Download publication

Future of digital identity for SURFnet
Project
: GigaPort3
Projectyear
: 2013
Projectmanager
: Remco Poortinga – van Wijnen
Authors (s)
: Maarten Wegdam, Bob Hulsebosch, Martijn Oostdijk, Timber Haaker
Releasedate
: 17 december 2013
Version
: 1.1 final
Summary
This report is the extended summary of a study that Novay did for
SURFnet on the value-adds that SURFnet (or the SURF family) can
provide the coming 3 to 5 years in the area of digital identity. This
study helps SURFnet to make choices on which value-adds to pursue,
and where to invest innovation budgets in.
We assume the reader is familiar with the state-of-the-art in digital
identities and current services from SURFnet. Determining which SURF
family member is most suited for a certain value-add is out of scope for
this report. Therefore, when this report refers to SURFnet one could
also read “SURFnet or another member of the SURF family”
This publication is licensed under Creative Commons “Attribution 3.0 Unported”.
More information on this license can be found at http://creativecommons.org/licenses/by/3.0/
COLOPHON
Programme line
: GigaPort3
Part
: SI-Infra
Activity
: Next generation Trust Infrastructures and Skunk works
Deliverable
: 2013-401-d1 The Future of Identity – studying the changes in the
federated identity and privacy landscape
Access rights
: Public
External party
: Novay
This project was made possible by the support of SURF, the collaborative organisation for higher
education institutes and research institutes aimed at breakthrough innovations in ICT. More
information on SURF is available on the website www.surf.nl.
ii
SIX MATTERS ONE SHOULD KNOW ABOUT FUTURE OF IDENTITY.
Scenario
The area of digital identity and (federated) identity management is diverse
and continuously changing. To ensure the (continuing) usefulness of
SURFnet’s services in the area of digital identity in the near future for its
constituency, Novay was asked to study the value-adds that SURFnet (or
the SURF family) can provide the coming 3 to 5 years in the area of digital
identity.
What is it?
This report provides the extended summary of the findings of the study
Novay did, highlighting main trends and possible value-adds.
Who is it for?
Although initially intended for SURFnet, the outcome may also be of
interest to other NRENs providing services in the area of digital identity, or
to readers with a general interest in developments in digital identity.
How does it work?
N/A
What can one do
with it?
Information from this report may be useful for determining the focus of
innovation in the (short to middle term) future.
More information
[email protected]
iii
PAGE INTENTIONALLY LEFT BLANK
iv
MANAGEMENT SUMMARY
This report presents the outcome of a study on the potential value-adds that SURFnet can provide
in the area of digital identity for the coming 3 to 5 years. Digital identity includes but is not limited
to identity federation. The reason to do this study is to help SURFnet to make choices on which
value-adds to pursue, and where to invest innovation budgets in. Central to the approach is a
series of workshops and interviews with internal and external experts and stakeholders, to get a
wide range of inputs on what relevant technologies, customer demand and value-add for SURFnet
could be. The outcome of the study is:
•
Identity federation: here to stay and new features are needed – identity federation is a current
flagship service for SURFnet. It will remain a value-add for SURFnet, and the study resulted in
a list of possible new features to increase the value-add.
•
eID stelsel NL: use, possibly interfederate but do not replace SURFconext – The eID Stelsel NL
is a relatively new initiative from the Dutch government to integrate various eID solutions,
including DigiD and eHerkenning. Even though it is not clear if, how, and when eID stelsel NL
will become a reality, this is a potential major development in the Netherlands. The outcome of
the study is that eID stelsel NL is unlikely to be a suitable replacement for SURFnet’s own
identity federation the coming 3 to 5 years. Using eID stelsel NL for verification, however, is an
obvious opportunity, and inter-federation with SURFconext may be possible.
