Architecture proposal

Slides:



Advertisements
Similar presentations
Security Design and Solution in ARC1 Weizhong Qiang University of Oslo April 9, 2008.
Advertisements

Unlicensed Mobile Access (UMA) Dasun Weerasinghe School of Engineering and Mathematical Sciences City University London.
 Jan Alexander Program Manager Microsoft Corporation BB43.
SSRS 2008 Architecture Improvements Scale-out SSRS 2008 Report Engine Scalability Improvements.
OSG AuthZ Architecture AuthZ Components Legend VO Management Services Grid Site GUMS Site Services SAZ CE Gatekeeper Prima Is Auth? Yes / No SE SRM gPlazma.
WSO2 Identity Server Road Map
Developments on Application System & Integration System.
Troubleshooting Federation, AD FS 2.0, and More…
Smart Meter Texas SMART METER TEXAS Third-Party Use Case 5 Third-Party Requests Information on Consumer Relationships August 22, 2011.
Every effort has been made to make this seminar as complete and as accurate as possible but no warranty or fitness is implied. The presenter, authors,
Troubleshooting Federation, AD FS 2.0, and More…
Introduction to E-Marketing Understanding Marketing Techniques in the new E-conomy.
Shib-Grid Integrated Authorization (Shintau) George Inman (University of Kent) TF-EMC2 Meeting Prague, 5 th September 2007.
 What is SEO?  Industry Research  SEO Process  Technical aspects of SEO  Social Media - MySpace Optimization  Measuring SEO success  SEO Tools.
WWW Forms and Search. Forms URL - always fetch a particular page What if the information we want varies from time to time and from user to user?
Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014.
“STORK / STORK 2.0 Project Overview” ARE3NA workshop, March 17th Miguel Alvarez Rodriguez Stork 2.0 is an EU co-funded project INFSO-ICT-PSP
WordPress Workshop Part 6: SEO Basics SocialBizNow.com Roohi Moolla CEO/Founder SocialBizNow | SocialBizWorld | NeighborhoodNow
An Overview of Single Sign-On, Federation, Its Benefits, and Basic Procedures for Integrating Applications.
Security Protection on Trust Delegated Medical Data in Public Mobile Networks Dasun Weerasinghe, Muttukrishnan Rajarajan and Veselin Rakocevic Mobile Networks.
Insert Your Name Insert Your Title Insert Date Client Registration Open Issues Update 5/27/2011 Denis Pochuev (original proposal by Alan Frindell)
Shibboleth 2.0 Update Ken Klingenstein. 2 Topics Shib v1.3 Status SAML new features Shibboleth 2.0 Features Shibboleth 2.x Features We Need Feedback.
User Authentication Modules Leland Wallace Sr. Engineer AppleShare Leland Wallace Sr. Engineer AppleShare.
Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Secure Sharding.
Authentication and Authorisation for Research and Collaboration Christos Kanellopoulos GRNET Proposed Pilots for Libraries and eGov.
ProductExchange 2013 SP1Exchange 2013 RTMExchange 2010 SP3Exchange 2007 SP3 Outlook 2013 SP1 or later MAPI over HTTP Outlook Anywhere Outlook Anywhere.
5th TF-EMC2 Meeeting. Zagreb How AA-RR Says “Hello, SAML” José Manuel Macías Diego R. Lopez.
PAPI-PERMIS Integration Project Proposal David Chadwick
Securing Web Applications Lesson 4B / Slide 1 of 34 J2EE Web Components Pre-assessment Questions 1. Identify the correct return type returned by the doStartTag()
Networks ∙ Services ∙ People Marina Adomeit FIM4R meeting Virtual Organisation Platform as a Service VOPaaS Nov 30, 2015, Austria Task Leader,
Search Engine Optimization Presented By:- ARKA Softwares Effective! Affordable! Time Groove
Return to Home! Go To Next Slide! Return to Home! Go To Next Slide!
WP 5.5 Citizen lifecycle pilot – Education Live since February 1! 1.
How to get backlinks of high quality ?  Let’s begin by understanding what backlinks are?  Backlinks refer to the incoming links excluding ads that.
Stork is an EU co-funded project INFSO-ICT-PSP STORK PRESENTATION Frank LEYMAN Manager International Relations 04/06/2009.
ESRIN, 15 July 2009 Slide 1 Web Service Security support in the SSE Toolbox HMA-T Phase 2 FP 14 December 2009 S. Gianfranceschi, Intecs.
HMA Identity Management Status
Cross-sector and user-centric AAI
STI Interworking with SIP-PBXs
INDUSTRY WORKSHOP STORK OVERVIEW 2nd Industry Group – 26 June, 2009
Request for Quote & Build Configuration
Ad-blocker circumvention System
HMA Identity Management Status
Géant-TrustBroker Dynamic inter-federation identity management
Advanced Security Architecture System Engineer Cisco: practice-questions.html.
practice-questions.html If you Are Thinking about your dumps? Introduction:
Advanced Security Architecture for System Engineers Cisco Dumps Get Full Exam Info From: /cisco-question-answers.html.
SEO in Chennai SEO is the abbreviated as search engine optimization it is a good thing of the business world. It is the methodology to create a traffic.
Website URL
ABAP Objects Abap Proxy
Why eIDAS? eID under eIDAS compliance
Azure AD Application Proxy
European Citizens’ Initiative, Commission regulation proposal Focus on IT aspects Jérôme Stefanini DIGIT.B.2 05/06/2018.
BRIA Android Configuration
Request for Quote & Build Configuration
Prepare to be amazed..... Choose any number between 1 and 63
BRIA Android Configuration
CEF eID SMO The use of eID in eHealth

