Download presentation
Presentation is loading. Please wait.
Published byMyrtle O’Neal’ Modified over 6 years ago
1
INDUSTRY WORKSHOP STORK OVERVIEW 2nd Industry Group – 26 June, 2009
LONDON Marc Stern
2
STORK data flow (logical)
3
Protocol: Federated Identity
STORK
4
Protocol: Links security
Microsoft feed-back Dec. 2008: “Feedback on STORK WP5 Deliverable D5.1” Principle 1: Minimize the scope for identity theft
5
Protocol: “Man in the Middle” weakness
STORK
6
Protocol: Full security
1 Citizen connects to Service Provider 2 Request connection to originating country authentication provider 3 Authentication (eID card / X.509) a) Key pair and certificate generation b) Key sending inside secure connection c) Key insertion in SAML signed assertion 4 Certified identity is sent to Service Provider 5 Assertion verification + compare keys from TLS connection and SAML assertion 6 Business transactions between citizen and service Provider with same key Key binding could already begin during 1
7
Protocol: Proposed solution
SAML brand new standard profile: “Holder-of-Key Web Browser SSO” Local client (Internet Explorer, Firefox, Safari,…) Infocard? CardSpace Higgins … Dedicated plug-in? Advanced functionalities Pre-generate keys/certificates Re-use same keys with same SP Enhance privacy towards PEPS (Microsoft principle 5) Etc.
8
Reference code PEPS Connectors: IdP, AP, SP Java
EU Open Source License
9
Example: Access to medical data
Physical world Doctor goes to a medical lab, and asks for a patient record Clerk ask for a proof that he’s a doctor, and that the patient mandated him Doctor goes to the doctor association, and ask a proof Doctor receives a paper proof Doctor ask his patient a mandate Doctor receives the mandate Citizen goes back to medical lab, and receives the patient record
10
Example with STORK – combination
11
Example with STORK – stacking
12
Off-line access to medical data
Social insurance Hospital Clerk Batch Not User-centric STORK cannot be used!
13
STORK – eID interoperability
THANK YOU FOR YOUR ATTENTION
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.