INDUSTRY WORKSHOP STORK OVERVIEW 2nd Industry Group – 26 June, 2009

Slides:

Advertisements

Similar presentations

Shibboleth 2.0 and Beyond Chad La Joie Georgetown University Internet2.

Advertisements

Cloud PIV Authentication and Authorization Demo PIV Card User Workstation Central Security Server In order to use Cloud Authentication and Authorization.

The World Internet Security Company ID Management in e-Health February 2007.

Stork is an EU co-funded project INFSO-ICT-PSP STORK PRESENTATION STORK eGov Symposium Bern 09.Nov.2010 Dipl.-Ing. (FH) Klaus J. John.

Integration Considerations Greg Thompson April 20 th, 2006 Copyright © 2006, Credentica Inc. All Rights Reserved.

©Centre for Development of Advanced Computing 1 State e-governance Service Delivery Gateway (SSDG)‏ A Messaging Middleware for.

Infocard and Eduroam Enrique de la Hoz, Diego R. L ó pez, Antonio Garc í a, Samuel Mu ñ oz.

1 ARPA A regional infrastructure for secure role-based access to RTRT services Ing. Laura Castellani Tuscany Region.

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.

December 19, 2006 Solving Web Single Sign-on with Standards and Open Source Solutions Trey Drake AssetWorld 2007 Albuquerque, New Mexico November 2007.

Masud Hasan Secure Project 1. Secure It uses Digital Certificate combined with S/MIME capable clients to digitally sign and.

SAML-based Delegation in Shibboleth Scott Cantor Internet2/The Ohio State University.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

SWITCHaai Team Introduction to Shibboleth.

Identity Management in Education. Welcome Scott Johnson, NetProf, Inc. Creator of OmnID Identity Management for Education

SAML Right Here, Right Now Hal Lockhart September 25, 2012.

1 Using EMV cards for Single Sign-On 26 th June st European PKI Workshop Andreas Pashalidis and Chris J. Mitchell.

Elements of Trust Framework for Cyber Identity & Access Services CYBER TRUST FRAMEWORK Service Agreement Trust Framework Provider Identity Providers Credential.

“STORK / STORK 2.0 Project Overview” ARE3NA workshop, March 17th Miguel Alvarez Rodriguez Stork 2.0 is an EU co-funded project INFSO-ICT-PSP

Shibboleth Akylbek Zhumabayev September Agenda Introduction Related Standards: SAML, WS-Trust, WS-Federation Overview: Shibboleth, GSI, GridShib.

Workshop Presentation [1] Investigating Liberty Alliance and Shibboleth Integration Nishen Naidoo, Supervisor: Dr. Steve Cassidy.

Stork is an EU co-funded project INFSO-ICT-PSP Students Mobility: STORK Project Deployment Paúl Santapau Nebot Vicente Andreu Navarro.

INTRODUCTION: THE FIRST TRY InCommon eduGAIN Policy and Community Working Group.

“The FIDO Alliance Today”

Payment in Identity Federations David J. Lutz Universitaet Stuttgart.

Belgian EID Card 15/12/2004 Derette Willy eID program manager.

Connect. Communicate. Collaborate Universität Stuttgart A Client Middleware for Token- Based Unified Single Sign On to eduGAIN Sascha Neinert, University.

Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.

Security and Privacy for the Smart Grid James Bryce Clark, OASIS Robert Griffin, RSA Hal Lockhart, Oracle.

05/03/2011Pomcor 1 Meeting the Privacy Goals of NSTIC in the Short Term Presentation at the 2011 Internet Identity Workshop Francisco Corella and Karen.

EID and eSignature programs at National level in Europe Detlef Houdeau Nov 2013 Exploratory seminar on e-signatures for e- business in the South Mediterranean.

WP 5.5 Citizen lifecycle pilot – Education Live since February 1! 1.

Stork is an EU co-funded project INFSO-ICT-PSP STORK PRESENTATION Frank LEYMAN Manager International Relations 04/06/2009.

