OpenID seems to have gained popularity in the market that you are probably using it without knowing it. This session explains the positioning of OpenID in the digital ID landscape and explores the future potential for both corporations and individuals.
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
OpenID in the Digital ID Landscape: A Perspective From the Past to the Future
1. Nomura Research Institute
OpenID in the digital ID landscape:
a perspective from the past to the future
Nat Sakimura (@_nat_en)
Research Fellow, Nomura Research Institute
Chairman of the board, OpenID Foundation
www.kuppingercole.com
_nat_en
https://nat.Sakimura.org/youtube.php
https://www.linkedin.com/in/natsakimura
https://nat.sakimura.org
Nomura Research Institute
5. Nomura Research Institute
Rome
5
(Source)Roman soldiers on the cast ofTrajan's Column in theVictoria and Albert museum, London.– public domain
Shared weak
symmetric key,
rotated daily with
ACK based key
delivery protocol
6. Nomura Research Institute
MIT’s CTSS system
(1961) used
LOGIN &
PASSWORD –
An example
of individual
password
6
(Source) http://en.wikipedia.org/wiki/IBM_7090#mediaviewer/File:IBM_7094_console2.agr.JPG
12. Nomura Research Institute
12
(source)Created by the author based on ISO/IEC 24760-1 Identity management framework: Part1
Unknown※
Established
Active
Archived
Suspended
suspend
reactivate
maintain
delete
archive
activate
adjust
register
Re-establish delete
Identity
Management
30. Nomura Research Institute
And there came Mike Jones
“You guys should come together and standardize
it at IETF. Don’t worry. I can take care of the
editing!”
30
JSON Simple
Signature (JSS)
& Encryption (JSE)
Magic Signature &
JSON Tokens
JWx
36. Nomura Research Institute
Over 90% of Azure
AD App
Authentication are
Over OpenID
Connect
as of
April
2018
36
Alex Simmons at EIC 2018
37. Nomura Research Institute
37
OpenID Financial-grade API (FAPI)
Security Profile
https://www.openbanking.org.uk/provider-categories/account-providers/
ABN AMRO Bank NV
AIB Group (UK) plc
Bank of Cyprus UK Ltd
Bank of Ireland (UK) Plc
Bank of Scotland plc
Barclays Bank Plc
Clydesdale Bank PLC
HSBC UK Bank Plc
ICBC (London) plc
Lloyds Bank PLC
etc…
38. Nomura Research Institute
That is perfectly fit for not only
Enterprise access control
Real
Name
Professional
qualification
department
Geo-
location
Employee
number
Entity Authenticated IdentityAuthentication Server
Provides Claims
username
password
Geo-location
Device info
Etc.
Identity
Register
AuthN
Log
Audit
Anomaly
Detection
Resource
PolicyPAP
PDP
PEP
metadata
PEP2
Admin
ID Token
44. Nomura Research Institute
Self-issued OP – Never taken away 44
HOSTED ON YOUR LOCAL
MACHINE.
NO NEED FOR IDP DISCOVERY
BECAUSE IT IS LOCAL.
USER IDENTIFIER IS THE HASH OF
THE PUBLIC KEY GENERATED BY
THE SOFTWARE.
47. Nomura Research Institute
Aggregated claims 47
Signed Claims
(Token)
Signed Claims
(Token)
ID Token
IdP
Claims Provider
Claims Provider
Client
Claims are
Verifiable
49. Nomura Research Institute
An example of on-
going activities on
the claims-set
49
Minimum Viable
eKYC Framework
(eID/KYC Expert
Group @ EC)
50. Nomura Research Institute
CIBA: Client Initiated Backchannel Authentication
-- O2O: Online Authentication for Offline Transaction
Use-case 1: Customer authentication @ Call centers
50
51. Nomura Research Institute
51Trusted Personal Data Management Service (TPDMS)
- Consent Management
Worked on by Japanese government.
Ethical Assistance to combat “Over
consenting”
Note: Cambridge Analytica incident
happened because of “over consent”
Public comment period for the
certification scheme started Nov. 22.
Expected to find the first certified service
by the end of March.
ISO/IEC 29100, 29134, 29184, 27552
Kantara Initiative Consent Receipt
52. Nomura Research Institute
Projected Landscape
52
Signed Claims
(Token)
Signed Claims
(Token)
ID Token
Access Token
IdP
Claims
Provider
Claims
Provider
Client
Keys
Keys
eKYC
Continuous
AuthN +
Risk Info
FAPI+CIBA
Consent Management
(Ethical Assistance)
54. Nomura Research Institute
OpenID in the digital ID landscape:
a perspective from the past to the future
Nat Sakimura (@_nat_en)
Research Fellow, Nomura Research Institute
Chairman of the board, OpenID Foundation
www.kuppingercole.com
_nat_en
https://nat.Sakimura.org/youtube.php
https://www.linkedin.com/in/natsakimura
https://nat.sakimura.org