stork 2.0 service boost egov services through identity ...€¦ ·...
TRANSCRIPT
![Page 1: STORK 2.0 service Boost eGov Services through Identity ...€¦ · example:&diplomasupplement& • Name-value pairs (data) • Provide basic personal identity for a digital subject](https://reader033.vdocuments.site/reader033/viewer/2022060210/5f048b5c7e708231d40e7f31/html5/thumbnails/1.jpg)
þ i4M Lab" Stork 2.0 is an EU co-‐funded project INFSO-‐ICT-‐PSP-‐297263
@INFOSTRAG, #syros, #july2014, #stork2, #e-government
How a country would intelligently use STORK 2.0 service offerings: Boost eGov Services through Identity Attributes Provision
<Petros KAVASSALIS, Univ. of the Aegean, i4M Lab & CTIP, Greece> <Stelios LELIS, Univ. of the Aegean, i4M Lab, Greece>
þ i4M Lab"
![Page 2: STORK 2.0 service Boost eGov Services through Identity ...€¦ · example:&diplomasupplement& • Name-value pairs (data) • Provide basic personal identity for a digital subject](https://reader033.vdocuments.site/reader033/viewer/2022060210/5f048b5c7e708231d40e7f31/html5/thumbnails/2.jpg)
þ i4M Lab"
• sophisticated products • R. Anand et al, 2012,
IMF: “… Some products are more sophisticated, in the sense that they are associated with higher productivity levels*, and those countries that latch on to such products will perform better. Over time, the sophistication of a country’s production structure may evolve, through either an increase in the quality of previously produced goods, or a move into new, more sophisticated products….” (* and low price elasticity of exports)
2 Stork 2.0 is an EU co-‐funded
project INFSO-‐ICT-‐PSP-‐297263
background
![Page 3: STORK 2.0 service Boost eGov Services through Identity ...€¦ · example:&diplomasupplement& • Name-value pairs (data) • Provide basic personal identity for a digital subject](https://reader033.vdocuments.site/reader033/viewer/2022060210/5f048b5c7e708231d40e7f31/html5/thumbnails/3.jpg)
þ i4M Lab"
presentation outline
• STORK 2.0: The European Network for e-identity provision – online identity federation – identity attributes
• e-government services – the “information move” requirement – aggregate information from various sources
• Re-use STORK 2.0 to provide smart e-gov services
3 Stork 2.0 is an EU co-‐funded
project INFSO-‐ICT-‐PSP-‐297263
![Page 4: STORK 2.0 service Boost eGov Services through Identity ...€¦ · example:&diplomasupplement& • Name-value pairs (data) • Provide basic personal identity for a digital subject](https://reader033.vdocuments.site/reader033/viewer/2022060210/5f048b5c7e708231d40e7f31/html5/thumbnails/4.jpg)
þ i4M Lab"
STORK in a picture…
4 Stork 2.0 is an EU co-‐funded
project INFSO-‐ICT-‐PSP-‐297263
Italian ciEzen
Italian Stork
gateway “C-‐PEPS”
e-‐ID + aNribute provider ( Italian )
3. select your country
4a. consent? 4b. which e-‐ID?
2. go Stork! 1. ask for service
service provider
Swedish Stork
gateway “S-‐PEPS”
5a. authenAcaAon 5b. consent (final)
![Page 5: STORK 2.0 service Boost eGov Services through Identity ...€¦ · example:&diplomasupplement& • Name-value pairs (data) • Provide basic personal identity for a digital subject](https://reader033.vdocuments.site/reader033/viewer/2022060210/5f048b5c7e708231d40e7f31/html5/thumbnails/5.jpg)
þ i4M Lab"
What are identity attributes?
