Implementation: Single European Market for eidentity

Similar documents
eidas as blueprint for future eid projects cryptovision mindshare 2015 HJP Consulting Holger Funke

What is the Right Security Solution for Mobile Computing? #RSAC

COMMISSION OF THE EUROPEAN COMMUNITIES

E-Signatures and E-Procurement

FAQs Electronic residence permit

HOL9449 Access Management: Secure web, mobile and cloud access

Rich Furr Head, Global Regulatory Affairs and Chief Compliance Officer, SAFE-BioPharma Association. SAFE-BioPharma Association

Introduc)on to STORK2.0 project

Fact sheet: sa Certipost nv. Certipost Panel Presentation European Commission. Company. Activities based on 2 pillars: Clients.

Server based signature service. Overview

Guide for Securing With WISeKey CertifyID Personal Digital Certificate (Personal eid)

Study on Mutual Recognition of esignatures: update of Country Profiles Icelandic country profile

FDT for Mobile Devices

VOIP-500 Series Phone CUCM 8.0.3a Integration Guide

ICG-9 Meeting, Prague, Session 3, 11 th Nov Spectrum Monitoring applied to the Detection and Geolocation of GPS Jammers

View from a European Trust Service Provider Server Signing: Return of experience and certification strategy

Quality Authenticator Scheme

Introduction to SAML

EU Cross-border e-id & Safety Services Antonio Skarmeta Gómez Universidad de Murcia. IPv6@GOV workshop Brussels, January, 2013

Position Paper European Citizen Card: One Pillar of Interoperable eid Success

DTMs in the Cloud. FDT Developer Forum on 5th of May 2015 at Schneider Electric in Marktheidenfeld

OECD workshop on digital identity management BELGIAN approach

IBM WebSphere Application Server

DS : Trust eservices. The policy context: eidas Regulation

DIGIPASS Authentication for GajShield GS Series

Commission s proposal for a Regulation on Electronic identification and trust services for electronic transactions in the internal market

Securing Identities & Trust

D . A reliable and secure online communication platform. Armin Wappenschmidt (secunet) More information:

SPOCS - Second generation PSCs

Data Privacy in the Cloud E-Government Perspective

LEGAL FRAMEWORK FOR E-SIGNATURE IN LITHUANIA AND ENVISAGED CHANGES OF THE NEW EU REGULATION

STANDARDISIERUNG FÜR EIDAS IM MANDATE/460

ROADMAP. A Pan-European framework for electronic identification, authentication and signature

Landscape of eid in Europe in 2013

ISO/IEC for secure mobile web applications

SSLPost Electronic Document Signing

Spanish initiative to encourage the use of eid & esignature technologies in egovernment Services. Ministry of Public Administrations

Using Entrust certificates with VPN

eid and ebanking: get your bank account in Minutes through an online portal!

A Conceptual Model of Practitioner Authentication Prior to Providing Telemedicine Services in Developing Countries

IAS2. ets Market analysis

sign-me Bundesdruckerei's solution for online signatures using the new German ID card

Folder Proxy + OWA + ECP/EAC Guide. Version 2.0 April 2016

AAI for Mobile Apps How mobile Apps can use SAML Authentication and Attributes. Lukas Hämmerle

Identity Management Initiatives in identity management and emerging standards Presented to Fondazione Ugo Bordoni Rome, Italy

Guide to Obtaining Your Free WISeKey CertifyID Personal Digital Certificate on Aladdin etoken (Personal eid)

HP SAP. Where Development, Test and Operations meet. Application Lifecycle Management

PingFederate. Windows Live Cloud Identity Connector. User Guide. Version 1.0

eid/authentication/digital signatures in Denmark

European Electronic Identity Practices

NIST-Workshop 10 & 11 April 2013

Dell One Identity Cloud Access Manager How to Configure for SSO to SAP NetWeaver using SAML 2.0