•
Identity-related technologies: what opportunities to select? – There are new technologies in
various stages of maturity that SURFnet could use to create a value-add. Criteria, besides the
obvious customer demand, are that i) technology is able to combine the - often contradicting requirements of security, privacy and enablement/convenience and ii) if a technology can be
deployed because of the combination of services that SURFnet offers, e.g., DNS and
certificates. Technologies that came out of the study are:
o
Certificate pinning: DANE but possibly also others
o
Anonymous credential systems: go beyond smartcards and explore use-cases
o
Facilitate a trusted trail for (raw) research data
•
Privacy: go beyond checklists, provide support and maybe services/software – SURF(net)
already works on privacy as a focus point, chiefly by empowering its customers by educating
them on what they could, should, shouldn’t and must do. However, SURFnet could choose to
do more than provide these checklists and reports, especially SURFnet can provide actual
personnel to help its customers. A third possible value-add is to also provide privacy-related
services. Whether or not to provide value-add beyond the current checklists, reports and
education is mostly a strategic choice, and not only for SURF(net), but also for its customers.
•
Rich & trusted attributes in a connected world: a new value-add for SURFnet – In a
hyperconnected world there is much more value in personal information than the relatively ‘low
level’ information exchange currently facilitated by SURFnet’s identity federation. The role of
SURFnet could be to facilitate this by being a broker for this trusted exchange of rich attributes.
In addition, there could be a role in defining and/or adoption of standards relevant for research
& education.
v
Table of Contents
COLOPHON ............................................................................................................................. II SIX MATTERS ONE SHOULD KNOW ABOUT FUTURE OF IDENTITY. .......................................................... III MANAGEMENT SUMMARY ........................................................................................................ V EXTENDED SUMMARY .............................................................................................................. 1 READING GUIDE ........................................................................................................................................................................ 1 THE MAIN TRENDS .................................................................................................................................................................... 1 CATEGORIES OF POSSIBLE VALUE-‐ADDS ............................................................................................................................... 2 IDENTITY FEDERATION: HERE TO STAY AND NEW FEATURES ARE NEEDED ................................................................. 3 SHORTER-‐TERM & CLEAR VALUE-‐ADDS RELATED TO IDENTITY FEDERATION ............................................................... 3 STRATEGIC & NO-‐CONSENSUS VALUE-‐ADDS RELATED TO IDENTITY FEDERATION ....................................................... 4 NEEDS RESEARCH & LONGER-‐TERM VALUE-‐ADDS RELATED TO IDENTITY FEDERATION ............................................. 5 EID STELSEL NL: USE, POSSIBLY INTERFEDERATE, BUT DO NOT REPLACE SURFCONEXT ........................................ 6 IDENTITY-‐RELATED TECHNOLOGIES: WHICH OPPORTUNITIES TO SELECT? ................................................................. 7 PRIVACY: GO BEYOND CHECKLISTS, PROVIDE HELPERS AND MAYBE SERVICES/SOFTWARE ...................................... 8 RICH & TRUSTED ATTRIBUTES IN A CONNECTED WORLD: A NEW VALUE-‐ADD FOR SURFNET ................................. 8 CONCLUDING REMARKS ........................................................................................................................................................... 9 ACKNOWLEDGEMENTS ............................................................................................................................................................ 9 vi
EXTENDED SUMMARY
The recently published report “25 years of innovation”1 shows that innovation projects from
SURFnet and its partners have resulted in reliable and innovative ICT services for higher education
and research. An important area of innovations for SURFnet is collaboration infrastructures, which
includes an identity federation that SURFnet operates. This identity federation, SURFconext, is a
flagship service for SURFnet. Looking to the future, the value-add of SURFnet in the area of digital
identity may be in other services than running an identity federation, however.