5 Stork 2.0 is an EU co-‐funded
project INFSO-‐ICT-‐PSP-‐297263
example: diploma supplement
• Name-value pairs (data) • Provide basic personal identity
for a digital subject (physical person or legal entity)
– Name. address etc. • Used also to define
characteristics; examples: – Is over 18? – Has income below 10KE
(Year2013)? – Has business location in Paris
• Attributes may also contain rich information about a subject, such as education profile, purchasing behavior, bank account and balance etc.
– Complex attributes
![Page 6: STORK 2.0 service Boost eGov Services through Identity ...€¦ · example:&diplomasupplement& • Name-value pairs (data) • Provide basic personal identity for a digital subject](https://reader033.vdocuments.site/reader033/viewer/2022060210/5f048b5c7e708231d40e7f31/html5/thumbnails/6.jpg)
þ i4M Lab"
STORK 2.0 in a nutshell
• A common framework for cross-border federation and delivery of electronic identity in Europe – In online-processes
• web authentication via multi-attributes digital identities • e-mandate provision (vital for legal entities) • e-signature cross-border transfer
– Open standards (SAML 2.0, HTTP POST, WebSSO) – Deployment model
• Based on the creation of “PEPS” proxy nodes • EU Member States develop their own PEPS… a more decentralized
architecture could be possible • Pilots in real-world environment (examples, open a bank account,
diploma supplement, mandates with detailed power description etc.) • Previous STORK until Dec. 2011 - STORK 2.0: 2013-15, go pilot
now, go in real life after the end of STORK 2.0
Stork 2.0 is an EU co-‐funded project INFSO-‐ICT-‐
PSP-‐297263 6
![Page 7: STORK 2.0 service Boost eGov Services through Identity ...€¦ · example:&diplomasupplement& • Name-value pairs (data) • Provide basic personal identity for a digital subject](https://reader033.vdocuments.site/reader033/viewer/2022060210/5f048b5c7e708231d40e7f31/html5/thumbnails/7.jpg)
þ i4M Lab"
STORK 2.0 in detail
7 Stork 2.0 is an EU co-‐funded
project INFSO-‐ICT-‐PSP-‐297263
!
STORK EU-‐EEA MS proxy nodes
IdenLty and AMribute Providers
Service Prov
iders
MS B
idenLty as a service
***In US: Backend ANribute Exchange (BAE) but only for Federal Government Services
![Page 8: STORK 2.0 service Boost eGov Services through Identity ...€¦ · example:&diplomasupplement& • Name-value pairs (data) • Provide basic personal identity for a digital subject](https://reader033.vdocuments.site/reader033/viewer/2022060210/5f048b5c7e708231d40e7f31/html5/thumbnails/8.jpg)
þ i4M Lab"
Who is in? 19 EU countries!
8 Stork 2.0 is an EU co-‐funded
project INFSO-‐ICT-‐PSP-‐297263
![Page 9: STORK 2.0 service Boost eGov Services through Identity ...€¦ · example:&diplomasupplement& • Name-value pairs (data) • Provide basic personal identity for a digital subject](https://reader033.vdocuments.site/reader033/viewer/2022060210/5f048b5c7e708231d40e7f31/html5/thumbnails/9.jpg)
þ i4M Lab"
STORK 2.0 basic features: (i) a network of proxy nodes (PEPS)
9 Stork 2.0 is an EU co-‐funded
project INFSO-‐ICT-‐PSP-‐297263
+$FGH!FQ3.Q(36!<&.!936!R32T3.!+/1/38! ! X,'*!BY/S!?@BB!
!
!!+$FGH:3"=!!#&98&./(,2!! ! !!!!!!!!!!!!!!!!%103!O!&<!?P!
!!
X '>8!(9:8<AQ8<4B656:K!?A785!
I!%;%+!)&993)/8!(/8!91/(&91'!3"=!(9<.18/.,)/,.3!/&!<&.3(09!83.Q()3!-.&Q(73.8V!18!63''!18!(/8!91/(&91'!
83.Q()3!-.&Q(73.8!/&!<&.3(09!3"=!(9<.18/.,)/,.3C!$&!T3!1T'3!/&!,83!8,)S!3"=!(9<.18/.,)/,.3V!/S3!,83.!
