eic2011 rolling presentation_1
DESCRIPTION
European Identity Conference '11 presentationTRANSCRIPT
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved. Confidential
Your Partner in Identity and Access Management
EIC’2011
UBISECURE SOLUTIONS, INC.
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved. Confidential
Where Ubisecure comes from:Finland
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved. Confidential
Finland: Background
5.3 million residents
Approx 325 000 companies (2009)
Parliamentary republic with central government
336 local municipalities
EU member since January 1995
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved. Confidential
Finland: ICT background
High Internet penetration (86% of 16–74 old Finns use internet; 50% of 7 year-olds use it!!)
High e-commerce acceptance (92% use)
High mobile penetration (>100%; all ages)
High broadband services penetration
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved. Confidential
Before – All services were physically centralized
1960-90:Physical shopping centers
Typically always populated by:Taxation Office, Government Social Insurance Org, Employment Office, Several Bank(s), Shop, Bar, Doctor, …
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved. Confidential
Internet: Where services – and people are now
Today all services are found in Internet
Finnish people shop in internet close to 10 Billion € in 2010
More than 92% of Finnish people has used internet for shopping…
People are hanging around in Internet
All ages: 4 … 75+ yrs(not joking ☺)
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved. Confidential
Why such a strong trend?
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved. Confidential
88
OLD GENERATION
MASSES
FOLLOWERS
PIONEERS
AGE OF 20 .. 69
YOUNGERGENERATIONS
Consumer Groups Market Behavior…
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved. Confidential
Physical OfficeService
ATM Services
TelephoneService
MobileInternet Service
InternetService
..0.50€Transaction
..0.20 €Session
Near Field CommunicationMobile Services
30-50€Visit
10-20€Call
..0.10 €Session
1-2€Transaction
..0.10 €Session
Cost Efficiency per Service Channel
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved. Confidential
Physical OfficeService
TelephoneService
47€Visit
19€Call
Finland Monthly Income (2010)
Monthly Income (2005-10)
~ 3113€
PerHour
Average Salary ~ 3400€ ~ 20€
Average employment costs (x 1.8)
~ 6120€ ~ 5605€ ~ 36€
ServiceAverage1h 17min
ServiceAverage31 min
12€Mailing
MailCorrespondence Service
ServiceAverage23 min
Cost Efficiency per Service Channel
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved. Confidential
Large scalee-Gov authentication and authorization
Service in Finland
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved. Confidential
In this Customer casewe have Millions of users using
Ubilogin protected services each month.
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved. Confidential
More than 32 Million users since 2004.
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved. Confidential
That is more than six times the population.
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved. Confidential
More than 72% of the Companies each month.
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved. Confidential
No one could keep track and manage all those identities.
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved. Confidential
Neither our Business Partner.
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved. Confidential
Nor our Customer.
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved. Confidential
So, the identity management needed to beDelegated.
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved. Confidential
In a well-controlled manner.
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved. Confidential
And Automated.
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved. Confidential
1) ThereforeExternal Identity Management…
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved. Confidential
2) Therefore Federation.
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved. Confidential
3) And with the ultimate Single Sign-On user experience.
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved. Confidential
Tunnistus.fi Identity Provider
”Tunnistus” (finnish) means Identification
Joint project of the Tax Administration, Ministry of Employment and the Economy and the Social Insurance office
IdP Proxy service for Banks and eID cards
Joint venture consortium contract signed March 2003
RFQ March 2003, Implementation 5 months
Operational January 2004
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved. Confidential
Tunnistus.fi
G2C AuthN
Web single sign-on based on both proprietory and SAML2 protocols
Liberty Interoperable tested
Single logout
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved. Confidential
Tunnistus.fi and VETUMA federation
Two similar systems cover different target groups under different government budgets with different service mandates
New government portal service started in 2011 is driving increased authentication volume
Tunnistus.fi and VETUMA will be federated together in Q1 2011 using discovery based on the CDC approach
Stakeholders developed the eGov Deployment Profile for Finnish public sector SAML2 WebSSO deployment profile. The profile is based on the Kantara eGov implementation profile 2.0 and the SAML2int.org ver 0.2 deployment profile[1].
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved. Confidential
KATSO
G2C AuthN & AuthZ
Self-service authentication and authorization service for government e-services
Sample of features:
User self-registration
Role delegation (to other sub-user)
Power of attorney (user-to-user, user-to-org, org-to-org)
Self-service credential management
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved. Confidential
KATSO Roles
Different role groupsInternal system rolesGeneral rolesService specific roles
Total roles: 51
Roles provided by KARVA = SAML2 Attribute Authority
SP queries role information after authentication using SAML2 Attribute Query
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved. Confidential
KATSO Web Services
KATSO operates an ID-WSF 2.0 WSIDP also enabling integration of non-browser clients
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved. Confidential
KATSO History
Introduced 2006
2009: over 30 services
Top 3Unemployment registration (Tax)Tax card ordering (Tax)Registering as a job seeker (Social insurance)
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved. Confidential
KATSO
Two types of authentication
Strong: Katso OTP (One time password PIN/TAN)Weak: PWD (Username and password)
Strong authentication initial registration based on bank assurance (TUPAS) or physical visit
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved. Confidential
KATSO
Use of KATSO initially limited to consortium members
Legislation changes have recently permitted wider use
Use outside of government services still limited by legislation
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved. Confidential
KATSO: G2BHow does it work?