This report presents the outcome of a study on the potential value-adds that SURFnet can provide
in the area of digital identity for the coming 3 to 5 years. Digital identity includes but is not limited
to identity federation. To quote the aforementioned report on 25 years of innovation: “SURFnet’s
innovations are driven by technology combined with customer demand”. But what will be the
relevant technologies? And what will be the customer demand? The approach we took is to first
analyse trends in the area of digital identity, and then to analyse possible value-adds that SURFnet
can provide based on these trends. Central to the approach was a series of workshops and
interviews with internal and external experts and stakeholders, to get a wide range of inputs on
what relevant technologies, customer demand and value-add for SURFnet could be. The outcome
of this study will help SURFnet to choose what innovations to invest in for the coming 3 to 5 years.
READING GUIDE
We assume the reader is familiar with the state-of-the-art in digital identities and current services
from SURFnet. In this report it is out of scope if another SURF family member may be more
suitable to provide a certain value-add. Therefore, when we refer to SURFnet one could also read
“SURFnet or another member of the SURFnet family”.
THE MAIN TRENDS
To be able to analyse possible value-adds for SURFnet, we distinguish ten main trends that are
relevant for digital identity in higher education and research. These are depicted below, where
arrows indicate that one trend influences another. For some trends we make explicit that it is an
on-going trend, e.g., “more mobile”. Others are new, for example: “government controlled eID that
can also be used by non-government organizations (consumer-2-business, business-2-business)”,
but the outcome of which is less clear.
1
SURFnet, 25 years of innovation, 2013,
http://www.surf.nl/binaries/content/assets/surf/en/2013/201309_report_25yearsinnovation_surfnet.pdf
FUTURE OF IDENTITY
PAGE 1
Figure 1: Ten main trends in digital identity for higher education and research.
CATEGORIES OF POSSIBLE VALUE-ADDS
We use these ten trends to motivate possible value-adds that SURFnet can provide. We grouped
these value-adds into five categories:
1.
2.
3.
4.
5.
Identity federation
eID stelsel NL, which is the new initiative for a government controlled eID framework in the
Netherlands
Identity-related technologies
Privacy
Rich & trusted attribute exchange
We discuss these five categories at different levels of detail; especially the identity federation
category is discussed in more detail since the study resulted in a relatively long list of new features
that can be considered for the current flagship service.
PAGE 2
FUTURE OF IDENTITY
IDENTITY FEDERATION: HERE TO STAY AND NEW FEATURES ARE NEEDED
A main question for this study was if within 3 to 5 years operating an identity federation is still a
relevant and innovative service for SURFnet. The short answer is yes. And while five years ago,
when Novay helped SURFnet to make a roadmap for the SURFfederatie , the hub-and-spoke model
was a major area of discussion; this is less the case now2 . The trend appears to be more towards
hub-and-spoke federation models and/or use of proxies for specific purposes than to fully meshed
models3.
There are several opportunities for value-adds directly related to identity federation, which typically
mean new features for, or changes to, the federation. Figure 2 below divides these into three subcategories.
Figure 2: Further categorization of possible value-adds related to identity federation.
SHORTER-TERM & CLEAR VALUE-ADDS RELATED TO IDENTITY FEDERATION
Shorter-term features which combine a clear need with a (relatively) clear view on how to
implement them are:
-
Multiple levels of assurance: well-defined and step-up – Cybersecurity is becoming more
important, combined with more sensitive SaaS applications and importance of privacy means
that the identity federation should offer higher levels of authentication assurance. To balance
security with convenience, this should be multiple and well-defined levels (contrary to only
higher levels). SURFnet’s value-add can be to define these levels (technology and process),
and provide services to facilitate this. SURFnet is already working on a Step-up-authenticationas-a-Service to address this.
-
Federation to mobile and other native applications: OAuth, inter-app and application specific
passwords – SAML WebSSO is not a mobile-friendly protocol, and the identity federation needs
to be able to connect to mobile and other native apps in another way. SURFnet has done
several studies how to solve this, and OAuth2 is an obvious candidate. In addition inter-app
communication solutions that support single sign-on and application-specific passwords can be
considered.
