Presentation is loading. Please wait.

Presentation is loading. Please wait.

Una herramienta para la gestión de identidad, el control de acceso y uso compatible con la regulación de identidad europea eIDAS.

Published byHarold Leonard Modified over 5 years ago

Similar presentations

Presentation on theme: "Una herramienta para la gestión de identidad, el control de acceso y uso compatible con la regulación de identidad europea eIDAS."— Presentation transcript:

1 Una herramienta para la gestión de identidad, el control de acceso y uso compatible con la regulación de identidad europea eIDAS

2 Main objective Integration of eID DSI in the FIWARE platform to grant access to FIWARE services ecosystem by eID

3 FIWARE Ecosystem A framework of open source platform components which can be assembled together and with other third-party components to accelerate the development of Smart Solutions. Data/API Management Publication Monetization Core Context Management (Context Broker) Context Processing, Analysis, Visualization Interface to IoT, Robotics and third party systems Deployment tools

4 FIWARE Ecosystem Access Control

5 FIWARE Security Generic Enablers
Keyrock – Identity Management Web Interface and Rest API for managing Identity OAuth2.0 single sign on Application - scoped roles and permissions management Wilma – PEP Proxy PEP Proxy for securing service backends OAuth 2.0 Access Tokens support AuthZForce – Authorization PDP PAP and PDP Server for managing complex AC policies XACML-3.0 standard-compliant

6 OAuth2.0 FIWARE services

7 OAuth2.0 FIWARE services

8 eIDAS eIDAS (electronic IDentification, Authentication and trust Services) is an EU regulation to enable secure and seamless electronic interactions between businesses, citizens and public authorities. eIDAS country 1 country 2 country 3 Service User country 2 eID

9 eIDAS-FIWARE Integration
Deploy IdM Keyrock as gateway between: FIWARE OAuth2.0-based services eIDAS SAML2.0-based node Attribute mapping on Keyrock Validation of use cases

10 eIDAS-FIWARE Integration
IAM Infrastructure eIDAS Network Authentication IdP eIDAS node 1 SAML flow OAuth 2.0 requests Service Application IdP 1 Access-token eIDAS node 2 User info request IdP 2

11 eIDAS-FIWARE Integration
IdP eIDAS node 1 eIDAS node 2 Service Authentication request Redirect to IdP Redirect to eIDAS SAML request Login Delegation if needed SAML response (user attributes) - USER CREATION - ATTRIBUTES MAPPING OAuth 2.0 authorization code Create token OAuth 2.0 access token

12 eIDAS Service registration Keyrock

13 Use cases validation MashmeTV videoconferencing system
Private service Business, e-Learning, eHealth, etc eID link for logging in and personalizing profile (language, billing, etc) Santander Smart City Public service Tourism, traffic, parking, etc. Enabled adaptation to citizen’s age or nationality

14 Results Users from 7 different countries have tested the deployed services And given us their feedback about the experience Answering a survey

15 Results - Survey answers

16 Conclusions Ease the connection of FIWARE services with eIDAS Node
FIWARE services can authenticate real entities Personal information from eIDAS for ad-hoc services Future research integration with self-sovereign identities

17 Una herramienta para la gestión de identidad, el control de acceso y uso compatible con la regulación de identidad europea eIDAS

Download ppt "Una herramienta para la gestión de identidad, el control de acceso y uso compatible con la regulación de identidad europea eIDAS."

Similar presentations

FI-WARE Testbed Access Control temporary solution.

FI-WARE Testbed Access Control temporary solution.
FIspace Security Components FIspace Security Components NetFutures 2015 FIspace project Javier Romero Negrín Javier Hitado Simarro ATOS Serdar Arslan KoçSistem.

FIspace Security Components FIspace Security Components NetFutures 2015 FIspace project Javier Romero Negrín Javier Hitado Simarro ATOS Serdar Arslan KoçSistem.
WSO2 Identity Server Road Map

WSO2 Identity Server Road Map
Access Control Patterns & Practices with WSO2 Middleware Prabath Siriwardena.

Access Control Patterns & Practices with WSO2 Middleware Prabath Siriwardena.
Hannes Tschofenig (IETF#79, SAAG, Beijing). Acknowledgements I would like to thank to Pasi Eronen. I am re- using some of his slides in this presentation.

Hannes Tschofenig (IETF#79, SAAG, Beijing). Acknowledgements I would like to thank to Pasi Eronen. I am re- using some of his slides in this presentation.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
TF-EMC2 February 2006, Zagreb Deploying Authorization Mechanisms for Federated Services in the EDUROAM Architecture (DAME) -Technical Project Proposal-

TF-EMC2 February 2006, Zagreb Deploying Authorization Mechanisms for Federated Services in the EDUROAM Architecture (DAME) -Technical Project Proposal-
Security Chapter, FIWARE Sprint 4.3.1 status Chapter Leader: Pascal Bisson Chapter Architect: Cyril Dangerville.

Security Chapter, FIWARE Sprint status Chapter Leader: Pascal Bisson Chapter Architect: Cyril Dangerville.
GRDevDay March 21, 2015 Cloud-based Identity for Applications.

GRDevDay March 21, 2015 Cloud-based Identity for Applications.
Widely Distributed Access Management Tom Barton University of Chicago.

Widely Distributed Access Management Tom Barton University of Chicago.
SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)

SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)
Prabath Siriwardena Senior Software Architect. An open source Identity & Entitlement management server.

Prabath Siriwardena Senior Software Architect. An open source Identity & Entitlement management server.
FI-WARE Overview Juanjo Hierro Telefonica Digital, Coordinator and Chief Architect, FI-WARE

FI-WARE Overview Juanjo Hierro Telefonica Digital, Coordinator and Chief Architect, FI-WARE
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
UMA Could I Manage My Own Data. Please?. Agenda Business Trends & Technical Solutions Distributed Business (Decentralisation) Mobility & Automation Delegation.

UMA Could I Manage My Own Data. Please?. Agenda Business Trends & Technical Solutions Distributed Business (Decentralisation) Mobility & Automation Delegation.
● Problem statement ● Proposed solution ● Proposed product ● Product Features ● Web Service ● Delegation ● Revocation ● Report Generation ● XACML 3.0.

● Problem statement ● Proposed solution ● Proposed product ● Product Features ● Web Service ● Delegation ● Revocation ● Report Generation ● XACML 3.0.
Open APIs for Open Minds Nuria de Lama, Atos Research & Innovation Future Internet Public Private Partnership in EU FI-WARE: Overview.

Open APIs for Open Minds Nuria de Lama, Atos Research & Innovation Future Internet Public Private Partnership in EU FI-WARE: Overview.
Survey of Identity Repository Security Models JSR 351, Sep 2012.

Survey of Identity Repository Security Models JSR 351, Sep 2012.
Applying FI-WARE Generic Enablers to Smart Grid Management: Electric Car Charging Scenario Dr. Steven Davy Mobile, Middleware, TSSG Mas2tering.

Applying FI-WARE Generic Enablers to Smart Grid Management: Electric Car Charging Scenario Dr. Steven Davy Mobile, Middleware, TSSG Mas2tering.

Similar presentations

Ads by Google