Pete Metrulas Hewlett Packard

1
Enterprise Positioning of OpenID
01/09/08 Discussion

• Pete Metrulas Hewlett Packard

2

Proposed Agenda

• Overview on the IdCommons process How it works?
• Establishing a working group
• Getting approved as an official group
• How a group is structured and works
• What are the typical deliverables of a workgroup
• Review of the current working group definition
• Does this represent the scope?
• What additional areas of the charter need to be
  addressed?
• Review of some concepts related to the context
  Enterprise drivers related to OpenID / IdM 2.0

3

Charter Draft Document

• Name Enterprise Positioning
• Purpose To engage the enterprises in the
  adoption and proliferation of user-centric
  identity by shaping clear articulate value
  propositions for communication in the enterprise
  space.
• Principles
• Meet the business community where they are at.
• Practices
• We work via mailing list with documentation on
  our wiki.
• Requirements of Participation and How to Join
• Anyone can join
• Licenses and/or Restrictions on Usage of Work
  Product
• Creative Commons, Commercial, non-attribution?

4

Charter Draft Document

• Current Deliverables and Milestones
• Current Meeting Schedule
• Current Membership
• Dan Nelson - FBS Data Systems Pete Metrulas -
  Hewlett-Packard Gary Ardito - Novell Kaliya
  Hamlin - Identity Woman
• Current Stewards Council Representative and
  Alternate
• Representative Gary Ardito Alternate Pete
  Metrulas
• Current Links
• Enterprise Positioning
• Related Groups
• Project VRM
• Enterprise Identity Architects

5
An example of the Enterprise Challenge..

• HP Unlocks the Printable Web for Millions of
  Internet Users
• SAN FRANCISCO, Oct. 17, 2007 HP today announced
  new relationships and print capabilities with
  several major web properties including
  Disney.com, Windows Live Spaces, Flickr and the
  Graffiti Application for Facebook to make it
  easy for people to print relevant, customized
  content from the web.
• The relationships, the latest development in HPs
  Print 2.0 strategy, will offer Internet users new
  and enhanced printing options to control what
  they print and how they print it.
• In September alone, there were more than 267
  million visits to these partners sites.(1) Each
  visit represents an opportunity to provide an
  improved customer experience as well as to
  merchandise digital content in new and compelling
  ways.
• To enable these experiences, HP is using Web 2.0
  technologies such as those developed by Tabblo, a
  company HP acquired in March. HP unveiled its
  strategy to improve web printing in May and
  announced new partners and tools in August. To
  date, the company has print-enabled a variety of
  leading websites, from entertainment to travel.
• Source http//www.hp.com/hpinfo/newsroom/press/20
  07/071017xb.html

6
The Enterprise Challenge

• Enterprises need a holistic IDM strategy, process
  and tool,
• that effectively interfaces identity across a
  diverse set of
• communities and domains
• Allow the user be reliably identified
• User can use an identity they already have
  created anywhere
• Use this to provide a personalized service to a
  broader audience
• High barrier of entry for certain low sensitivity
  applications
• Time and cost for integrating MA

7
What is the industry IDM Evolution
IDM 1.0
IDM 2.0

• IDM 1.0
• Reducing cost of managing fragmented identities
  while retaining high level of trust
• Evolving from identity application silos to a
  reduced SSO for the enterprise
• Cost Reduction
• Federation for trusted enterprises
• IDM 2.0
• User Centric approach to Identity Management
  Users creating and maintaining identity and
  claims (i.e., the IP of identity)
• User Control Choosing which identity credentials
  to present in response to an authenticating or
  attribute request
• User Consent User can always control or deny
  whether info about them is released
• IDM 2.0 provides functionality capabilities not
  in IDM 1.0 not a superset of federation

8
What are the typical goals of Enterprise IDM
2.0?
Customer IDM 1.0
2.0 User centrism

• Strong driver to extend to reach to communities
  to generate additional revenue and reduce by
  selling products services and eliminating the
  barrier for registration and identity
• 1. A horizontal identity management solution that
  allows identity to be effectively interfaced
  portable across domains and communities
• 2. Allow users to create and maintain identity
  Make it easy for customer to interact with web
  2.0 communities and beyond
• 3. Lightweight identity solution that reduces
  barriers of entry to other communities, but also
  within HP
• Provide a low barrier of entry for certain low
  sensitivity applications
• Provide a quicker and secure identity management
  solution for MA

9
Enterprise Customer IdM 2.0

• The challenge extending reach beyond the captive
  domain into new and diverse communities

Unknown
Less-known
Known
Cultivated Communities
Captive Users
External
Communities Blogs
Customers Partners
External Communities
10
What are the IDM themes around extending global
reach?

• Overall strategy is to market products and
  services to communities beyond the current
  captive domain
• Allow the user be reliably identified
• User can use an identity they already have
  created anywhere
• Use this to provide a personalized service to a
  broader audience
• Make it easy for customer to interact with
  enterprise communities and beyond
• Provide a low barrier of entry for certain low
  sensitivity applications
• Provide a quicker and secure identity management
  solution for MA

11
Lightweight Idm solution

• Provide a lightweight identity architecture
  approach that is simpler, cheaper and faster for
  integration.
• Reduces barriers of entry for MA
• Added on but does not replace core HP IDM 1.0
  capabilities
• May mask some levels of back end fragmentation
• Trust for highly sensitive content is an issues
• The model of an enterprise being its own RP and
  masking OpenID needs to be considered

Enterprise Idm Solutions
B2C
B2B
Partners
Open ID provider, or other solutions
Enterprise .com assets
12
Choosing the right tool for the problem

Cultivated Communities
Captive Users
External
Customer IDM 2.0 Possible Solutions
IDs portable across domains and communities
Core 1.0 IDM
User Centric for low sensitivity
applications User Centric Path (ii.e. Open ID,
Cardspace, others TBD)
Enterprise open ID provider or others
solutions
Federations for pair wise Enterprise IDM
Communities Blogs
Customers Partners
External Communities
13

• Back-up slides

14
Authentication and Trust 2.0 Example of ONE
technology
3. Type in Open ID credentials (URL) when logging
on to web site
5. User gives consent on what ID to share
OpenID
4. Web Site redirects user back to Open ID
provider with credentials to log in
Validator URL


1. User declares identity with open ID provider
Authentication Protocol
Replying Party Web Site)
User
Password, Validator URL


User Centric User Control User Consent Self
Declared Identity
2. Establishes Open ID credentials (URL) For
User
IdentityProvider
15
Cultivated and External Communities

• External to your captive community - these
  communities represent to a significant
  opportunity to increase your global reach
• Communities that are for shared interest
  represents community thought leadership that goes
  beyond an individual
• Typically a minimal set of information exits that
  users claim
• Bridging identity into these domains removes key
  barriers of entry
• Registration abandonment
• ID fatigue among users
• Expensive to maintain a shared IdM (e.g.
  federation) infrastructure for these types of
  users

16
What is the Customer IDM State?

• Customer IDM .5 Identity Silo
• Each application is doing its own identity
  management
• Massive fragmentation
• Customer experience is broken
• IDM 1.0 Reduced Sign On and Federation
• Horizontal idm solution
• Customer experiences reduced sign on
• Risk Mitigation and cost benefit
• Federation offering in Managed Services