-
Bring your own authentication: less tokens and use social login and mobile as authentication
means – Although Bring-your-own-Identity is a trend, converging to “a single trust
framework/federation to rule them all” is not likely to happen any time soon. Authentication
solutions can be re-used however, between federations and silo-identities to reduce the
2
E.g. in case of large amounts of local logins a mesh model has benefits and a hybrid proxy/mesh model could be considered.
3
See e.g. the (teaser) for the Forrester report “Brokered Cloud Identity Is Scaling New Heights” (Eve Maler a.o., October 2013).
FUTURE OF IDENTITY
PAGE 3
amount of tokens that someone has to carry and passwords they have to remember4. SURFnet
is already taking this route in the design of Step-up-authentication-as-a-Service and the
replacement of SURFguest. The latter could become a pattern on how social login can be used,
possibly also for different use-cases. This pattern is that social login is basically used as an
authentication means (i.e., username/password), without relying on the attributes that are
provided (with email address as a possible exception). The benefit is that people do not have to
remember an additional username/password and SURFnet is not responsible for storing those.
When trusted attributes are needed then these have to be verified separately by SURFnet or a
third party. This is also the difference with a bring-your-own-identity solution, which would
include trusted attributes like name or affiliation. Additionally, users increasingly own
smartphones, which can be used as a something-you-have authentication means in a twofactor authentication solution. Mobile as a bring-your-own authentication means will therefore
likely become of primary interest to SURFnet and its customers, especially for students but also
for employees.
STRATEGIC & NO-CONSENSUS VALUE-ADDS RELATED TO IDENTITY FEDERATION
A second sub-category of possible value-adds has, compared to the value-adds listed above, a
more strategic character and lacks clear consensus among experts and stakeholders whether or not
SURFnet should prioritize these:
-
Shift control from institutes to users – The trend analysis makes clear that users are becoming
more in control and will have a more “loosely coupled” relationship with their institutions than
in the past. For example, users will choose what hardware and which cloud services they use,
contrary to an IT department. This control shift paradigm impacts the identity federation, which
in its current implementation is more identity provider (or institution) centric. Also, on-going
efforts such as the Code of Conduct for service providers do little to empower users. An
example is that users cannot decide who they want to trust, which attributes to share and what
services they can use, this is up to identity providers (and service providers). There may be
(lawyers at) institutes that are worried about legal implications of giving users more control,
but it is likely that if users do not get more control, they will find ways around the identity
federation, for example by relying on social logins. A more user-centric implementation would
empower users through self-service to quickly decide whom (not) to trust. Examples are that
the user (contrary to an identity provider) decides which service provider to trust with his or
her attributes, or a trusted employee that is empowered to vouch for the identity of another
and unknown user to enable this user to use some service.
-
Harden the federation and especially the hub – Increasing importance of cyber security
combined with increasing dependence on the identity federation because of its success, means
that the federation is increasingly a security risk. Above we already discussed levels of
assurance, but here we refer to confidentiality, integrity and availability of the federation as a
whole. The federation hub is especially vulnerable here. A successful attack can cause major
damage to the reputation of SURFnet and cause major business continuity issues. A choice is
whether or not to pro-actively harden the hub. This includes improving resilience to distributed
denial of service attacks, adding more monitoring capabilities to detect misuse (including
anomaly detection), and improving business continuity during e.g. upgrades. Also on the
organizational side it is a choice whether or not to invest in additional security measures like
the security at the identity providers (audits, incident management, governance). The first step
would be to perform a risk assessment and consider different counter measures on their
implications.
-
A second high-security federation – In general there is a trade-off between security and
convenience. This convenience has two sides: ease-of-use for users (e.g. no dedicated
software needed on client devices) and for connected parties (e.g., easy to connect to the
hub). The current federation balances this, typically favouring convenience over security since
for most use-cases convenience is considered more important. However some institutions,
including academic/teaching and other hospitals, have significantly higher security
requirements, at least when it comes to patient health data (e.g., NEN75105). Although we did
not explore this in much detail, we believe there is a possible value-add to better cater for
these customers, which may mean introducing a second, higher-security, federation. The first
4
Of course, in a secure manner without more than one organization having access to the same password.