Request for Quote & Build Configuration
ВОМР Подмярка 19.2 Възможности за финансиране
Споразумение за партньорство
Wireless Access Points
eIDAS and border region farmers
Una herramienta para la gestión de identidad, el control de acceso y uso compatible con la regulación de identidad europea eIDAS.
eIDAS-enabled Student Mobility
eIDAS-enabled Student Mobility
eIDAS-enabled Student Mobility
Presentation transcript:

Architecture proposal eIDAS connector for STORK Architecture proposal

eIDAS connector for STORK (ECS) STORK - Plugin eIDAS STORK Inbound SAMl engine c-peps eIDAS -decryption Outbound MS - PEPS eIDAS -encryption eIDAS STORK Read config SAMl engine SP interface eIDAS - SAMl engine S-peps Meta data Encrypt Encrypt SP Country selector S/C node interface SP Country selector Proxy service Connector MS - Node

A customer/citizen from a "eIDAS MS" wants needs to be authenticated to use some service at a Service Proveder (SP) site. The customer chooses to use the eIDAS/STORK to be authenticated The SP website gets the country selector from the S-PEPS of the country and displays it to the customer/citizen (Problem with SP’s which have their own country selector) The customer/citizen chooses his home country The S-PEPS prepares the authentication request. If the home country has eIDAS node, the S-PEPS sends the request to the ECS. The ECS  Marshals  the STORK objects and creates a eIDAS authentication request The ECS connector encrypts the authentication request and sends it to the home country eIDAS Proxy Service The eIDAS Proxy service of the home country does its magic to authenticate the customer/citizen. The eIDAS Proxy service s of the home country sends the authentication response to the ECS Connector The ECS Connector decrypts the incoming authentication response The ECS Connector  Marshals  the eIDAS objects and creates a STORK authentication response The ESC connector sends the response to the defined return URL

STORK 2.0 -> eIDAS MS eIDAS MS STORK Proxy service Proxy service c-peps MS - PEPS ECS MS - PEPS eIDAS STORK SP Plugin Connector S-peps Country selector Connector

STORK 2.0 -> eIDAS A customer/citizen from a „STORK MS" needs to be authenticated to use a service at a Service Proveder (SP) site. The customer chooses to use the eIDAS/STORK to be authenticated The SP website gets the country selector from the Connector of the MS and displays it to the customer/citizen (Problem with SP’s which have their own country selector) The customer/citizen chooses his home country The Connector prepares the authentication request and sends it to the ESC Proxy Service of th home country (eIDAS MS have different URL’s in the country selector than a STORK country) The ESC Proxy Service decrypts the incoming authentication request The ESC Proxy Service Marshals  the eIDAS objects and creates a STORK authentication request and sends it to the home country C-PEPS The C-PEPS then does its magic to authenticate the customer/citizen The C-PEPS sends the authentication response to the ECS Proxy Service The ECS Proxy Service Marshals  the STORK objects and creates a eIDAS authentication response The ECS Proxy Service encrypts the authentication response and sends it to the Connector of the SP (where the request came from) The incoming response is decrypted and returned  to the SP

eIDAS -> STORK 2.0 MS eIDAS MS STORK Plugin Proxy Service c-peps Connector node MS - PEPS MS - PEPS Connector Connector S-peps SP Country selector

eIDAS -> STORK 2.0 eIDAS SAML STORK SAML Minimal dataset STORK SAML in eIDAS’ish STORK SAML in STORK’ish Proxy service Proxy service c-peps Connector node MS - PEPS MS - PEPS Sector specific Additional attributes - in STORK’ish if for or from STORK pilots Connector Connector S-peps

eIDAS -> STORK 2.0 eIDAS SAML STORK SAML Minimal dataset STORK SAML in eIDAS’ish STORK SAML in STORK’ish AP Proxy service Proxy service c-peps hasDegree hasDegree Connector node MS - PEPS MS - PEPS Sector specific Additional attributes - in STORK’ish if for or from STORK pilots Connector Connector S-peps SP hasDegree

Sector specific Additional attributes - eIDAS -> STORK 2.0 eIDAS SAML STORK SAML Minimal dataset in eIDAS’ish STORK SAML in STORK’ish AP Proxy service Proxy service c-peps VATRegistration VATRegistration Connector node MS - PEPS MS - PEPS Sector specific Additional attributes - Added to the SAML Connector Connector S-peps SP

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.