Идентификация - identity management (Германия - fraunhofer fokus 2011)
DESCRIPTION
Identity Management (Fraunhofer FOKUS 2011)TRANSCRIPT
Competence Center ELAN Fraunhofer FOKUS
Identity Management
Workshop: Russian-German Centre for Interoperable eGovernment Systems B li 10th J 2011
Petra Hoepner
Berlin, 10th January 2011
Petra Hoepner
Competence Center ELAN Fraunhofer FOKUS
Concept of identity managementCo cept o de t ty a age e tEvery person is many
2
Competence Center ELAN Fraunhofer FOKUS
Concept of identity managementCo cept o de t ty a age e tWhat is a digital identity?
Statements about a person
Long living identifier g g
Set of attributes that describe characteristics and permissions
People ha e diffe ent digital identitiesPeople have different digital identities for different purposes
The particular relevant one is being usedused
Usage requires that only the legitimate owner can use this identity
3
Competence Center ELAN Fraunhofer FOKUS
Concept of identity managementCo cept o de t ty a age e tVision: Citizens friendly identity management
Every citizen has a digital identity with various attributes, that he can use to carry y g y , yout interactions in the digital world.
He is free to decide to whom he leaves which attributes of his digital identity and for how long. He trusts in that the recipient of this information, e.g. the service provider is authentic.
The citi en is in cont ol of the flo of his pe sonal info mation e en ac ossThe citizen is in control of the flow of his personal information - even across domains.
If it is not necessary for the transaction to transmit personal attributes he canIf it is not necessary for the transaction to transmit personal attributes - he can refuse it.
It is easy for the citizen to use his digital identity and to select the appropriateIt is easy for the citizen to use his digital identity and to select the appropriate attributes for each transaction.
4
Competence Center ELAN Fraunhofer FOKUS
Dimension of Identity Management
Email-Access i b it
Dimension of Identity ManagementHeterogenous Landscape
User namePass ord
Online-Banking
via website Password
User namePassword
eGovernmentservices
Password
User namePassword
eCommerceservices
User namePassword
IPSec
Biometrics
WorkplacePhishingUser namePassword
Private
Fraud
Trojans
other
User namePassword
other
Competence Center ELAN Fraunhofer FOKUS
Identity Management StakeholdersIdentity Management StakeholdersApplication and management of secure electronic identities
Competence Center ELAN Fraunhofer FOKUS
Id tit F ti d S i
Secure Identity Management comprises:Identification/ R i t ti /
Identity Functions and Services
Secure Identity Management comprises:
Identification and Registration of users
Registration/at identity provider or service provider
Authentication of users, i.e. transmit and verify identities (who am I?)
Authorization of users for specific access (what
Authentication„Login“ –
Services, Websites, Communities
Man
am I allowed to do?)
Monitoring und Auditing of usage
M t f id titi l d i htAuthorizationRoles and rights
nagem
ent
Management of user identities, roles and rights (management of life cycle, sessions and security context)
Roles and rightsAllow / deny access
Monitoring and AuditingEvidence of usage
Competence Center ELAN Fraunhofer FOKUS
Evolution of Identity ManagementEvolution of Identity Management
F d t d Id
User centric IdentityUser centric and
Identity Convergence Trust and interoperability of
i id tit
SingleSignOn
Federated IdArchitectural approach: Identity as a set of attributes; Sharing
User-centric and service-centric identities match
various identity solutions and services
Username Password
g gSingle user-centric ID paired with many service-centric IDs
of service-centric IDs
Competence Center ELAN Fraunhofer FOKUS
Secure eIdentity LaboratorySecure eIdentity-LaboratoryCooperation of Fraunhofer FOKUS and the Bundesdruckerei
Goals: Provision of a process- and service oriented architecture for identity-related information.
Integration of various eIdentitytechnologies and solutions
Platform and a showcase for secure at o a d a s o case o secu edigital identities in innovative application scenarios
Competence Center ELAN Fraunhofer FOKUS
The New German ID Card e e Ge a Ca d
10
Competence Center ELAN Fraunhofer FOKUS
The New German ID Card e e Ge a Ca dElectronic functions
online ID function
new ID card was launched in Germany on 1 November 2010
online ID function
Sovereign ID function / optionally stored on chip
It combines the traditional ID d ith th l t i
qualified electronic signature (QES)
card with three new electronic functions
11
Competence Center ELAN Fraunhofer FOKUS
The German eIDThe German eIDInnovation – Mutual identification
The Service Provider has to register with a German authority to access the German eID card and its attributes like name, address and age.