Stork is an EU co-funded project INFSO-ICT-PSP INDUSTRY WORKSHOP STORK OVERVIEW 2 nd Industry Group – 26 June, 2009 LONDON Herbert Leitold.

The Future Digital Identity Landscape in Europe Timothée Mangenot, chairman 14th of December, 2015 ACSIEL partners day.

Communication protocols 2. HTTP Hypertext Transfer Protocol, is the protocol of World Wide Web (www) Client web browser Web server Request files Respond.

HMA-S Project User Management for EO Services OGC r9

Access Policy - Federation March 23, 2016

Trust Profiling for Adaptive Trust Negotiation

Using Your Own Authentication System with ArcGIS Online

Efficient and secure transborder exchange of patient data

Cross-sector and user-centric AAI

Azure Active Directory - Business 2 Consumer

Analyn Policarpio Andrew Jazon Gupaal

Federation made simple

Shibboleth Roadmap

Federation Systems, ADFS, & Shibboleth 2.0

SAML New Features and Standardization Status

Architecture proposal

HMA Identity Management Status

Identity Federations - Overview

Integrated User and Access Management

Data and Applications Security Developments and Directions

Identity management Aalto University, autumn 2013.

Introduction How to combine and use services in different security domains? How to take into account privacy aspects? How to enable single sign on (SSO)

Cypak core technology Combat fraud and keep your customer happy

European Citizens’ Initiative, Commission regulation proposal Focus on IT aspects Jérôme Stefanini DIGIT.B.2 05/06/2018.

Digital Signatures and Forms

Technical Approach Chris Louden Enspier

The main cause for that are the famous phishing attacks, in which the attacker directs users to a fake web page identical to another one and steals the.

CS 465 Certificates Last Updated: Oct 14, 2017.

CLASP Project AAI Workshop, Nov 2000 Denise Heagerty, CERN

Dashboard eHealth services: actual mockup

E-Procurement Project

Identity and Trust Management Platform in DICOM

The Italian Academic Community’s Electronic Voting System

Electronic Payment Security Technologies

Una herramienta para la gestión de identidad, el control de acceso y uso compatible con la regulación de identidad europea eIDAS.

Presentation transcript:

INDUSTRY WORKSHOP STORK OVERVIEW 2nd Industry Group – 26 June, 2009 LONDON Marc Stern

STORK data flow (logical)

Protocol: Federated Identity STORK

Protocol: Links security Microsoft feed-back Dec. 2008: “Feedback on STORK WP5 Deliverable D5.1” Principle 1: Minimize the scope for identity theft

Protocol: “Man in the Middle” weakness STORK

Protocol: Full security 1 Citizen connects to Service Provider 2 Request connection to originating country authentication provider 3 Authentication (eID card / X.509) a) Key pair and certificate generation b) Key sending inside secure connection c) Key insertion in SAML signed assertion 4 Certified identity is sent to Service Provider 5 Assertion verification + compare keys from TLS connection and SAML assertion 6 Business transactions between citizen and service Provider with same key  Key binding could already begin during 1

Protocol: Proposed solution SAML 2.0 + brand new standard profile: “Holder-of-Key Web Browser SSO” Local client (Internet Explorer, Firefox, Safari,…) Infocard? CardSpace Higgins … Dedicated plug-in? Advanced functionalities Pre-generate keys/certificates Re-use same keys with same SP Enhance privacy towards PEPS (Microsoft principle 5) Etc.

Reference code PEPS Connectors: IdP, AP, SP Java EU Open Source License

Example: Access to medical data Physical world Doctor goes to a medical lab, and asks for a patient record Clerk ask for a proof that he’s a doctor, and that the patient mandated him Doctor goes to the doctor association, and ask a proof Doctor receives a paper proof Doctor ask his patient a mandate Doctor receives the mandate Citizen goes back to medical lab, and receives the patient record

Example with STORK – combination

Example with STORK – stacking

Off-line access to medical data Social insurance Hospital Clerk Batch Not User-centric STORK cannot be used!

STORK – eID interoperability THANK YOU FOR YOUR ATTENTION info@eid-stork.eu