a user-centric, anonymous and interoperable pan-european eid pavel sekanina september 13th, 2006
TRANSCRIPT
A User-centric, Anonymous and Interoperable pan-European eID
Pavel Sekanina
September 13th, 2006
Company introduction
Description Portfolio Business Data Selected Customers
2
3
ANECT – who are we?
We are a major supplier of information and communication systems and applications relating to convergent networks, their services and security.
As a systems integrator, we are active, in particular, in the public administration, commercial and financial institutions and telecommunication operators.
We provide professional services from consultation and audits to the design of solutions and project management, the development of applications, the monitoring and maintenance of networks and ICT solutions outsourcing.
4
Our portfolio
5
…some business data
1993 - floatation of the company (20 employees)
2006 - ANECT has 200 employees in Prague, Brno (Czechland) and Bratislava (Slovakia).
CEO – Miroslav Řihák, voted Entrepreneur of the Year 2005 in the Czech Republic
6
Selected customers
Public administration Ministry of Finance, Ministry of Labor and Social affairs,
Ministry of Agriculture, Ministry of Foreign Affairs General Directorate of Customs, ÚZSVM, ČSSZ, …
Commercial sector ČP (Czech Insurance), ČP Leasing, Komerční banka,
Kooperativa Insurance DHL, ČEZ, IKEA, KIA Motors Slovakia Aliatel, Czech Telecom, Eurotel, Vodafone, …
Project
A User-centric, Anonymous and Interoperable pan-European eID
Current state Desired final state Basic schema of the solution Suggested milestones
7
Authentication, Authorization, Accounting
8
Authentication – a process where is established that Pierce Brosnan is really The Pierce Brendan Brosnan
Role - a group of users with the same type of rights Pierce Brosnan – role James Bond James Bond group: Thomas Sean Connery, Pierce Brendan
Brosnan, George Lazenby, Roger Moore, Timothy Dalton
Authorization – rights to perform certain action, usually based on the role of the person James Bond – „licence/license to kill“ editor – has right to cut out “unnecessary” scenes from the movie
Accounting – keeping track of the actions (logs)
9
Current status
Service provider centric solutions user has to obey and adjust to the rules set up by service
provider Government issued eID
Austria Belgium Estonia
Liberty alliance – identity provider consortium of private companies federated architecture circles of trust
EU activities: Modinis-IDM project Results
Inflation of identities and passwords Limited use on the international level Potential Security risk caused by user misbehavior
10
Targeted result
User centric solution Technologically neutral An architecture based on open standards “Anonymous ID” – protecting privacy of user data Standardized measure of the „strength“ of eID
e.g. username + password = “weak” - good for on-line chat 2048bit SSL + Secure token = “strong” – good for e-
Banking eID is used in the real life:
from web chats, e-Shops, e-Libraries, e-Banking to e-government communication on the international level
11
Key principles of the solution
Independent authentication and authorization To allow mixture of authentication techniques
Multiple IDs Access rights managed and stored separately
from place where access rights are executed EAD – External Authorization Database
Management of the identity base on and stored in the information systems and not in the tokens
12
Basic schema
Authorization manager
Authenticationsystem 1
Authorizationdatabase system
Application data 1
Application data 2
Usercommunication
A&Acommunication
Authenticationsystem 2
user OIDAu-ID1Au-ID2Re-ID1Re-ID2namegroup
Au-ID1
Au-ID2
Re-ID1 xx yy
Re-ID2 aa bb
Au-ID2
Au-ID2
Au-ID1
13
Suggested milestones
Interface design reuse of current standards adding of new necessary rules and missing parts
Security policy Architecture of relations between the participants
Citizens, Government agencies,
Service providers, …
Pilot consortium design verification
14
Questions (and maybe some answers )
???!