-'1*8!19!(2-&./19/!.&'3j!6(/S&,/!S3.>S(8!-1./()(-1/(&9!/S3.3i8!9&!61*!/&!03/!71/1!3g)S19037C!$S,8!1!
%;%+!S18!N!(9/3.<1)38V!18!2173!)'31.!(9!/S3!<&''&6(90!)S1./E!
PEPS Colleagueinterface
National eID interface
ServiceProviderInterface
UserInterface
PEPS Colleagueinterface
National eID interface
ServiceProviderInterface
UserInterface
!
.6TG<8!H!`!%&%+!497!6:E!69:8<;438E!
$S(8!8)S321!(8!,837!/&!3g-'1(9!T.(3<'*!/S3!)&9)3-/,1'!(9/3.&-3.1T('(/*!2&73'C!
!
XVH %&%+!E:<G3:G<8!aS39!)&993)/(90!1!83.Q()3!-.&Q(73.!/&!/S3!+$FGH!-'1/<&.2V!/S(8!)&993)/(&9!6(''!T3!7&93!/S.&,0S!
S(8!91/(&91'!+$FGH!9&73C!$S(8!9&73!)&993)/8!/&!31)S!&<!/S3!&/S3.!91/(&91'!9&738!&<!/S3!-'1/<&.2V!
6S()S!&9!/S3(.!/,.9!)&993)/!/&!/S3!91/(&91'!3"=!(9<.18/.,)/,.3C!
C-PEPSColleagueinterface
National eID interface
UserInterface
S-PEPSServiceProviderInterface
C-PEPSColleagueinterface
National eID interface
UserInterface
S-PEPSServiceProviderInterface
!
.6TG<8!L!`!'aA!%&%+8E!3A??G9634:69T!
!
$S,8!&93!&<!/S3!/6&!%;%+38!S18!/S3!.&'3!&<!+:%;%+V!1//397(90!.3U,38/8!<.&2!+3.Q()3!%.&Q(73.8V!(9!
/S3!+%!)&,9/.*V!/S3!&/S3.!&93!S18!/S3!.&'3!&<!#:%;%+V!/1L(90!)1.3!&<!/S3!(9/3.<1)3!6(/S!/S3!)(/(k39V!
(9!)(/(k39i8!)&,9/.*C!$S(8!'18/!.&'3!1'8&!188,238!/S3!(9/3.<1)3!6(/S!3"=!-.&Q(8(&9(90!197!-&88(T'3!
177(/(&91'!I//.(T,/3!%.&Q(73.8C!
%'3183!9&/3!/S1/V!3Q39!/S&,0S!/S3!.37(.3)/(&9!<.&2!+%!/&!/S3!#:%;%+!0&38!/6()3!/S.&,0S!/S3!,83.i8!
T.&683.!197!/S.&,0S!/S3!+:%;%+V!/S383!(9/3.237(1/3!8/3-8!1.3!/.198-1.39/!<&.!/S3!,83.C!
$S383!.&'38V!+:%;%+!197!#:%;%+!)19!1'8&!T3!8339!6(/S(9!/S3!8/.,)/,.3!&<!/S3!%;%+!8&</61.3!197!
/S3! )&993)/&.8! /&! T3! (9/3..&01/37C!]&.21''*V! (9! &93! ).&88:T&.73.! /.1981)/(&9V! 1! %;%+!6(''! &9'*!
188,23!&93!&<!/S383!.&'38j!&9'*!(<!+%!)&,9/.*!197!)(/(k39!)&,9/.*!1.3!/S3!8123V!/S(8!%;%+!6&,'7!
188,23!T&/S!.&'38C!J,/!/S(8!8)391.(&!(8!9&/!).&88:T&.73.V!8&!&,/8(73!+$FGHi8!8)&-3V!197!(9!8&23!
