The Nordic Business Lifecycle Pilot



Similar documents
Server based signature service. Overview

Introduc)on to STORK2.0 project

E-SENS Baltic & Nordic Area Meeting April 23nd Sweden s participation ESV

LEGAL FRAMEWORK FOR E-SIGNATURE IN LITHUANIA AND ENVISAGED CHANGES OF THE NEW EU REGULATION

DS : Trust eservices. The policy context: eidas Regulation

VOPaaS Virtual Organisation Platform as a Service

IAM Application Integration Guide

TIB 2.0 Administration Functions Overview

Digital signature and e-government: legal framework and opportunities. Raúl Rubio Baker & McKenzie

CEF Building blocks. Informatics. Joao Rodrigues Frade DIGIT.B4. CEF Project and Architecture Office Directorate-General for Informatics

AAI for Mobile Apps How mobile Apps can use SAML Authentication and Attributes. Lukas Hämmerle

PKI - current and future

esignature building block Introduction to the Connecting Europe Facility DIGIT Directorate-General for Informatics

T his feature is add-on service available to Enterprise accounts.

Agenda. How to configure

Securing Identities & Trust

Only LDAP-synchronized users can access SAML SSO-enabled web applications. Local end users and applications users cannot access them.

DocuSign Information Guide. Single Sign On Functionality. Overview. Table of Contents

Ericsson Mobile digital identity

TrustedX: eidas Platform

Cyber Security Test-bed TDL Download Corner. Achieving The Trust Paradigm Shift ATTPS. Arthur Leijtens, Daan Velthausz, Bicore, April, Brussel

Cartão de Cidadão: Autenticação de Papéis do Cidadão

Boosting Productivity and Innovation Through. Public Sector Compliant Cloud Services

IBM Tivoli Federated Identity Manager V6.2.2 Implementation. Version: Demo. Page <<1/10>>

Implementation Guide SAP NetWeaver Identity Management Identity Provider

Global eid Developments. Detlef Eckert Chief Security Advisor Microsoft Europe, Middle East, and Africa

Get Success in Passing Your Certification Exam at first attempt!

CA CloudMinder. Getting Started with SSO 1.5

Rolling out eidas Regulation (EU) 910/2014. Boosting trust & security in the Digital Single Market

eidas as blueprint for future eid projects cryptovision mindshare 2015 HJP Consulting Holger Funke

SAML Federated Identity at OASIS

SAML Security Option White Paper

How To Use Saml 2.0 Single Sign On With Qualysguard

Enhancing Web Application Security

Configuring Single Sign-on from the VMware Identity Manager Service to AirWatch Applications

OIX IDAP Alpha Project - Technical Findings

Quality Authenticator Scheme

Safewhere*Identify 3.4. Release Notes

Copyright: WhosOnLocation Limited

Configuring EPM System for SAML2-based Federation Services SSO

HOTPin Integration Guide: Salesforce SSO with Active Directory Federated Services

OpenLogin: PTA, SAML, and OAuth/OpenID

The Open PEPPOL e-id & e-signature

GrIDP: Grid IDentity Pool Federation

Big Data and Society: The Use of Big Data in the ATHENA project

Identity Management: The authentic & authoritative guide for the modern enterprise

Authentication Context Classes for Levels of Assurance for the Swedish eid Framework

Federated Identity Management and Shibboleth. Noreen Hogan Asst. Director Enterprise Admin. Applications

January 2015 Copyright 2015 GSM Association

Integrating Multi-Factor Authentication into Your Campus Identity Management System

Step-by-Step guide for SSO from MS Sharepoint 2010 to SAP EP 7.0x

Apache Milagro (incubating) An Introduction ApacheCon North America

Single-Sign-On between On-Premises and the Cloud: Leveraging Windows Azure Active Directory to authenticate custom solutions and Apps

Submitted to the EC on 03/06/2012. COMPETITIVENESS AND INNOVATION FRAMEWORK PROGRAMME ICT Policy Support Programme (ICT PSP) e-codex

Trusted e-id Infrastructures and services in EU

SAP NetWeaver Single Sign-On. Product Management SAP NetWeaver Identity Management & Security June 2011

Software Design Document SAMLv2 IDP Proxying

Identity Federation: Bridging the Identity Gap. Michael Koyfman, Senior Global Security Solutions Architect

Agenda. The Digital Agenda for Europe Instruments to implement the vision EC actions to promote ehealth interoperability

COMMISSION OF THE EUROPEAN COMMUNITIES

About Me. Software Architect with ShapeBlue Specialise in. 3 rd party integrations and features in CloudStack

