Идентификация - identity management (Германия - fraunhofer fokus 2011)

Post on 14-Dec-2014






Click to see full reader


Identity Management (Fraunhofer FOKUS 2011)


Competence Center ELAN Fraunhofer FOKUS

Identity Management

Workshop: Russian-German Centre for Interoperable eGovernment Systems B li 10th J 2011

Petra Hoepner

Berlin, 10th January 2011

Petra Hoepner

Competence Center ELAN Fraunhofer FOKUS

Concept of identity managementCo cept o de t ty a age e tEvery person is many


Competence Center ELAN Fraunhofer FOKUS

Concept of identity managementCo cept o de t ty a age e tWhat is a digital identity?

Statements about a person

Long living identifier g g

Set of attributes that describe characteristics and permissions

People ha e diffe ent digital identitiesPeople have different digital identities for different purposes

The particular relevant one is being usedused

Usage requires that only the legitimate owner can use this identity


Competence Center ELAN Fraunhofer FOKUS

Concept of identity managementCo cept o de t ty a age e tVision: Citizens friendly identity management

Every citizen has a digital identity with various attributes, that he can use to carry y g y , yout interactions in the digital world.

He is free to decide to whom he leaves which attributes of his digital identity and for how long. He trusts in that the recipient of this information, e.g. the service provider is authentic.

The citi en is in cont ol of the flo of his pe sonal info mation e en ac ossThe citizen is in control of the flow of his personal information - even across domains.

If it is not necessary for the transaction to transmit personal attributes he canIf it is not necessary for the transaction to transmit personal attributes - he can refuse it.

It is easy for the citizen to use his digital identity and to select the appropriateIt is easy for the citizen to use his digital identity and to select the appropriate attributes for each transaction.


Competence Center ELAN Fraunhofer FOKUS

Dimension of Identity Management

Email-Access i b it

Dimension of Identity ManagementHeterogenous Landscape

User namePass ord


via website Password

User namePassword



User namePassword


User namePassword



WorkplacePhishingUser namePassword





User namePassword


Competence Center ELAN Fraunhofer FOKUS

Identity Management StakeholdersIdentity Management StakeholdersApplication and management of secure electronic identities

Competence Center ELAN Fraunhofer FOKUS

Id tit F ti d S i

Secure Identity Management comprises:Identification/ R i t ti /

Identity Functions and Services

Secure Identity Management comprises:

Identification and Registration of users

Registration/at identity provider or service provider

Authentication of users, i.e. transmit and verify identities (who am I?)

Authorization of users for specific access (what

Authentication„Login“ –

Services, Websites, Communities


am I allowed to do?)

Monitoring und Auditing of usage

M t f id titi l d i htAuthorizationRoles and rights



Management of user identities, roles and rights (management of life cycle, sessions and security context)

Roles and rightsAllow / deny access

Monitoring and AuditingEvidence of usage

Competence Center ELAN Fraunhofer FOKUS

Evolution of Identity ManagementEvolution of Identity Management

F d t d Id

User centric IdentityUser centric and

Identity Convergence Trust and interoperability of

i id tit


Federated IdArchitectural approach: Identity as a set of attributes; Sharing

User-centric and service-centric identities match

various identity solutions and services

Username Password

g gSingle user-centric ID paired with many service-centric IDs

of service-centric IDs

Competence Center ELAN Fraunhofer FOKUS

Secure eIdentity LaboratorySecure eIdentity-LaboratoryCooperation of Fraunhofer FOKUS and the Bundesdruckerei

Goals: Provision of a process- and service oriented architecture for identity-related information.

Integration of various eIdentitytechnologies and solutions

Platform and a showcase for secure at o a d a s o case o secu edigital identities in innovative application scenarios

Competence Center ELAN Fraunhofer FOKUS

The New German ID Card e e Ge a Ca d


Competence Center ELAN Fraunhofer FOKUS

The New German ID Card e e Ge a Ca dElectronic functions

online ID function

new ID card was launched in Germany on 1 November 2010

online ID function

Sovereign ID function / optionally stored on chip

It combines the traditional ID d ith th l t i

qualified electronic signature (QES)

card with three new electronic functions


Competence Center ELAN Fraunhofer FOKUS

The German eIDThe German eIDInnovation – Mutual identification

The Service Provider has to register with a German authority to access the German eID card and its attributes like name, address and age.