5
NEN7510 is a Dutch standard for information security in healthcare, see http://www.nen7510.org/
PAGE 4
FUTURE OF IDENTITY
step would be to further explore the need and implications.
-
Make the federation itself more privacy sensitive – The federation itself is a privacy risk due to
its proxy architecture that allows it to track which users log in at what service provider and to
see what attributes are shared with it. Although there was no consensus between the experts
and stakeholders that contributed to this study whether this is a major concern and/or
potential value-add of SURFnet, we mention it here as a strategic choice. A typical example is
to carefully consider what log data to store and how long, since this includes a lot of personal
data which can be hacked or misused6. A second example is to encrypt the attributes so the
proxy cannot inspect them.
NEEDS RESEARCH & LONGER-TERM VALUE-ADDS RELATED TO IDENTITY FEDERATION
The third sub-category of possible value-adds related to identity federation are those for which it is
less clear if they are feasible, may require more research or will not be realized on a shorter term
(e.g., not next year):
-
Internationalizing trust, but first do ‘plumbing’ – In both research and education the increasing
need to federate beyond the Netherlands is clear. To do this requires not only what we call
here plumbing, but also trust and agreement on policies between all parties. Plumbing refers to
connecting identity providers and service providers (configuration, meta-data discovery etc).
There has been quite some effort on large-scale international federations over the past years,
especially on inter/confederation (eduGAIN). eduGAIN is successful in connecting NREN
federation operators, but actual usage is limited. A major reason for this is that agreeing on
policies and creating trust between all parties involved (identity providers, service providers,
users, federation operators) on such a large scale is very difficult. Although eduGAIN does
more than plumbing, especially through the introduction of a ‘Code of Conduct’7 for Service
Providers, we do not expect this to sufficiently address the wider trust issues between all the
different parties. An approach to handle this is to separate the challenge of connecting identity
providers and service providers, a.k.a., the plumbing, from the actual establishing of trust
(a.k.a. the policies). This plumbing can be done as a mesh (with typically some form of metadata registry), as a hub-and-spoke or as a hybrid form. Once the connections are there, it
becomes easier to create different and smaller trust frameworks for specific
purposes/communities that can run on top on this plumbing. The longer-term ambition could
remain to standardize these trust frameworks, but to get there “perfect is the enemy of good”
is sound advice.
-
Cross-sector federation – Many research collaborations involve organizations that are not
universities or research institutes, i.e., they cannot connect to SURFnet’s identity federation
and thus their employees cannot use their organizational account to authenticate. Cross-sector
federation overlaps with earlier described possible value-add internationalization because it
requires ‘plumbing’ to connect identity providers at a wider scale and because it is very difficult
to scale the needed trust. It also overlaps with the possible value-add of shifting control from
institutes to users, described earlier, because putting the user more in control may help to
scale the trust. Existing and often more informal trust fabrics may be re-used, e.g., in research
projects (also known as collaboration organizations), reputation and social trust (e.g., social
networks). First steps could be to select use-cases, study state-of-the-art and find ‘launching
customers’.
There are two other possible value-adds related to identity federation that we want to mention, but
do not fit very well in the categorization used above. These are phishing prevention and single
logout. With respect to phishing prevention, there is little doubt that there is a need for this, but
how to do this is less clear as was concluded in a study on trust mechanisms for server authenticity
that was conducted by Novay earlier this year8. With respect to single logout, it is clear users want
this and that it is better for security. However, how to implement this is not clear. At a minimum
SURFnet could consider how to better educate users on single logout (i.e., close all browser
windows).
6
SURFnet could also be legally forced to provide access to this log data, e.g., when a student is a suspect in a criminal
investigation.