)&,9/.(38!6&,'79i/!6&.LC!
SP S-‐PEPS
IdP
AP
C-‐PEPS
+$FGH!FQ3.Q(36!<&.!936!R32T3.!+/1/38! ! X,'*!BY/S!?@BB!
!
!!+$FGH:3"=!!#&98&./(,2!! ! !!!!!!!!!!!!!!!!%103!O!&<!?P!
!!
X '>8!(9:8<AQ8<4B656:K!?A785!
I!%;%+!)&993)/8!(/8!91/(&91'!3"=!(9<.18/.,)/,.3!/&!<&.3(09!83.Q()3!-.&Q(73.8V!18!63''!18!(/8!91/(&91'!
83.Q()3!-.&Q(73.8!/&!<&.3(09!3"=!(9<.18/.,)/,.3C!$&!T3!1T'3!/&!,83!8,)S!3"=!(9<.18/.,)/,.3V!/S3!,83.!
-'1*8!19!(2-&./19/!.&'3j!6(/S&,/!S3.>S(8!-1./()(-1/(&9!/S3.3i8!9&!61*!/&!03/!71/1!3g)S19037C!$S,8!1!
%;%+!S18!N!(9/3.<1)38V!18!2173!)'31.!(9!/S3!<&''&6(90!)S1./E!
PEPS Colleagueinterface
National eID interface
ServiceProviderInterface
UserInterface
PEPS Colleagueinterface
National eID interface
ServiceProviderInterface
UserInterface
!
.6TG<8!H!`!%&%+!497!6:E!69:8<;438E!
$S(8!8)S321!(8!,837!/&!3g-'1(9!T.(3<'*!/S3!)&9)3-/,1'!(9/3.&-3.1T('(/*!2&73'C!
!
XVH %&%+!E:<G3:G<8!aS39!)&993)/(90!1!83.Q()3!-.&Q(73.!/&!/S3!+$FGH!-'1/<&.2V!/S(8!)&993)/(&9!6(''!T3!7&93!/S.&,0S!
S(8!91/(&91'!+$FGH!9&73C!$S(8!9&73!)&993)/8!/&!31)S!&<!/S3!&/S3.!91/(&91'!9&738!&<!/S3!-'1/<&.2V!
6S()S!&9!/S3(.!/,.9!)&993)/!/&!/S3!91/(&91'!3"=!(9<.18/.,)/,.3C!
C-PEPSColleagueinterface
National eID interface
UserInterface
S-PEPSServiceProviderInterface
C-PEPSColleagueinterface
National eID interface
UserInterface
S-PEPSServiceProviderInterface
!
.6TG<8!L!`!'aA!%&%+8E!3A??G9634:69T!
!
$S,8!&93!&<!/S3!/6&!%;%+38!S18!/S3!.&'3!&<!+:%;%+V!1//397(90!.3U,38/8!<.&2!+3.Q()3!%.&Q(73.8V!(9!
/S3!+%!)&,9/.*V!/S3!&/S3.!&93!S18!/S3!.&'3!&<!#:%;%+V!/1L(90!)1.3!&<!/S3!(9/3.<1)3!6(/S!/S3!)(/(k39V!
(9!)(/(k39i8!)&,9/.*C!$S(8!'18/!.&'3!1'8&!188,238!/S3!(9/3.<1)3!6(/S!3"=!-.&Q(8(&9(90!197!-&88(T'3!
177(/(&91'!I//.(T,/3!%.&Q(73.8C!
%'3183!9&/3!/S1/V!3Q39!/S&,0S!/S3!.37(.3)/(&9!<.&2!+%!/&!/S3!#:%;%+!0&38!/6()3!/S.&,0S!/S3!,83.i8!
T.&683.!197!/S.&,0S!/S3!+:%;%+V!/S383!(9/3.237(1/3!8/3-8!1.3!/.198-1.39/!<&.!/S3!,83.C!