Ubisecure. White Paper Series. e-service Maturity Model

Federation Proxy for Cross Domain Identity Federation

PingFederate. Salesforce Connector. Quick Connection Guide. Version 4.1

Securing ArcGIS Server Services: First Steps

CONFIGURATION AND SETUP USER GUIDE AND REFERENCE MANUAL

The role of authentication and eid interoperability in the access to scientific databases

Unifying framework for Identity management

Sicherheitsaspekte des neuen deutschen Personalausweises

Netop Remote Control Security Server

MIGRATION GUIDE. Authentication Server

Implementation Guide for. Juniper SSL VPN SSO with OWA. with. BlackShield ID

Reducing fragmentation in a scattered eid marked

Mapping security services to authentication levels. Reflecting on STORK QAA levels

JOSSO 2.4. Ws-Federation Integration Tutorial

UNI. UNIfied identity management. Krzysztof Benedyczak ICM, Warsaw University

A brief on Two-Factor Authentication

We do SAM with a smile.

SERIES A : GUIDANCE DOCUMENTS. Document Nr 3

Preparing your Domain to transfer from Go Daddy

Digital signature and e-government: legal framework and opportunities. Raúl Rubio Baker & McKenzie

New Single Sign-on Options for IBM Lotus Notes & Domino IBM Corporation

Title: A Client Middleware for Token-Based Unified Single Sign On to edugain

SAML SSO Configuration

Configuring Interactive Intelligence ININ IP PBX For tw telecom SIP Trunking service USER GUIDE

STEPS TO REGISTER YOUR PROFILE AND BOOK THE COUPON

Integrating Apex into Federated Environment using SAML 2.0. Jon Tupman Portalsoft Solutions Ltd

! #$%%& " '$%%& ( )$%%&

INTEGRATION GUIDE. DIGIPASS Authentication for F5 FirePass

SMP Security & Identity Management An Introduction

HP Software as a Service

POP3 Connector for Exchange - Configuration

Effective Contract Management

NF1Adv VOIP Setup Guide (for Generic VoIP Setup)

Configuring PPP And SIP

Web Based Single Sign-On and Access Control

Enterprise Identity Management Connie Dwyer, US EPA Steve Girt, Wyoming DEQ Luke Gentry, CGI Federal, Inc.

Secure communications via IdentaDefense

Copyright: WhosOnLocation Limited

GDP11 Student Registration Guide

Wireless Network Configuration Guide

Copyright

KIM.

EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES

Transforming and optimization of the supply chain to create value and secure growth and performance

Exchange of Documents in Europe

DIGIPASS Authentication for Sonicwall Aventail SSL VPN

Electronic Citizen Identities and Strong Authentication

Air Ambulance Technology Company Presentation

Transcription:

Implementation: Single European Market for eidentity January 16th 2014 Berlin Dr. Kim Nguyen, Chief Scientist Security (Bundesdruckerei GmbH) & Managing Director D-TRUST GmbH Intern/Vertraulich 1

eidentity means strong authentication/identification suitable for ecommerce/egovernment applications providing a strong link to an officially verified identity (HW) token based 2

Do we need this? 3

Do we need this? Yes, we do 4

Do we need this? Yes, we do 5

EINFÜHRUNG? Passwords i.e. identities are stolen on a most daily basis!! 6

EINFÜHRUNG? Security is typically not an accepted part of the features Security 7

These were the slides I used to present a year ago 8

EINFÜHRUNG? New topic: consider the country in which the service is provided 9

Single EU market for eidentity Technical Interoperability Legal Acceptance User acceptance & -experience 10

IAS: CURRENT SITUATION EU Signature directive 1999/93/EC dated 13.12.1999 No legal acceptance of QES within EU crossborder Mature standards (CEN and ETSI) No legal framework within EU for eid Different implementations of eid across Europe Large Investments of both EU member states and EU industry 11

Single EU market for eidentity Technical Interoperability Legal Acceptance User acceptance & -experience 12

13

Single EU market for eidentity Technical Interoperability Legal Acceptance User acceptance & -experience 14

