Livecommunity powered by sixgroups.com
  ABOUT MASHUP CAMP WIKI BEST MASHUP CONTEST NEWS SPONSORS CONTACT TV BLOG WHO'S COMING?

IdentityManagement

From MashupCamp

Jump to: navigation, search

Up: ProposedSessions

[edit]

Description

JohannesErnst ( NetMesh) was one of the first to step forward to say that identity management is a must have discussion. But there were others including SAIC's HartRossman and Zachary Tumin (fstc.org) who see indentity and security being key to their constituencies. What happens, for example, if a mashup leverages APIs from different providers who are using completely different and incompatible identity management systems, who want to control access to the data behind the API or need to enforce a business model for it? Identity may also play a critical role in the mashup idea. Beyond identity, there are other key areas of information assurance that will need to be addressed in Mashups: Confidentiality, Integrity, Availabilty, Audit, Incident Response, and of course– secure composibility frameworks. Additionally, all good identity management and security discussions can't be considered complete without addressing the privacy implications ;)

[edit]

Interested

  1. ChrisRadcliff, EVDB
  2. JohannesErnst, NetMesh
  3. ChrisDent
  4. HartRossman
  5. SandyKemsley
  6. JarrodLombardo
  7. JohnBeatty
  8. RainesCohen
  9. JohnMount
  10. EleanorKruszewski
  11. AndrewFitzhugh
  12. DaveNielsen, StrikeIron
[edit]

Some subjects to talk about

  • How do we represent people in a Mashup? How can we tell whether two data sources refer to the same or different people?
  • How can we mash-up people, or properties about people? For example, the sign-up page on this wiki lists people, and some (few) attributes, e.g. company they work for. That's a manual mash-up, isn't it: multiple people on the same page. Can one automate this so we have to edit less and it is self-updating?
  • How can an API enforce a business model? It seems, the API first needs to know who is invoking it.
  • How can the identity of the user (not the mash-up developer) propagate through to the underlying APIs? This is needed if the API provides different data to different users (say, Amazon wish list)
  • How can we get beyond the initial inclination to focus on identity management and access control as the sole capability necessary for safety and security? That's like saying keyless entry systems are the only useful safety/security feature on a car (and discounting previous mechanisms like actual car keys; not to mention airbags, seatbelts, crumple zones, modern composite materials, and management/monitoring systems like OnStar). We also have to consider the notion that perfection is the enemy of "good enough". In other words, how much confidence do we need to have in an identity management system in order to consider it sufficient for use in Mashups?
  • How does the nature of incident response change in a Mashup? What are the implications for accountability in a breach of privacy or security?

===Notes from Identity Management

Retrieved from "http://www.mashupcamp.com/wiki/index.php/IdentityManagement"