$S383!.&'38V!+:%;%+!197!#:%;%+!)19!1'8&!T3!8339!6(/S(9!/S3!8/.,)/,.3!&<!/S3!%;%+!8&</61.3!197!
/S3! )&993)/&.8! /&! T3! (9/3..&01/37C!]&.21''*V! (9! &93! ).&88:T&.73.! /.1981)/(&9V! 1! %;%+!6(''! &9'*!
188,23!&93!&<!/S383!.&'38j!&9'*!(<!+%!)&,9/.*!197!)(/(k39!)&,9/.*!1.3!/S3!8123V!/S(8!%;%+!6&,'7!
188,23!T&/S!.&'38C!J,/!/S(8!8)391.(&!(8!9&/!).&88:T&.73.V!8&!&,/8(73!+$FGHi8!8)&-3V!197!(9!8&23!
)&,9/.(38!6&,'79i/!6&.LC!
![Page 10: STORK 2.0 service Boost eGov Services through Identity ...€¦ · example:&diplomasupplement& • Name-value pairs (data) • Provide basic personal identity for a digital subject](https://reader033.vdocuments.site/reader033/viewer/2022060210/5f048b5c7e708231d40e7f31/html5/thumbnails/10.jpg)
þ i4M Lab"
STORK 2.0 basic features: : (ii) an attribute collection and aggregation service
10 Stork 2.0 is an EU co-‐funded
project INFSO-‐ICT-‐PSP-‐297263
SP
National IdP
AtP1
AtP2
1 2
3
4
5
6
7
8
9
10 11
aMribute collecLon service
IdP
AP
SP
STORK 2.0 ACS
Interaction with the user
![Page 11: STORK 2.0 service Boost eGov Services through Identity ...€¦ · example:&diplomasupplement& • Name-value pairs (data) • Provide basic personal identity for a digital subject](https://reader033.vdocuments.site/reader033/viewer/2022060210/5f048b5c7e708231d40e7f31/html5/thumbnails/11.jpg)
þ i4M Lab"
e-identity in sum…
• A digital identity is a composite document – Multi-section; each section includes a personal attribute – Multi-provider; attributes are collected from multiple Identity and
Attribute Providers -- IdPs and APs providing service at different quality levels (LOA)
• Is managed by a federated identity structure (which also manages the user consent process)
• Is created through the collection of attributes from IdPs and APs members of the federation
• Is delivered to a Service Provider (SP), and consumed by the SP in an online authentication and access control process (user consent)
11 Stork 2.0 is an EU co-‐funded
project INFSO-‐ICT-‐PSP-‐297263
![Page 12: STORK 2.0 service Boost eGov Services through Identity ...€¦ · example:&diplomasupplement& • Name-value pairs (data) • Provide basic personal identity for a digital subject](https://reader033.vdocuments.site/reader033/viewer/2022060210/5f048b5c7e708231d40e7f31/html5/thumbnails/12.jpg)
þ i4M Lab"
The STORK 2.0 mechanism for identity attributes provision can be re-used to enable smart e-gov
services
• e-gov services: requirements for federating personal information to (usually) produce an electronic document
• Cross-border services by necessity – Should span over multiple organizations
• Always involve a process orchestrating various IT systems and users – applicant interface – basic registries – gov IT (cms etc) – employees desktops – third party services (for example banks)
12 Stork 2.0 is an EU co-‐funded
project INFSO-‐ICT-‐PSP-‐297263
![Page 13: STORK 2.0 service Boost eGov Services through Identity ...€¦ · example:&diplomasupplement& • Name-value pairs (data) • Provide basic personal identity for a digital subject](https://reader033.vdocuments.site/reader033/viewer/2022060210/5f048b5c7e708231d40e7f31/html5/thumbnails/13.jpg)
þ i4M Lab"
An e-gov service as the outcome of a process
13 Stork 2.0 is an EU co-‐funded
project INFSO-‐ICT-‐PSP-‐297263 Petros KAVASSALIS <pkavassalis@atlanLs-‐
13
Applicant: acEvity
Public Employee: acEvity
Legacy System and Third Part ApplicaEons
orchestraLon: business process management – case management etc.
