Decentralised Trust, Jean-Michel Crom, Orange Labs
•Télécharger en tant que PPTX, PDF•
2 j'aime•395 vues
This document discusses identity and trust in the reTHINK vision. It proposes a global identity and reachability framework that allows for identity portability across service providers through globally unique identifiers. The framework includes features like an identity module for authentication, identity providers, a discovery service for searching identifiers across domains, and a trust engine for evaluating trustworthiness. The goal is to empower users with freedom of choice, portable identities, global reachability, and better information on trust.
Recommandé
Recommandé
Contenu connexe
Tendances
Tendances (20)
Similaire à Decentralised Trust, Jean-Michel Crom, Orange Labs
Similaire à Decentralised Trust, Jean-Michel Crom, Orange Labs (20)
Plus de Alan Quayle
Plus de Alan Quayle (20)
Dernier
Dernier (20)
Decentralised Trust, Jean-Michel Crom, Orange Labs
- 1. 1 reTHINK : regarding identity & trust Jean-Michel Crom, Orange November 15th 2016 TAD Summit
- 2. 2 The reTHINK vision Decentralization Interoperability/open Trust User empowerment
- 3. 3 Identity in reTHINK: 2 faces Authentication – to choose one’s identity to be subsequently used – to authenticate users and to provide identity tokens for peers – to check identity tokens received by callers – to add trustworthiness value to identity Reachability – to be discovered and called from an domain
- 4. 4 Global Identity & Reachability Framework Identity portability throughout reTHINK service providers Globally Unique IDentifier = a static global (i.e. domain-agnostic) identifier – created by hashing the user’s public key with a salt – associated with several domain-bound identifiers – published by the user on the Global Registry (DHT) – basis of a distributed social network (GraphConnector) A global search engine: the Discovery service – access to Global Registry to retrieve domain-bound identifiers – access to Domain Registry to get reachable addresses (i.e. live hyperty instances)
- 5. 5 Global Identity & Reachability Framework Trustworthy identity features Identity Module on the client runtime + Identity Providers – to authenticate users and to provide identity tokens for peers – to check identity tokens received by callers IdP Stub to adapt to any IdP – based upon IdP-Proxy from RTCweb IETF group – downloaded from the IdP (thus adapted to any IdP protocol) – deployed for OpenID Connect, Google & Microsoft complemented by Trust Engine – use of white- & black-list – use of distributed social network
- 6. 6 “Alice calls Bob” Alice’s CSP Bob’s CSP Alice’s IdP IdModule Auth IdAssertion Call Offer + IdAssertion Alice’s CSP Bob’s CSP Alice’s IdP IdModule check IdAssertion Call Answer + IdAssertion Trust Engine evaluate trustworthiness
- 7. 7 “Alice searches Bob” Discovery Service Global Registry Domain Registry search “Bob” “T-Labs” “Berlin” Bob’s GUID Bob’s UUID Bob’s URI
- 8. 8 Runtime Identity Provider Trust Engine CSP Id Module Graph Connector Runtime Registry Domain RegistryGlobal Registry Discovery Service Catalogue Hyp instance 1 Hyp instance 2 Policy Engine Policy Engine Support services: big picture
- 9. 9 Identity in reTHINK a global framework for – reaching any user whichever domain he is registered and connected – authenticating users against domains and one another some added-value components – global discovery service – trustworthiness evaluation and, most important, a better-informed empowered user – freedom of choice by user – portable identity – global reachability – better information on trustworthiness
- 10. 10 Thank You! Jean-Michel Crom reTHINK Project