1 / 17

GUIDE Keiron Salt keiron.salt@bt

GUIDE Keiron Salt keiron.salt@bt.com. What is GUIDE ?.

mimir
Download Presentation

GUIDE Keiron Salt keiron.salt@bt

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. GUIDE Keiron Saltkeiron.salt@bt.com

  2. What is GUIDE ? GUIDE (GovernmentUserIdentity forEurope)is an European Union funded research project conducting research and technological development with the aim of creating a technological, institutional, policy and socio-economic architecture for secure and interoperable e-government electronic identity services and transactions for Europe.

  3. Road of GUIDE and EU 2004: Lisbon Agenda 2006: Manchester ‘2010 Declaration’ Encourage Free Movement of Citizens, Capital and Services across the EU to encourage the Internal Market Pan-European Identity Interoperability

  4. GUIDE ArchitectureSummary • Objective • Creating an open architecture for Pan-European e-government electronic identity interoperability • To enable Member States to agree on the identity of an entity (for example a citizen or a business) • In order to enable eGovernment sectoral applications to conduct cross-border transactions with respect to that entity • The GUIDE architecture aligns with, leverages, and exploits both of • The IDABC European Interoperability Framework(EIF) architecture • Emerging International Standards for Federated Identity Management

  5. Is About Identity data interoperability Authentication Cross border services Standards adoption Standards specification Is Not About Storing Identity data will in GUIDE Application data interoperability Authorisation Internal MS services Re-inventing Implementation The Motivation ‘View’ - What are the Business Problems we’re trying to solve? - Getting the Scope right. • Guide delivers identity interoperability across the Member States of the EU. • Guide is not an end in itself, but a key enabler for Application inter- • operability to enable the Lisbon Initiatives which deliver the real benefits. • Guide aims to enable uninhibited movement and seamless government • engagement for citizens & businesses across the EU.

  6. eID – Smart card standards, & Issue Front-End Enrolment, etc PKI – Certificate Management 20 eGOV Apps EBR eTEN Schengen Applications Prime – Privacy Enhancement Guide – Identity Interoperability Back-End Interoperability IDABC – Generic middleware, Network IDABC Architecture alignment Guide positioning with other EU Initiatives

  7. Guide & EIF / IDABC Synergy IDABC PEGS Architecture – CGEY

  8. MS2 Provider Hub MS1 Cross Domain EU Identity Federation National Identity Federation EU Identity Provider Hub Identity Provider Hub National Identity Provider Hub MS3 Cross Domain MS5 MS4 Sub-national Identity Provider Hub Provider Hub Provider Hub Application Service Provider GUIDE Topology

  9. LIBERTY Identity Provider Guide GW Identity Provider Guide GW Guide GW Service Provider Service Consumer UNIFORM FIM MODEL Service Consumer Service Provider WS-FEDERATION SHIBOLETH GUIDE acknowledges that MS can utilise different FIM models UNIFORM FIM MODEL FIM Standard Models expect all actors to fall under the same model Subsidiarity v Standardisation Guide FIM Uniform FIM Gateways must act as Proxies for the Real actors

  10. 1 3 2 Civil Servant Civil Servant 3 2 1 Access Channels Access Channels Applications Applications Identity Providers Identity Providers Citizen present, and logging on to foreign system as a user (SSO) Citizen present, but user is a foreign Civil Servant Citizen not present, administrative trigger – eg. receipt of E101 form Pan EU Citizen Authentication Scenarios Citizen from Member State1 SAML & Liberty Alliance Profiles GUIDE gateway GUIDE gateway Member State 1 Member State 2

  11. GUIDE Liberty Profile Interface GUIDE Interaction Service GUIDE Liberty Interface GUIDE Discovery Service Member State Interface Transformation Services Transformation Services GUIDE SAML Interface GUIDE Request Handler GUIDE SAML Profile Interface GUIDE Software Agent GUIDE Software Agent - Logical Component Architecture

  12. Trust Services Logical Process Flow Security, Assurance, Privacy Interaction Discovery Identity Requests Identification Authentication Assertions Attribute Provision Update Lookup Redirection Consent Usage Directives Transformation Services Infrastructure Services Main GUIDE Core Services

  13. Service Profiles & Protocol Bindings Guide Abstract Service Model Shiboleth WS-Federation Guide Profile of Liberty Specs Guide Assurance Levels Guide Realms Guide Mechanisms Authentication Mechanism Authentication Realm Authentication Context Liberty ID-WSF V2.0 SAML v2.0 IDABC eLink Binding? SOAP http

  14. Guide Liberty Profile for Discovery Naming standards • <soap: Body> • <Query xmlns = “urn:liberty:disco:2003-08”> • <ResourceID>http://example.gov/g048HqeR4tsB</ResourceID> • <RequestedServiceType> • <ServiceType>urn:liberty: id-sis-pp:2003-08</ServiceType> • <Options> • <Option>urn:liberty:id-sis-pp:home</Option> • <Option>urn:liberty:id-sis-pp:informalName</Option> • <Option>urn:GUIDE:Realm:SocialSecurity</Option> • <Option>urn:GUIDE:Assurance:2</Option> • </Options> • <SecurityMechID> not used</SecurityMechID> • </RequestedServiceType> • </Query> • </soap: Body> <Options> Profiling

  15. Guide SAML Profile for Identification <!-- offline checking request --> <AttributeQuery ID="AjCUk2lleGVzft1456kRp51oFvJ5k" Version="2.0" IssueInstant="2005-08-11T17:42:04Z" Destination="http://www.IP1.eu" xmlns="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:oasis:names:tc:SAML:2.0:protocol http://docs.oasis-open.org/security/saml/v2.0/saml-schema-protocol-2.0.xsd urn:oasis:names:tc:SAML:2.0:assertion http://docs.oasis-open.org/security/saml/v2.0/saml-schema-assertion-2.0.xsd" > <!-- name of the requesting entity --> <saml:Issuer>http://www.myPEGS.eu</saml:Issuer> <saml:Subject> <saml:NameID /> <saml:SubjectConfirmation Method="urn:guide:multiple-attributes"> <saml:SubjectConfirmationData> <xs:any> <saml:Attribute Name="First Name"> <saml:AttributeValue>John</saml:AttributeValue> </saml:Attribute> <saml:Attribute Name="Last Name"> <saml:AttributeValue>Doe</saml:AttributeValue> </saml:Attribute> <saml:Attribute Name="Birth date"> <saml:AttributeValue>14.07.1971</saml:AttributeValue> </saml:Attribute> </xs:any> </saml:SubjectConfirmationData> </saml:SubjectConfirmation> </saml:Subject> <!-- following: list of attributes to be checked (name + value) --> <!-- omitted: methods for specifying desired attribute formats this should be provided by D1.2.7 --> <saml:Attribute Name="Language"> <saml:AttributeValue>Chinese</saml:AttributeValue> </saml:Attribute> <saml:Attribute Name="Nationality"> <saml:AttributeValue>GB</saml:AttributeValue> </saml:Attribute> <!-- <ds:Signature>...</ds:Signature> digital signature --> </AttributeQuery> Naming standards <Subject> Profiling <Attribute> Profiling

  16. Guide & EIF / IDABC Synergy IDABC PEGS Architecture – CGEY

  17. Policy Domain Policy Liability Accreditation Governance Trust Model Security Model Assurance Model Privacy Model Technical Domain Guide Trust Model

More Related