this is a typical e-‐gov service!
service outcome
request
![Page 14: STORK 2.0 service Boost eGov Services through Identity ...€¦ · example:&diplomasupplement& • Name-value pairs (data) • Provide basic personal identity for a digital subject](https://reader033.vdocuments.site/reader033/viewer/2022060210/5f048b5c7e708231d40e7f31/html5/thumbnails/14.jpg)
þ i4M Lab"
Re-use STORK 2.0 as the basic infrastructure for e-gov processes support (national level)
• Federated Identity can revolutionize e-government services – Securing access to online government services through federated IDs
• STORK 2.0 can provide “lessons to learn” on how to organize federated identity services at the national level
• STORK 2.0 may also provide a mechanism for smart e-services requiring interaction with the users and not extended internal process automation – BPMS solutions are expensive – Public employees are reluctant to adopt a “task attribution” method of
work • The STORK 2.0 infrastructure is here, the cost of re-using STORK in
national e-gov provision is limited, it can efficiently supply a lot of sophisticated scenarios of e-gob services (4th and 5th level of sophistication)…
14 Stork 2.0 is an EU co-‐funded
project INFSO-‐ICT-‐PSP-‐297263
![Page 15: STORK 2.0 service Boost eGov Services through Identity ...€¦ · example:&diplomasupplement& • Name-value pairs (data) • Provide basic personal identity for a digital subject](https://reader033.vdocuments.site/reader033/viewer/2022060210/5f048b5c7e708231d40e7f31/html5/thumbnails/15.jpg)
þ i4M Lab"
STORK 2.0 for e-government: an opportunity for smart and lean e-gov services
Example: subscription of freshmen in Greek Universities involves the physical presence of a student’s family. e-subscription through STORK 2.0!
15 Stork 2.0 is an EU co-‐funded
project INFSO-‐ICT-‐PSP-‐297263
ApplicaLon submission
recepLon STORK 2.0
IdP
minedu
idenLficaLon subscripLon
Document submission
![Page 16: STORK 2.0 service Boost eGov Services through Identity ...€¦ · example:&diplomasupplement& • Name-value pairs (data) • Provide basic personal identity for a digital subject](https://reader033.vdocuments.site/reader033/viewer/2022060210/5f048b5c7e708231d40e7f31/html5/thumbnails/16.jpg)
þ i4M Lab"
How STORK 2.0 makes it possible? By creating clean interfaces at the extreme points…
16 Stork 2.0 is an EU co-‐funded
project INFSO-‐ICT-‐PSP-‐297263
AP
IdP SP
STORK SAML 2.0
common enterprise technologies WS-‐REST
common enterprise technologies
SSO-‐WS-‐workflow
Streamline to increase aggregaLon efficiency
STORK enabled applicatons
![Page 17: STORK 2.0 service Boost eGov Services through Identity ...€¦ · example:&diplomasupplement& • Name-value pairs (data) • Provide basic personal identity for a digital subject](https://reader033.vdocuments.site/reader033/viewer/2022060210/5f048b5c7e708231d40e7f31/html5/thumbnails/17.jpg)
þ i4M Lab"
http://www.eid-stork2.eu
17 Stork 2.0 is an EU co-‐funded
project INFSO-‐ICT-‐PSP-‐297263
![Page 18: STORK 2.0 service Boost eGov Services through Identity ...€¦ · example:&diplomasupplement& • Name-value pairs (data) • Provide basic personal identity for a digital subject](https://reader033.vdocuments.site/reader033/viewer/2022060210/5f048b5c7e708231d40e7f31/html5/thumbnails/18.jpg)
þ i4M Lab" 18 Stork 2.0 is an EU co-‐funded
project INFSO-‐ICT-‐PSP-‐297263