Una herramienta para la gestión de identidad, el control de acceso y uso compatible con la regulación de identidad europea eIDAS.

Slides:

Advertisements

Similar presentations

FI-WARE Testbed Access Control temporary solution.

Advertisements

FIspace Security Components FIspace Security Components NetFutures 2015 FIspace project Javier Romero Negrín Javier Hitado Simarro ATOS Serdar Arslan KoçSistem.

WSO2 Identity Server Road Map

Access Control Patterns & Practices with WSO2 Middleware Prabath Siriwardena.

Hannes Tschofenig (IETF#79, SAAG, Beijing). Acknowledgements I would like to thank to Pasi Eronen. I am re- using some of his slides in this presentation.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

TF-EMC2 February 2006, Zagreb Deploying Authorization Mechanisms for Federated Services in the EDUROAM Architecture (DAME) -Technical Project Proposal-

Security Chapter, FIWARE Sprint status Chapter Leader: Pascal Bisson Chapter Architect: Cyril Dangerville.

GRDevDay March 21, 2015 Cloud-based Identity for Applications.

Widely Distributed Access Management Tom Barton University of Chicago.

SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)

Prabath Siriwardena Senior Software Architect. An open source Identity & Entitlement management server.

FI-WARE Overview Juanjo Hierro Telefonica Digital, Coordinator and Chief Architect, FI-WARE

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

UMA Could I Manage My Own Data. Please?. Agenda Business Trends & Technical Solutions Distributed Business (Decentralisation) Mobility & Automation Delegation.

● Problem statement ● Proposed solution ● Proposed product ● Product Features ● Web Service ● Delegation ● Revocation ● Report Generation ● XACML 3.0.

Open APIs for Open Minds Nuria de Lama, Atos Research & Innovation Future Internet Public Private Partnership in EU FI-WARE: Overview.

Survey of Identity Repository Security Models JSR 351, Sep 2012.

Applying FI-WARE Generic Enablers to Smart Grid Management: Electric Car Charging Scenario Dr. Steven Davy Mobile, Middleware, TSSG Mas2tering.

1 Multi Cloud Navid Pustchi April 25, 2014 World-Leading Research with Real-World Impact!

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Otomo End User SSO - TOI March 2014 Otomo 10.5 – End User SSO Support.

Kerberos and Identity Federations Daniel Kouřil, Luděk Matyska, Michal Procházka, Tomáš Kubina AFS & Kerberos Best Practices Worshop 2008.

SSO Case Study Suchin Rengan Principal Technical Architect Salesforce.com.

The FI-WARE Project – Base Platform for Future Service Infrastructures FI-WARE Stefano De Panfilis (Fi-WARE PCC Member) 4 th July 2011 FInES - Samos Summit.

Ad Hoc VO Akylbek Zhumabayev Images. Node Discovery vs. Registration VO Node Resource User discover register Resource.

The ERA of API in the World of IoT Jing Zhang-Lee November, 2015.

JRA1.4 Models for implementing Attribute Providers and Token Translation Services Andrea Biancini.

Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.

Creating a European entity Management Architecture for eGovernment Id GUIDE Keiron Salt

Security and Privacy for the Smart Grid James Bryce Clark, OASIS Robert Griffin, RSA Hal Lockhart, Oracle.

University of Murcia Gabriel López.  Network authentication in eduroam and SSO token distribution ◦ RADIUS hierarchy ◦ Token based on SAML  Network.

WSO2 Identity Server 4.0 Fall WSO2 Carbon Enterprise Middleware Platform 2.

Secure Mobile Development with NetIQ Access Manager

Prabath Siriwardena, Director of Security, WSO2 Twitter

INDIGO – DataCloud Security and Authorization in WP5 INFN RIA

In Vivo Imaging Middleware — Phase 6 Ashish Sharma, Tony Pan, Y. Nadir Saghar.

Stork is an EU co-funded project INFSO-ICT-PSP STORK PRESENTATION Frank LEYMAN Manager International Relations 04/06/2009.

ESRIN, 15 July 2009 Slide 1 Web Service Security support in the SSE Toolbox HMA-T Phase 2 FP 14 December 2009 S. Gianfranceschi, Intecs.

WSO2 Identity Server. Small company (called company A) had few services deployed on one app server.