SITUATION TODAY Many member states have already introduced eid technology supporting various use cases CENTRAL GOVERNMENT ONLINE SERVICES LOCAL GOVERNMENT ONLINE SERVICES Citizen BUSINESS ONLINE SERVICES NON PROFIT ORGANISATION ONLINE SERVICES 15

SITUATION TODAY: SEPARATED E-ID INFRASTRUCTURE Citizen Citizen Citizen Citizen Citizen 16

AIM: INTEROPERABILITY OF NATIONAL SOLUTIONS Citizen Citizen Opportunities for public and private sector Citizen Citizen Citizen 17

INTEROPERABILITY REQUIREMENTS There is no common single eid specification valid for the EU Several different implementations are already in place and operating We need central translation services We need to acknowledge that different trust levels exist in the implemented eid solutions 18

DIFFERENT TECHNOLOGIES, BUT ONE UNIFYING APPROACH Middleware approach Proxy approach (Server) S-PEPS V-IDP (Virtual- ID-Provider) MS B MS A (Citizen) C-PEPS MS spezifisch MS D MS C 19

SOLUTION APPROACH Middleware approach MS B MS A V-IDP (Virtual- ID-Provider) direct SP connector AT MOA ID V-IDP S-PEPS (V-SP) (MS B spezifisch) Modular Authentication Relay Service DE eid Service C-PEPS connector Proxy approach possible extensions possible extensions (Server) S-PEPS (Citizen) C-PEPS MS spezifisch MS D MS C 20

SOLUTION APPROACH IN DETAIL (MARS) direct SP connector V-IDP (V-SP) S-PEPS (MS B spezifisch) possible extensions DE eid Service Modular Authentication Relay Service AT MOA ID C-PEPS connector possible extensions national C-PEPS Configurable like LEGO... 21

Single EU market for eidentity Technical Interoperability Legal Acceptance User acceptance & -experience 22

OUR TECHNOLOGY YOUR PROBLEM?????? 23

OUR TECHNOLOGY YOUR PROBLEM Crossborder identification and authentication services and eservices are already existing, they are already functioning und are used daily by millions of people all over the world 24

OUR TECHNOLOGY YOUR PROBLEM What users experience today: 25

BRIDGING THE ID WORLDS Proprietary ID systems, e.g. username/ password, AppleID, propriatory token Governmental eid solutions Typically, NO interaction between these two worlds exist for the user 26

BRIDGING THE ID WORLDS Proprietary ID systems, e.g. username/ password, AppleID, proprietory token Governmental eid solutions The future of eid lies within controlled connection between both worlds, e.g. for special use cases (unblocking of accounts, age verification etc) 27

BRIDGING THE ID WORLDS: PROVIDING VERIFIED IDENTITIES Service Provider 2. ID request: Confirmation of official ID requested 4. Authentification Using SAML/internationally accepted and standardized exchange protocol IDP (Identity Provider) 1. Service request: Using conventional authentification methods USER 3. Verify ID: Using various ID sources and verification methods 28

For the eid world we have to acknowlegde, that other authentication systems are already existing and are widely used We have to find the right / complementary use cases where BOTH systems need to interact This relates especially to administrative use cases like registration, account set up, account unblocking For the operation of governmental eid solutions we need to provide a seamless integration into other proprietory systems in order to gain acceptance 29

Do not forget the user! 30

THANK YOU FOR YOUR ATTENTION! 31

DISCLAIMER Dr. Kim Nguyen Bundesdruckerei GmbH / D-TRUST GmbH Oranienstr. 91 10969 Berlin www.bundesdruckerei.de E-Mail: kim.nguyen@bdr.de Telefon: +49(0)30-2598-1194 Hinweis: Diese Präsentation ist Eigentum der Bundesdruckerei GmbH. Sämtliche Inhalte auch auszugsweise dürfen nicht ohne die Genehmigung der Bundesdruckerei GmbH vervielfältigt, weitergegeben oder veröffentlicht werden. Copyright 2013 by Bundesdruckerei GmbH. 32

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information