7
Code of Conduct, http://www.geant.net/uri/dataprotection-code-of-conduct/v1/Pages/default.aspx
8
Martijn Oostdijk and Maarten Wegdam, Exploring Innovation in Trust Mechanisms, SURFnet/Novay, June 2013, Available
from: http://www.surfnetters.nl/rijswijk/doc/2013-404a-TS-NGTI-Exploring%20Innovation%20in%20Trust%20Mechanisms1.0.pdf
FUTURE OF IDENTITY
PAGE 5
EID STELSEL NL: USE, POSSIBLY INTERFEDERATE, BUT DO NOT REPLACE
SURFCONEXT
The eID Stelsel NL is a relatively new initiative from the Dutch government to integrate the various
eID solutions that citizens and companies can use to access government e-services, including DigiD
and eHerkenning. It will provide an overall framework for trusted digital identities in the
Netherlands, including consumer-2-business authentication. Part of eID stelsel NL is a more secure
DigiD, called DigiD Hoog. This is a contactless smartcard, distributed via city halls. In addition to
authentication, eID stelsel NL provides delegation (in Dutch: machtigingen) functionality, allowing
a person or organization to authorize another person/organization to act on their behalf. It also
provides basic attributes, but it is not clear at this point if these would be accessible for nongovernment organizations (and if so, which ones). Even though it is not clear if, how, and when
eID stelsel NL will become a reality, this is a potential major development in the Netherlands which
is gaining momentum.
Figure 3 below depicts the choices for SURFnet. It lists the short-term actions, and options how
SURFnet’s identity federation could relate to eID stelsel NL. There was a clear consensus among
experts and stakeholders that replacing the SURFnet identity federation with eID Stelsel NL is not a
realistic option, at least not the coming 3 to 5 years. A main reason is that it isn’t likely to address
NREN specific needs, such as certain identity attributes and internationalization. Also users may not
want to use eID stelsel NL for work-related services. Using eID stelsel NL for identity vetting
however is an obvious opportunity, and inter-federation with SURFconext may be possible.
Providing more details on the different options is premature at this point in time, given the early
stage of development of the eID stelsel NL.
Figure 3: eID stelsel NL and SURFnet’s identity federation.
PAGE 6
FUTURE OF IDENTITY
IDENTITY-RELATED TECHNOLOGIES: WHICH OPPORTUNITIES TO SELECT?
As mentioned before, SURFnet’s innovations are driven by technology combined with customer
demand. There are new technologies in various stages of maturity that SURFnet could use to
create a value-add. We first discuss which criteria could be used to select which technologies to
invest in, and then discuss specific technologies.
Of course, the main criterion is if there is an actual need for the technology. Additionally, a
technology that is able to combine the - often contradicting - requirements of security, privacy and
enablement/convenience has a plus. Identity federation is an example of a technology that
combines security with enablement. A third criterion is if a technology can be deployed because of
the combination of services that SURFnet offers, e.g., DANE since SURFnet is both a DNS provider
and a certificate authority.
Below are the technologies that came out of the study as most relevant. Some of these were also
part of the trust mechanisms study from earlier this year8 and not necessarily about identities of
persons but also (or more) about identities of machines or organizations.
-
Certificate pinning: DANE but possibly also others – Especially since the Diginotar incident it is
widely recognized that the current system of certificate authorities has its limits since a
security incident in any of the roughly 6839 certificate authorities can rapidly spread throughout
the Internet. Certificate pinning does not replace the current system, but rather improves trust
in the system by providing extra information to the end user and/or ‘machine’ about a
certificate. There are different ways to do this, including DANE, certificate transparency and
pinning in the network (for details see the trust mechanisms study8). DANE builds upon DNS to
provide extra certificate information, and is probably the most mature. SURFnet is also already
working on DANE. Certificate transparency is less mature, but may be interesting; SURFnet is
also already working on this in collaboration with other NRENs, Google and large Certificate
Service Providers in the context of a GN3+ task. Pinning in the network is an idea that came up
while doing the trust mechanisms study and there is probably the least mature. However it is
also the easiest to deploy since - contrary to the other certificate pinning mechanisms – it does
not require changes to clients. Future steps are to explore these mechanisms and assess their
feasibility.
