Presentation is loading. Please wait.

Presentation is loading. Please wait.

Architecture proposal

Published byBarnard Whitehead Modified over 6 years ago

Similar presentations

Presentation on theme: "Architecture proposal"— Presentation transcript:

1 Architecture proposal
eIDAS connector for STORK Architecture proposal

2 eIDAS connector for STORK (ECS)
STORK - Plugin eIDAS STORK Inbound SAMl engine c-peps eIDAS -decryption Outbound MS - PEPS eIDAS -encryption eIDAS STORK Read config SAMl engine SP interface eIDAS - SAMl engine S-peps Meta data Encrypt Encrypt SP Country selector S/C node interface SP Country selector Proxy service Connector MS - Node

3 A customer/citizen from a "eIDAS MS" wants needs to be authenticated to use some service at a Service Proveder (SP) site. The customer chooses to use the eIDAS/STORK to be authenticated The SP website gets the country selector from the S-PEPS of the country and displays it to the customer/citizen (Problem with SP’s which have their own country selector) The customer/citizen chooses his home country The S-PEPS prepares the authentication request. If the home country has eIDAS node, the S-PEPS sends the request to the ECS. The ECS  Marshals  the STORK objects and creates a eIDAS authentication request The ECS connector encrypts the authentication request and sends it to the home country eIDAS Proxy Service The eIDAS Proxy service of the home country does its magic to authenticate the customer/citizen. The eIDAS Proxy service s of the home country sends the authentication response to the ECS Connector The ECS Connector decrypts the incoming authentication response The ECS Connector  Marshals  the eIDAS objects and creates a STORK authentication response The ESC connector sends the response to the defined return URL

4 STORK 2.0 -> eIDAS MS eIDAS MS STORK Proxy service Proxy service
c-peps MS - PEPS ECS MS - PEPS eIDAS STORK SP Plugin Connector S-peps Country selector Connector

5 STORK 2.0 -> eIDAS A customer/citizen from a „STORK MS" needs to be authenticated to use a service at a Service Proveder (SP) site. The customer chooses to use the eIDAS/STORK to be authenticated The SP website gets the country selector from the Connector of the MS and displays it to the customer/citizen (Problem with SP’s which have their own country selector) The customer/citizen chooses his home country The Connector prepares the authentication request and sends it to the ESC Proxy Service of th home country (eIDAS MS have different URL’s in the country selector than a STORK country) The ESC Proxy Service decrypts the incoming authentication request The ESC Proxy Service Marshals  the eIDAS objects and creates a STORK authentication request and sends it to the home country C-PEPS The C-PEPS then does its magic to authenticate the customer/citizen The C-PEPS sends the authentication response to the ECS Proxy Service The ECS Proxy Service Marshals  the STORK objects and creates a eIDAS authentication response The ECS Proxy Service encrypts the authentication response and sends it to the Connector of the SP (where the request came from) The incoming response is decrypted and returned  to the SP

6 eIDAS -> STORK 2.0 MS eIDAS MS STORK Plugin Proxy Service
c-peps Connector node MS - PEPS MS - PEPS Connector Connector S-peps SP Country selector

7 eIDAS -> STORK 2.0 eIDAS SAML STORK SAML Minimal dataset STORK SAML
in eIDAS’ish STORK SAML in STORK’ish Proxy service Proxy service c-peps Connector node MS - PEPS MS - PEPS Sector specific Additional attributes - in STORK’ish if for or from STORK pilots Connector Connector S-peps

8 eIDAS -> STORK 2.0 eIDAS SAML STORK SAML Minimal dataset STORK SAML
in eIDAS’ish STORK SAML in STORK’ish AP Proxy service Proxy service c-peps hasDegree hasDegree Connector node MS - PEPS MS - PEPS Sector specific Additional attributes - in STORK’ish if for or from STORK pilots Connector Connector S-peps SP hasDegree

9 Sector specific Additional attributes -
eIDAS -> STORK 2.0 eIDAS SAML STORK SAML Minimal dataset in eIDAS’ish STORK SAML in STORK’ish AP Proxy service Proxy service c-peps VATRegistration VATRegistration Connector node MS - PEPS MS - PEPS Sector specific Additional attributes - Added to the SAML Connector Connector S-peps SP

Download ppt "Architecture proposal"

Similar presentations

Security Design and Solution in ARC1 Weizhong Qiang University of Oslo April 9, 2008.