Sprint Demo Meeting Álvaro Alonso and Federico Fernández UPM – DIT Security Chapter. FIWARE.

Survey of Identity Repository Security Models JSR 351, Sep 2012.

Copyright © 2006, Oracle. All rights reserved Oracle Web Services Manager.

Security Chapter - Sprint Status

HMA-S Project User Management for EO Services OGC r9

Access Policy - Federation March 23, 2016

Cross-sector and user-centric AAI

Azure Active Directory - Business 2 Consumer

Identity Federations - Overview

Considering issues regarding handling token

Social Networks Integration in Android

Security Chapter - Sprint Status

Why eIDAS? eID under eIDAS compliance

ESA Single Sign On (SSO) and Federated Identity Management

Continuous Automated Chatbot Testing

NAAS 2.0 Features and Enhancements

Public Key Infrastructure from the Most Trusted Name in e-Security

CEF eID SMO The use of eID in eHealth

Integrating non web-based services with identity federations

Vonk FHIR Engine Christiaan Knaap 27 September 2018.

SharePoint Online Authentication Patterns

Dashboard eHealth services: actual mockup

Single Sign-On (SSO) Authentication

Community AAI with Check-In

Future Internet Infrastructures

Development roadmap of Suomi.fi-services

Salesforce.com Salesforce.com is the world leader in on-demand customer relationship management (CRM) services Manages sales, marketing, customer service,

Security for Science Gateways Initial Design Discussions

Check-in Identity and Access Management solution that makes it easy to secure access to services and resources.

Presentation transcript:

Una herramienta para la gestión de identidad, el control de acceso y uso compatible con la regulación de identidad europea eIDAS

Main objective Integration of eID DSI in the FIWARE platform to grant access to FIWARE services ecosystem by eID

FIWARE Ecosystem A framework of open source platform components which can be assembled together and with other third-party components to accelerate the development of Smart Solutions. Data/API Management Publication Monetization Core Context Management (Context Broker) Context Processing, Analysis, Visualization Interface to IoT, Robotics and third party systems Deployment tools

FIWARE Ecosystem Access Control

FIWARE Security Generic Enablers Keyrock – Identity Management Web Interface and Rest API for managing Identity OAuth2.0 single sign on Application - scoped roles and permissions management Wilma – PEP Proxy PEP Proxy for securing service backends OAuth 2.0 Access Tokens support AuthZForce – Authorization PDP PAP and PDP Server for managing complex AC policies XACML-3.0 standard-compliant

OAuth2.0 FIWARE services

OAuth2.0 FIWARE services

eIDAS eIDAS (electronic IDentification, Authentication and trust Services) is an EU regulation to enable secure and seamless electronic interactions between businesses, citizens and public authorities. eIDAS country 1 country 2 country 3 Service User country 2 eID

eIDAS-FIWARE Integration Deploy IdM Keyrock as gateway between: FIWARE OAuth2.0-based services eIDAS SAML2.0-based node Attribute mapping on Keyrock Validation of use cases

eIDAS-FIWARE Integration IAM Infrastructure eIDAS Network Authentication IdP eIDAS node 1 SAML flow OAuth 2.0 requests Service Application IdP 1 Access-token eIDAS node 2 User info request IdP 2 …

eIDAS-FIWARE Integration IdP eIDAS node 1 eIDAS node 2 Service Authentication request Redirect to IdP Redirect to eIDAS SAML request Login Delegation if needed SAML response (user attributes) - USER CREATION - ATTRIBUTES MAPPING OAuth 2.0 authorization code Create token OAuth 2.0 access token

eIDAS Service registration Keyrock

Use cases validation MashmeTV videoconferencing system Private service Business, e-Learning, eHealth, etc eID link for logging in and personalizing profile (language, billing, etc) Santander Smart City Public service Tourism, traffic, parking, etc. Enabled adaptation to citizen’s age or nationality

Results Users from 7 different countries have tested the deployed services And given us their feedback about the experience Answering a survey

Results - Survey answers

Conclusions Ease the connection of FIWARE services with eIDAS Node FIWARE services can authenticate real entities Personal information from eIDAS for ad-hoc services Future research integration with self-sovereign identities

Una herramienta para la gestión de identidad, el control de acceso y uso compatible con la regulación de identidad europea eIDAS