-
Anonymous credential systems: go beyond smartcards and explore use-cases – The last few
years there have been advances in anonymous credentials, which, compared to traditional
certificate and federative identity systems, are more privacy friendly since the issuer of the
certificates cannot see which service providers the user visits and service providers cannot
track users. Examples are Idemix (by IBM) and Uprove (by Microsoft). SURFnet (and Novay)
participate in the IRMA smartcard project, which is a research project to prototype and pilot
this kind of technology. Participating in research projects to explore this technology is good for
the image of SURFnet (innovative, combine security with privacy) but especially in the external
workshop the comment was that smartcards may not be the most relevant application for
higher education and research, and that motivating use-cases are needed. SURFnet is already
addressing this by pushing for and performing research on secure alternatives to smart cards.
-
Facilitate a trusted trail for (raw) research data – There are several reasons why there is, or at
least seems to be, an increasing need to provide a trusted trail for research data, typically
using signing, time stamping etc. These reasons are the recent incidents of academic fraud in
the Netherlands, the (many) devices that produce research data (one of the ten trends
described above) and the desire for more sharing of research data. This is something SURFnet
could facilitate. The next steps could be to further explore if there is indeed a need and if so
look into existing standards and tooling.
9
Zakir Durumeric a.o., Analysis of the HTTPS Certificate Ecosystem, IMC’13, October 23–25, 2013, Barcelona, Spain.
http://dx.doi.org/10.1145/2504730.2504755.
FUTURE OF IDENTITY
PAGE 7
PRIVACY: GO BEYOND CHECKLISTS, PROVIDE HELPERS AND MAYBE
SERVICES/SOFTWARE
Even though not everyone agrees how much users actually care, the importance of privacy is an
undisputed trend. SURF(net) already works on privacy as a focus point, chiefly by empowering its
customers by educating them on what they could, should, shouldn’t and must do. However,
SURFnet could choose to do more than provide these checklists and reports, especially SURFnet
can provide actual personnel to help its customers. For example, a part-time privacy officer that is
both trusted and has dealt with similar challenges at other institutes. The market will increasingly
offer this as well, but likely these professionals are not specialized in higher education and
research, and are less trusted than someone from SURFnet. There was less consensus in the
different workshops and interviews if SURFnet should also provide privacy-related services, for
example, secure storage of personal data or as a trusted third party provide anonymisation of
personal data10. SURFnet may have, or can easily acquire, the expertise to properly run such
services compared to the institutes themselves. However, by offering such services the institutes
might feel less responsibility themselves, and it may be too risky for SURFnet. An alternative to
offering such a service is offering software that each institute can run. Whether or not to provide
value-add beyond the current checklists, reports, and education is mostly a strategic choice; not
only for SURFnet but also for its constituency.
RICH & TRUSTED ATTRIBUTES IN A CONNECTED WORLD: A NEW VALUE-ADD FOR
SURFNET
The current identity federation facilitates the exchange of personal data, but in quite a limited
manner: it is ‘low level’ information, such as name or email address and it is (mostly) at login time
only. In a hyperconnected world there is much more value in personal information11 than is
currently facilitated by SURFnet’s identity federation. This requires a trusted flow of attributes
from, to and within the R&E sector. Examples are:
-
Student John Doe successfully completed his course Cybercrime at the University of Nijmegen,
worth 4 ECTS.
A virtual life-long educational dossier.
Dutch government certifies residence status of a foreign student.
Central registry certifies that someone is a medical doctor.