Security Design and Solution in ARC1 Weizhong Qiang University of Oslo April 9, 2008.
Unlicensed Mobile Access (UMA) Dasun Weerasinghe School of Engineering and Mathematical Sciences City University London.

Unlicensed Mobile Access (UMA) Dasun Weerasinghe School of Engineering and Mathematical Sciences City University London.
 Jan Alexander Program Manager Microsoft Corporation BB43.

 Jan Alexander Program Manager Microsoft Corporation BB43.
SSRS 2008 Architecture Improvements Scale-out SSRS 2008 Report Engine Scalability Improvements.

SSRS 2008 Architecture Improvements Scale-out SSRS 2008 Report Engine Scalability Improvements.
OSG AuthZ Architecture AuthZ Components Legend VO Management Services Grid Site GUMS Site Services SAZ CE Gatekeeper Prima Is Auth? Yes / No SE SRM gPlazma.

OSG AuthZ Architecture AuthZ Components Legend VO Management Services Grid Site GUMS Site Services SAZ CE Gatekeeper Prima Is Auth? Yes / No SE SRM gPlazma.
WSO2 Identity Server Road Map

WSO2 Identity Server Road Map
Developments on Application System & Integration System.

Developments on Application System & Integration System.
Troubleshooting Federation, AD FS 2.0, and More…

Troubleshooting Federation, AD FS 2.0, and More…
Smart Meter Texas SMART METER TEXAS Third-Party Use Case 5 Third-Party Requests Information on Consumer Relationships August 22, 2011.

Smart Meter Texas SMART METER TEXAS Third-Party Use Case 5 Third-Party Requests Information on Consumer Relationships August 22, 2011.
Every effort has been made to make this seminar as complete and as accurate as possible but no warranty or fitness is implied. The presenter, authors,

Every effort has been made to make this seminar as complete and as accurate as possible but no warranty or fitness is implied. The presenter, authors,
Troubleshooting Federation, AD FS 2.0, and More…

Troubleshooting Federation, AD FS 2.0, and More…
Introduction to E-Marketing Understanding Marketing Techniques in the new E-conomy.

Introduction to E-Marketing Understanding Marketing Techniques in the new E-conomy.
Shib-Grid Integrated Authorization (Shintau) George Inman (University of Kent) TF-EMC2 Meeting Prague, 5 th September 2007.

Shib-Grid Integrated Authorization (Shintau) George Inman (University of Kent) TF-EMC2 Meeting Prague, 5 th September 2007.
 What is SEO?  Industry Research  SEO Process  Technical aspects of SEO  Social Media - MySpace Optimization  Measuring SEO success  SEO Tools.

 What is SEO?  Industry Research  SEO Process  Technical aspects of SEO  Social Media - MySpace Optimization  Measuring SEO success  SEO Tools.
WWW Forms and Search. Forms URL - always fetch a particular page What if the information we want varies from time to time and from user to user?

WWW Forms and Search. Forms URL - always fetch a particular page What if the information we want varies from time to time and from user to user?
Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014.

Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014.
“STORK / STORK 2.0 Project Overview” ARE3NA workshop, March 17th Miguel Alvarez Rodriguez Stork 2.0 is an EU co-funded project INFSO-ICT-PSP-297263.

“STORK / STORK 2.0 Project Overview” ARE3NA workshop, March 17th Miguel Alvarez Rodriguez Stork 2.0 is an EU co-funded project INFSO-ICT-PSP
WordPress Workshop Part 6: SEO Basics SocialBizNow.com Roohi Moolla CEO/Founder SocialBizNow | SocialBizWorld | NeighborhoodNow

WordPress Workshop Part 6: SEO Basics SocialBizNow.com Roohi Moolla CEO/Founder SocialBizNow | SocialBizWorld | NeighborhoodNow
An Overview of Single Sign-On, Federation, Its Benefits, and Basic Procedures for Integrating Applications.

An Overview of Single Sign-On, Federation, Its Benefits, and Basic Procedures for Integrating Applications.
Security Protection on Trust Delegated Medical Data in Public Mobile Networks Dasun Weerasinghe, Muttukrishnan Rajarajan and Veselin Rakocevic Mobile Networks.

Security Protection on Trust Delegated Medical Data in Public Mobile Networks Dasun Weerasinghe, Muttukrishnan Rajarajan and Veselin Rakocevic Mobile Networks.

Similar presentations

Ads by Google