Presentation is loading. Please wait.

Presentation is loading. Please wait.

INDUSTRY WORKSHOP STORK OVERVIEW 2nd Industry Group – 26 June, 2009

Similar presentations


Presentation on theme: "INDUSTRY WORKSHOP STORK OVERVIEW 2nd Industry Group – 26 June, 2009"— Presentation transcript:

1 INDUSTRY WORKSHOP STORK OVERVIEW 2nd Industry Group – 26 June, 2009
LONDON Marc Stern

2 STORK data flow (logical)

3 Protocol: Federated Identity
STORK

4 Protocol: Links security
Microsoft feed-back Dec. 2008: “Feedback on STORK WP5 Deliverable D5.1” Principle 1: Minimize the scope for identity theft

5 Protocol: “Man in the Middle” weakness
STORK

6 Protocol: Full security
1 Citizen connects to Service Provider 2 Request connection to originating country authentication provider 3 Authentication (eID card / X.509) a) Key pair and certificate generation b) Key sending inside secure connection c) Key insertion in SAML signed assertion 4 Certified identity is sent to Service Provider 5 Assertion verification + compare keys from TLS connection and SAML assertion 6 Business transactions between citizen and service Provider with same key  Key binding could already begin during 1

7 Protocol: Proposed solution
SAML brand new standard profile: “Holder-of-Key Web Browser SSO” Local client (Internet Explorer, Firefox, Safari,…) Infocard? CardSpace Higgins Dedicated plug-in? Advanced functionalities Pre-generate keys/certificates Re-use same keys with same SP Enhance privacy towards PEPS (Microsoft principle 5) Etc.

8 Reference code PEPS Connectors: IdP, AP, SP Java
EU Open Source License

9 Example: Access to medical data
Physical world Doctor goes to a medical lab, and asks for a patient record Clerk ask for a proof that he’s a doctor, and that the patient mandated him Doctor goes to the doctor association, and ask a proof Doctor receives a paper proof Doctor ask his patient a mandate Doctor receives the mandate Citizen goes back to medical lab, and receives the patient record

10 Example with STORK – combination

11 Example with STORK – stacking

12 Off-line access to medical data
Social insurance Hospital Clerk Batch Not User-centric STORK cannot be used! 

13 STORK – eID interoperability
THANK YOU FOR YOUR ATTENTION


Download ppt "INDUSTRY WORKSHOP STORK OVERVIEW 2nd Industry Group – 26 June, 2009"

Similar presentations


Ads by Google