Citizen Service Provider

Service Provider identifies itselfWith an authorization certificate Providert a aut o at o ce t cate

Citizen as well as the SP are trustworthy player within the

G ID f k Is the service

provider trustworthy?

Does the person really exist?

Citizen identifies herselfwith German eID

German eID framework

Competence Center ELAN Fraunhofer FOKUS

A thentication ith the Ge man eID ca dAuthentication with the German eID card

Service Provider


User authenticated 1Access Web site

7 Transfer ID-datato service provider

Redirect toeID-service provider




h d lCitizen4


Chip- and Terminal-Authentication

6T f ID d

4 Display forms

eID-Service Provider

Transfer ID-data

5Confirm ID-

First name

Last name

Age or:


ProviderCodata with PIN

AgeID-secret + serviceprovider number= Pseudonym


Competence Center ELAN Fraunhofer FOKUS

Innovative applications Identity of person and carInnovative applications – Identity of person and carCar re-registration with the new German eID card and a future automotive card

Car re-registration incorporating the eID card and an e-paper based automotive cardautomotive card

Competence Center ELAN Fraunhofer FOKUS

Identity and PrivacyIdentity and Privacy myID.privat: Privacy based on trusted combination of identity attributes

Privacy and data security become more Privacy and data security become moreimportant in the virtual worldVision: anonymity and pseudonymity are possible with trusted electronic identitiesDesign of an infrastructure supporting privacy of personal dataAnalysis and development of technologies for the combination of attributesImplementation of privacy-supporting scenariosIntegration of the new German identity cardcard

Competence Center ELAN Fraunhofer FOKUS

S Id titi i th l d

eGovernment ServicesSecure authentication and

Secure Identities in the cloud

Social Networks

eBusiness Services

access using the identity card to built trust between provider and user of services



eBusiness ServicesIdentity/Attribute Provider


Secure Identity in the Cloud

New German eID card

Secure Authentication and Access

New German eID card

Competence Center ELAN Fraunhofer FOKUS

Ch ll i l dChallenges in cloudsTrust Relations


Competence Center ELAN Fraunhofer FOKUS

Ch ll i l dChallenges in cloudsIdentity services

Identification, User Provisioning

Single user or bulk provisioning, types of users, rapid turnaround


Secure authentication of internal privileged users (e.g. IT personnel)

Secure authentication of external users (e.g. citizen, business users)

B ilt i h i id tit t iBuilt-in mechanisms or identity management services

Federated identities, single-sign-on, user-centric approaches, delegation of identity

Access control

Authorization and access based on user credentials (user profiles, roles)

Authorization policy handling, authorization decisions, access control model


Provision of audit logs, liability


Identity attributes data documents service usageIdentity attributes, data, documents, service usage

Competence Center ELAN Fraunhofer FOKUS

Missions for identity management ss o s o de t ty a age e tSecure eIdentity: Important Steps

Development of future-oriented and secure solutions for complex identities in the virtual world in conjunction with the new ID cardnew ID card Promote the secure and seamless media communication among heterogeneous systems based on standardized yprocedures / protocols Cross-border interoperabilityContextual use of identity attributesPrivacy-supporting technologiesCombining various industry approaches, standards and solutions

Modern industry states need an IT-infrastructure capable of managing l l t i id titi


securely electronic identities

Competence Center ELAN Fraunhofer FOKUS

P t HPetra Hoepner

Fraunhofer FOKUS Research Group eIdentityKaiserin-Augusta-Allee 31, 10589 Berlin,Germanyy

Tel +49 (30) 3463 7185Fax +49 (30) 3463 8000Fax +49 (30) 3463 8000

Internet: www.fokus.fraunhofer.deEmail: petra hoepner@fokus fraunhofer deEmail: petra.hoepner@fokus.fraunhofer.de

top related