These are ‘richer’ attributes or can even be complete dossiers. They have more complex semantics
than what is exchanged now in the federation. Also this information is not needed at login-time
only, but typically should be available through a back channel, which the current federation does
not facilitate or can provide user control for. Important requirements are i) that the attributes are
trusted and ii) that there is transparency and consent for users. With respect to trust it is important
that the provenance of the attributes is clear (authentic source), and also privacy law requires
transparency and traceability of personal data12. With respect to transparency and control for users
it is important that users are empowered for this and there needs to be a benefit for the users, and
not only for the service providers.
The role of SURFnet would be to facilitate the above, to be a broker for this trusted exchange of
rich attributes. In addition, there could be a role in defining and/or adoption of standards of
attributes that are relevant for the research and education sector. Note that there is already an
international initiative for sharing student data (e.g. on courses and diplomas) across international
borders, the Groningen Declaration13; it is worthwhile to investigate whether SURFnet can play a
role in facilitating the kind of data exchange envisioned by the participants in this initiative.
Possible solution directions are personal datastores (compare to Qiy14), centralized consents (like
UMA15) or a virtual dossier (in Dutch: verwijsindex, like Verwijsindex Jongeren or Landelijk
Schakelpunt).
10
An example is “Parelsnoer”, which provides anonymization for academic hospitals to be able to share medical data for
research, see http://www.string-of-pearls.org/
11
Boston Consultancy Group, The value of our digital identity, Dec 2012.
12
See Article 9 of the Wet Bescherming Persoonsgegevens.
13
See http://www.groningendeclaration.org
14
Qiy – www.qiy.nl
PAGE 8
FUTURE OF IDENTITY
CONCLUDING REMARKS
This study resulted in a long list of potential value-adds for SURFnet in the area of digital identity.
The next step for SURFnet is to prioritize a short list to invest in.
At the start of the study we considered the possibility that SURFnet’s identity federation may
become less relevant the coming 3 to 5 years, but the outcome of the study is that it will remain a
flagship service for SURFnet. The study also resulted in a list of new features that SURFnet can
consider, including confirmation that some ongoing innovations for or related to SURFnet’s identity
federation indeed will provide a value-add (step-up authentication as a service, federating mobile
apps).
With respect to eID stelsel NL there is potential, but the consensus is that there remains value-add
for a federation for higher education and research. Considering the potential, eID stelsel NL
deserves attention from SURFnet (and higher education and research in general).
With respect to identity-related technologies the study confirmed that certificate pinning
technologies (DANE, certificate transparency and pinning in the network) are relevant for SURFnet.
Facilitating a trail of (raw) research data however is a possible value-add that was not already
considered by SURFnet.
With respect to privacy the outcome is that there appears to be a need with institutes for expertise
and/or services, but it is more of a strategic choice if and what role SURFnet (or SURF in general)
wants to play here (services and/or organizational/personnel).
Possible the biggest ‘new’ value-add that came out of the study is a role for SURFnet as
facilitator/broker for the exchange of rich and trusted attributes. There is a lot of potential value
here for all stakeholders and SURFnet can ensure that this value is realized in a privacy-sensitive
and user-centric manner.
ACKNOWLEDGEMENTS
Quite a lot of experts and stakeholders provided input to this report during one of
sessions/workshop or because we interviewed them. This is an incomplete list of persons: Dave
Kearns, Serge van den Boom, Hans van Looy, Maarten Stultjens, Klaas Wierenga, Alf Moens, Evert
Jan Evers, Stefan Suurmeijer, Gertjan Filarski, Ronald Dekker, Meine Veld, Hans Zandbelt,
Victoriano Giralt, Ken Klingenstein, Diego Lopez, Harold Teunissen, Niels van Dijk, Pieter van der
Meulen, Roland van Rijswijk - Deij, Erik Huizer, Floor Jas, Alexander Blanc, Eefje van der Harst,
Joost van Dijk.
Remco Poortinga - van Wijnen was our main contact at SURFnet for this assignment and provided
input during all phases of the work.
15
User Managed Access – http://kantarainitiative.org/confluence/display/uma
FUTURE OF IDENTITY
PAGE 9

Download Report