Citizen Service Provider
Service Provider identifies itselfWith an authorization certificate Providert a aut o at o ce t cate
Citizen as well as the SP are trustworthy player within the
G ID f k Is the service
provider trustworthy?
Does the person really exist?
Citizen identifies herselfwith German eID
German eID framework
Competence Center ELAN Fraunhofer FOKUS
A thentication ith the Ge man eID ca dAuthentication with the German eID card
Service Provider
8
User authenticated 1Access Web site
7 Transfer ID-datato service provider
Redirect toeID-service provider
2
4
8
h d lCitizen4
3
Chip- and Terminal-Authentication
6T f ID d
4 Display forms
eID-Service Provider
Transfer ID-data
5Confirm ID-
First name
Last name
Age or:
forms
ProviderCodata with PIN
AgeID-secret + serviceprovider number= Pseudonym
...
Competence Center ELAN Fraunhofer FOKUS
Innovative applications Identity of person and carInnovative applications – Identity of person and carCar re-registration with the new German eID card and a future automotive card
Car re-registration incorporating the eID card and an e-paper based automotive cardautomotive card
Competence Center ELAN Fraunhofer FOKUS
Identity and PrivacyIdentity and Privacy myID.privat: Privacy based on trusted combination of identity attributes
Privacy and data security become more Privacy and data security become moreimportant in the virtual worldVision: anonymity and pseudonymity are possible with trusted electronic identitiesDesign of an infrastructure supporting privacy of personal dataAnalysis and development of technologies for the combination of attributesImplementation of privacy-supporting scenariosIntegration of the new German identity cardcard
Competence Center ELAN Fraunhofer FOKUS
S Id titi i th l d
eGovernment ServicesSecure authentication and
Secure Identities in the cloud
Social Networks
eBusiness Services
access using the identity card to built trust between provider and user of services
On
eSafe
eBusiness ServicesIdentity/Attribute Provider
services
Secure Identity in the Cloud
New German eID card
Secure Authentication and Access
New German eID card
Competence Center ELAN Fraunhofer FOKUS
Ch ll i l dChallenges in cloudsTrust Relations
TRUST
Competence Center ELAN Fraunhofer FOKUS
Ch ll i l dChallenges in cloudsIdentity services
Identification, User Provisioning
Single user or bulk provisioning, types of users, rapid turnaround
AuthenticationAuthentication
Secure authentication of internal privileged users (e.g. IT personnel)
Secure authentication of external users (e.g. citizen, business users)
B ilt i h i id tit t iBuilt-in mechanisms or identity management services
Federated identities, single-sign-on, user-centric approaches, delegation of identity
Access control
Authorization and access based on user credentials (user profiles, roles)
Authorization policy handling, authorization decisions, access control model
Auditingg
Provision of audit logs, liability
Privacy
Identity attributes data documents service usageIdentity attributes, data, documents, service usage
Competence Center ELAN Fraunhofer FOKUS
Missions for identity management ss o s o de t ty a age e tSecure eIdentity: Important Steps
Development of future-oriented and secure solutions for complex identities in the virtual world in conjunction with the new ID cardnew ID card Promote the secure and seamless media communication among heterogeneous systems based on standardized yprocedures / protocols Cross-border interoperabilityContextual use of identity attributesPrivacy-supporting technologiesCombining various industry approaches, standards and solutions
Modern industry states need an IT-infrastructure capable of managing l l t i id titi
19
securely electronic identities
Competence Center ELAN Fraunhofer FOKUS
P t HPetra Hoepner
Fraunhofer FOKUS Research Group eIdentityKaiserin-Augusta-Allee 31, 10589 Berlin,Germanyy
Tel +49 (30) 3463 7185Fax +49 (30) 3463 8000Fax +49 (30) 3463 8000
Internet: www.fokus.fraunhofer.deEmail: petra hoepner@fokus fraunhofer deEmail: [email protected]