European Workshop on Trust & Identity

In cooperation with GeantLogo184x80

Session 22 <Pre-open trust taxonomy > (11:30/Room K1)

Convener: Rainer Hörbe

Abstract1: OTTO is a Kantara WG wanting to devise a metadata infrastructure like SAML to establish federations with OAuth2/OIDC. The distribution mechanism will be based on blockchains. The architecture foresees a 2-layer approach with a generic layer supporting various business processes for establishing trust. Finally, the concept should be generic enough to support other metadata schemes like PKI and SAML metadata out of the same block chains.

Abstract2: The capability to run an identity federation. The first step was to map the SAML.

"It looks like we don't have to do it, because we cannot implement in the metadata."

"Then we realised we can do something better in the future.

Block chains enable to trust paradigms:

TOFU – trust on first use. Once you put something in t the block chain it is under public scrutiny. Consistent distribution is part of the technology.

The initiative came from Mike Schwartz of Gluu to have the capability to run an identity federation being driven by metadata as we have it today with SAML. The group started out mapping the SAML entity.

The first major point in the concept is that we don’t want to have the huge aggregates based on centralized databases. We then realised we can do something in another architecture. Get rid of the central database, it’s like the CA, if you hack it you go bust. Distribution is solved by using a block chain. In it you have two different trust paradigms. One is trust on first use. The concept is you put something in the block chain that is available and the source is then doing an ongoing monitoring that it was not revoked by a later entry. Once you put something in the block chain there is a very high confidence in being unchanged. The other trust paradigm is the proof of being the authoritative source that can be done in a traditional way. With signatures, and the things we have currently, so we are basically getting the best of both approaches. On top of the block chain, one can build an SQL database, so if you look up an entity by URL and see this is my name space, you can have the backlink in the database to verify the block chain to verify the database and to check if it’s of good integrity. The database provides flexible lookups.

The second major point was to extend the scope beyond technical trust. I am friendlier with SAML than OAuth2 so I would like to take the SAML example. In it you have a lot of assertions, but not they are not complete. You don’t have a proper assertion in the EntityDescriptor of the identity of an Entity Owner, for example the University of Vienna that is a legal identity based on the federal law of republic of Austria. SAML metadata is a very technical concept and leaving out the business level generates many of these scaling issues with metadata. So we will look what we can put into the metadata to support the whole business process to trust an entity.

And the third concept we are not just doing OAuth2 but abstracting metadata, doing also PKI, SAML and others, because the underlying fundamental statements have something in common so its fairly expensive to say that this legal entity is a member here, this one is affiliated, this one has a key here. (We have not yet adapted the charter).

There are different things. The SAML EntityDescripter is composed of entity statements which are even of different authoritative sources, so in many cases who is owning a key pair is just a statement of the owner, nobody is going to verify it, if you can’t decode a message nobody is going to check even. But who is asserting R&S entity category? Or certifying the assurance level?

The idea is to have two layers in this trust economy. One is an elementary level where are the statements like this name is a part of a name space and this name is linked to a key, a key holder so if you decompose in just these elementary expressions. I think that the certificate can be expressed.

The underlined triple store should be in the block chain or in the URLs to some external stores and on top of that is more loosely defined, a service that will have an interface to legacy clients.

Tom:

In terms of getting broader input into the abstract layer that’s something that you could share widely. It would be quite valuable to understand. To represent it in that particular way could really help.

Rainer:

You have the GS1 which is mostly in the trade sector, unless you get more types of organizations together in one group, it will not work.

Johan and Floris: referring to the UETP model, the notes can be found on day 1, K7, third session.

Rainer: It might be more complex because we are aiming for notary functions to all entities related. Authority’s parties, making assertions of claims about somebody, there is an interesting project in Austria’s government for legal identifiers, most advanced implementations in Europe in support of the EU service directive. Almost everything that is kind of a legal or business entity is included. They are pulling together the different sources and registries that are based on law, including sole traders, government agencies, and hospitals.

The idea is to link the business processes that we currently have which are completely broken and provide some infrastructure where you can make plugins to say okay this government registry or this signature scheme can be used to provide trust and assertions which is good enough to relying party to build technology on SAML Data. The business processes will be based on the more general level.

Observation was is that the previous models like PKI and SAML metadata had this old approach of data centric modelling, that was the architecture, and now it’s more state of the art that you do business modelling first before you start writing a specifaction. The working group is aware that we need the data model and the business process model and if we can solve the business ones on a data level it would be much easier to have lighter API and agents that generate the specific metadata parties.

Tom: Why wouldn’t the business processes be a part of the anthology? You should put them together.

Rainer: I fully agree. It’s important not just to have a structural model but behavioural planning and the semantic model.

The fundamental (generic) level and technology specific layer. Not every element will be technology agnostic, so the generic level might include technology-specific data.

Johan: I think there is a must for an implementation level in between and its really important how to choose which things to use from the fundamental level, a level where the choices have to be made.

Tom: You also risk not being able to achieve what you want to. In order that the connection is more stable.

What are the gaps and what is hard to do?

Rainer: The resource gap is there. We need to be more people because that’s really way too big for a handful of people. We need more stakeholders. If we are really going to integrate as a pattern, we really need more resources. It’s also a complete threat for currency models. It’s designed to eradicate X5O9 as a business model.

Tom: The idea of having metadata aggregates produced as big huge files, on the one hand on the other hand we still need those kinds of notaries, or federation operators who put some authority into some of the assertions.

Johan: There is a big unity in the bit coin and to make the combination to use different authorities. Certificate authorities, which want to implement a new protocol to make it possible to have certificate authorities on block chain, the guy who was promoting that was Mike Hern.

Rainer: Another point where is the privacy or confidentiality, so supply chain might not want to show which companies are a part of the supply chain and by linking URLs to some access control schemes you can’t handle that but you obviously have the part of the block chain which is limited.

Other aspect is to have a payment model. For example having a company registry number, there are companies selling the information, you can send the URL somewhere and to sell the infrastructure.

To be informed or contribute you can join the Kantara OTTO working group, which is currently on a weekly call schedule.

Tom: What is the goal of the working group?

Rainer: Creating a federation metadata system for OAuth2 similar to SAML.

Action Items:

Join the mailing list of Kantara OTTO-WG:

https://kantarainitiative.org/confluence/display/OTTO/Home

There is material on the Wiki:

https://github.com/KantaraInitiative/wg-otto