Implementation: Single European Market for eidentity

Transcription

1 Implementation: Single European Market for eidentity January 16th 2014 Berlin Dr. Kim Nguyen, Chief Scientist Security (Bundesdruckerei GmbH) & Managing Director D-TRUST GmbH Intern/Vertraulich 1

2 eidentity means strong authentication/identification suitable for ecommerce/egovernment applications providing a strong link to an officially verified identity (HW) token based 2

3 Do we need this? 3

4 Do we need this? Yes, we do 4

5 Do we need this? Yes, we do 5

6 EINFÜHRUNG? Passwords i.e. identities are stolen on a most daily basis!! 6

7 EINFÜHRUNG? Security is typically not an accepted part of the features Security 7

8 These were the slides I used to present a year ago 8

9 EINFÜHRUNG? New topic: consider the country in which the service is provided 9

10 Single EU market for eidentity Technical Interoperability Legal Acceptance User acceptance & -experience 10

11 IAS: CURRENT SITUATION EU Signature directive 1999/93/EC dated No legal acceptance of QES within EU crossborder Mature standards (CEN and ETSI) No legal framework within EU for eid Different implementations of eid across Europe Large Investments of both EU member states and EU industry 11

12 Single EU market for eidentity Technical Interoperability Legal Acceptance User acceptance & -experience 12

13 13

14 Single EU market for eidentity Technical Interoperability Legal Acceptance User acceptance & -experience 14

15 SITUATION TODAY Many member states have already introduced eid technology supporting various use cases CENTRAL GOVERNMENT ONLINE SERVICES LOCAL GOVERNMENT ONLINE SERVICES Citizen BUSINESS ONLINE SERVICES NON PROFIT ORGANISATION ONLINE SERVICES 15

16 SITUATION TODAY: SEPARATED E-ID INFRASTRUCTURE Citizen Citizen Citizen Citizen Citizen 16

17 AIM: INTEROPERABILITY OF NATIONAL SOLUTIONS Citizen Citizen Opportunities for public and private sector Citizen Citizen Citizen 17

18 INTEROPERABILITY REQUIREMENTS There is no common single eid specification valid for the EU Several different implementations are already in place and operating We need central translation services We need to acknowledge that different trust levels exist in the implemented eid solutions 18

19 DIFFERENT TECHNOLOGIES, BUT ONE UNIFYING APPROACH Middleware approach Proxy approach (Server) S-PEPS V-IDP (Virtual- ID-Provider) MS B MS A (Citizen) C-PEPS MS spezifisch MS D MS C 19

20 SOLUTION APPROACH Middleware approach MS B MS A V-IDP (Virtual- ID-Provider) direct SP connector AT MOA ID V-IDP S-PEPS (V-SP) (MS B spezifisch) Modular Authentication Relay Service DE eid Service C-PEPS connector Proxy approach possible extensions possible extensions (Server) S-PEPS (Citizen) C-PEPS MS spezifisch MS D MS C 20

21 SOLUTION APPROACH IN DETAIL (MARS) direct SP connector V-IDP (V-SP) S-PEPS (MS B spezifisch) possible extensions DE eid Service Modular Authentication Relay Service AT MOA ID C-PEPS connector possible extensions national C-PEPS Configurable like LEGO... 21

22 Single EU market for eidentity Technical Interoperability Legal Acceptance User acceptance & -experience 22

23 OUR TECHNOLOGY YOUR PROBLEM?????? 23

24 OUR TECHNOLOGY YOUR PROBLEM Crossborder identification and authentication services and eservices are already existing, they are already functioning und are used daily by millions of people all over the world 24

25 OUR TECHNOLOGY YOUR PROBLEM What users experience today: 25

26 BRIDGING THE ID WORLDS Proprietary ID systems, e.g. username/ password, AppleID, propriatory token Governmental eid solutions Typically, NO interaction between these two worlds exist for the user 26

27 BRIDGING THE ID WORLDS Proprietary ID systems, e.g. username/ password, AppleID, proprietory token Governmental eid solutions The future of eid lies within controlled connection between both worlds, e.g. for special use cases (unblocking of accounts, age verification etc) 27

28 BRIDGING THE ID WORLDS: PROVIDING VERIFIED IDENTITIES Service Provider 2. ID request: Confirmation of official ID requested 4. Authentification Using SAML/internationally accepted and standardized exchange protocol IDP (Identity Provider) 1. Service request: Using conventional authentification methods USER 3. Verify ID: Using various ID sources and verification methods 28

29 For the eid world we have to acknowlegde, that other authentication systems are already existing and are widely used We have to find the right / complementary use cases where BOTH systems need to interact This relates especially to administrative use cases like registration, account set up, account unblocking For the operation of governmental eid solutions we need to provide a seamless integration into other proprietory systems in order to gain acceptance 29

30 Do not forget the user! 30

31 THANK YOU FOR YOUR ATTENTION! 31

32 DISCLAIMER Dr. Kim Nguyen Bundesdruckerei GmbH / D-TRUST GmbH Oranienstr Berlin kim.nguyen@bdr.de Telefon: +49(0) Hinweis: Diese Präsentation ist Eigentum der Bundesdruckerei GmbH. Sämtliche Inhalte auch auszugsweise dürfen nicht ohne die Genehmigung der Bundesdruckerei GmbH vervielfältigt, weitergegeben oder veröffentlicht werden. Copyright 2013 by Bundesdruckerei GmbH. 32