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved. Confidential
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved. Confidential
Self service enrolment
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved. Confidential
Familiar process
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved. Confidential
Bank authentication
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved. Confidential
Indexed TAN
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved. Confidential
Attribute release consent
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved. Confidential
New: Telcos as Commercial IdPs for eGov
Commercial Wireless PKI (MPKI, WPKI) service launched 30.11.2010
Named ”Mobiilivarmenne” Mobile Certificate
http://www.mobiilivarmenne.fi/en/en_2.html
Supported by 3 out of 4 national telcos
Competing with TUPAS service
Roaming function - one contract with one telco is enough
ETSI MSS Mobile Signature Service
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved. Confidential
Telcos as Commercial IdPs
Long history – previous studies and commercial trials commencing around 2003 to use national ID in the mobile had failed
New business model, purely commercial
Requires government-issued CA license with stringent auditing
Application embedded in SIM (application toolkit application)
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved. Confidential
Telcos as Commercial IdPs
Works while roaming (SMS based transport)
Pricing for end usersElisa: 0.09 per transaction (Free until Nov 2011)Other telco pricing unknown
Pricing for SP servicesUnpublished
Expected adoption in G2C services in 2011
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved. Confidential
What has been achieved?(The benefits)
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved. Confidential
Government Business Case –has cumulated savings of 1.05 Billion €
Today 32+ Million transactions served in “Federated Government Service Center”
Before– it would have meant 32+ Million service sessions in physical service points or telephone
Example what costs this couldhave generated “back then”:
50% physical + 50% telephone
Service Cost: 1.05 Billion €
16 million x 47 € = 748 M€
16 million x 19 € = 301 M€
Instead, these costshave now been saved!
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved. Confidential
Reality check: eGovernment Business Case (at least) 656 M€Saved Costs so far!
Reality-check:What if part of the customers would have “dropped out”
That is: Less customers served, Less service sessions
Example, that is, savings
AT LEAST:
10 million phone calls
10 million visits
12 million (example) not served or “solved” any other way
Service costs would still have been 656 M€!!!
10 million x 47€ = 468 M€
10 million x 19€ = 188 M€
This means, thatAt least these costshave been saved!!
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved. Confidential
One of the greatest eGovernment Success Stories in the World!
32+ Million transactions served in “Federated Government Service Store”in Finland
Six times the population served so far!
Service Costs by the end of 2010 e.g.1€/tr
Current service volume 2M tr/month 4,5 times the populationserved each year!
Now 71% (!) of the companies in Finland are registered as users of the service
Huge impact on G2B services!
Currently the transfer to Internet generates 763 M€ savings per yearfor Government in Finland (and this mainly so far only for three agencies as others are now joining)
SOME HIGHLIGHTSOF THE SUCCESS:
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved. Confidential
Tunnistus.fi Statistics
Chart credit: Verohallinta, Finnish tax administration
Authentications
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved. Confidential
KATSO Statistics
Chart credit: Verohallinta, Finnish tax administration
Authentications
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved. Confidential
ROI is rather ”nice” ☺
ROI for the IAM solution
AuthN for G2CFor 2004 - 2010 = that is 7 yrs in production2006 - 2010 = that is 6 yrs in productionAuthZ for G2B
253 470% (!) Not included: the services that attract users and generate the benefits
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved. Confidential
The Elements for Success
IAMindustry
(standards, mature technology,mature products)
Commercial IDPs
Government
Public IDPs
Keen users:CompaniesResidents
Cooperation! Cooperation!
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved. Confidential
Single Sign On.
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved. Confidential
Single Sign-On across allweb-based Services…
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved. Confidential
…and also across the Services of the Business partners.
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved. Confidential
And across the Cloud-based Services.
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved. Confidential www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved.
THANK YOU!
Ubisecure Solutions, Inc.
www.ubisecure.com <firstname.lastname>@ubisecure.com
FINLAND: SWEDEN:Tekniikantie 14 WTC, Klarabergsviadukten 70, Box 70396 FIN-02150 Espoo S-10724 Stockholm
tel. +358-9-2517 7250fax +358-9-2517 7070
Registered in Espoo, Finlandreg. nr. FI1748721-4
Ubisecure paves the way for a smoother and safer Internet. Ubisecure software products enable new online business concepts and speed the growth of existing web-based operations by joining separate sites and services into larger trusted areas. The innovative products allow internet users to flexibly and securely move between online services – without encountering repeated login prompts. Ubisecure maintains an extensive network of partners that offer organizations advice, consulting and technical services; and provides high-level training in secure online business through the widely appreciated Ubisecure IAM Academy. Founded in 2002 in Finland, Ubisecure Solutions Inc. is a pioneering provider of standardized identity and access management solutions. For more information, please visit www.ubisecure.com.
Identify and Authorize.Enable secure business.