Negotiating Trust in Identity Metasystem

BMC Software Webinars 2013 Atrium Single Sign On (Atrium SSO)

DocuSign Single Sign On Implementation Guide Published: March 17, 2016

Dell One Identity Cloud Access Manager How to Configure for SSO to SAP NetWeaver using SAML 2.0

Logout in Single Sign-on Systems

Making Digital Signatures Work across National Borders

New Single Sign-on Options for IBM Lotus Notes & Domino IBM Corporation

CONFIGURATION GUIDE WITH MICROSOFT ACTIVE DIRECTORY FEDERATION SERVER

Configuring SAML2 for Single Sign On to Smartsheet (Enterprise Only)

Transcription:

e-sens Electronic Simple European Networked Services ICT 2015 - Innovate, Connect, Transform Lisbon, October 20-22, 2015 The Nordic Business Lifecycle Pilot presented by Hans Ekstål Stefan Santesson Dörthe Koerner

Conversion of EID Swe-Nor

Time line perspective LSP/CEF/ISA

Overall goal and objectives A smart sustainable and inclusive economy Stimulate cross-border mobility within the Business lifecycle domain. Promote SMEs growth Once only Digital by default e-id e-signatures e-delivery e-document

The Nordic pilot Implementing eid and esign in the Point of Single Contacts WP6 Status

Demo http://esp-sp.se/home/esensmenu

Swedish esens pilot infrastructure Connects European citizens to Swedish government e- Services Allows users to authenticate their identity and sign documents using their national eid. Only requires cross-border authentication. Fully implemented demo infrastructure fully operational today. Implementing both cross boarder authentication and signing. Easy to integrate into Service Providers. Subscribing to the Swedish national eid infrastructure includes integration with Europe citizen eid:s with no additional work. Cross-border integration complexity off-loaded to national proxy service

Swedish esens Pilot Architecture IdP Core Swedish infrastructure IdP Proxy IdP eidas node SP Membership Key pair Metadata SP Signing services Metadata Discovery service AA Signature validation services SP IdP IdP SP

Obtaining relevant identity data Service providers need useful data about users through generic and country independent syntax and semantics. Service providers can t do unique integration for each citizen country. An Attribute Authority expands the attributes provided about European citizens to Swedish Service Providers with: Provisional ID. A generic identifier generated from the identity data obtained from cross-border authentication. Provisional ID quality. An indicator for the provisional ID s resilience to change over time, rated as A, B or C. Any Swedish national identifier (Swedish personal ID or Swedish coordination number) assigned to the authenticated person.

Attribute provider for national ID SP Complete set of SE attributes SE Proxy IdP STORK attributes from citizen country SE eidas node Query: Identifying subject and requesting attributes Response: with known and requested attribute values Attribute Authority Assigned national ID attribute values Swedish ID registry

The provisional ID National attribute service ID data ID data ID data ID data Provisional ID algorithms Algorithm Algorithm Algorithm Algorithm Provisional ID Quality indicator

Did the right person sign? Proxy IdPs with attribute mapping SAML Assertion According to Swedish attribute profile eidas node eidas node Authentication (Login) Problem: Is the authenticated person also the signer? Service Provider Signed document

The cross-border signing challenge Some eid:s do not provide the capability to sign a document. Having the user to sign a document locally in the citizen country introduces a wide range of problems for the service provider validating this signature in another country Different signature formats Determine trust in the signer s certificate Obtaining useful identity information about the signer that may differ considerably from the identity data of the same person obtained through cross-border authentication. Handling credential expiry and revocation status from other countries.

Federated signing Allows the user to sign documents using a signing service in the service provider country. Solves many practical problems Always the same signature format No time-stamping needed (Signature certificate issued at the time of signing). Always the same validity period Better user integrity. The document to be signed never leaves the service provider. Almost no need for certificate revocation The user identity in the signature certificate is consistent with the same user s identity through cross-border authentication All types of eid:s can be used, also eid:s with no signing capability. New information flow with signature accept and proof of sign message display and accept ensures that the user is aware that a document is being signed. WORKS TODAY NO NEW STANDARDS ARE NECESSARY.

Video - Use case Sweden => Norway WP6 Status

Thanks for your attention! And time for questions? Visit e-sens: www.esens.eu Facebook: www.facebook.com/eu.esens Twitter: twitter.com/esens_eu LinkedIn: http://www.linkedin.com/groups/eu-esens-4998775 Contact us: sens.info@lists.esens.eu

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information