130 likes | 418 Views
WP8 Security and Privacy Identity Management 15. November 2012 Wolfgang Steigerwald (DT) Robert Seidl (NSN). Agenda . Aspects of Identity Management Differences of the IdM solutions The Nokia Siemens Network (NSN) IdM -System The Deutsche Telekom (DT) IdM -System
E N D
WP8 Security and Privacy Identity Management 15. November 2012 Wolfgang Steigerwald (DT) Robert Seidl (NSN)
Agenda • Aspects of Identity Management • Differences of the IdM solutions • The Nokia Siemens Network (NSN) IdM-System • The Deutsche Telekom (DT) IdM-System • Questions, Answers and Discussion
Device Application User Service Network Aspects of Identity Management Single Sign-Ontoservice domains Identity Federationtowardsapplications Authentication Authentication Authorisation private secure Accounting mutual User & ProfileManagement Authorisation & Trust Management
Features NSN DT Authentication Methods: • Username/Password Yes Yes • eID (STORK) Yes (2nd version) No • 3rd Party Login Yes Yes • Attribute Based Credentials Yes No • Supported Protocols: • OAuth2.0 Yes (2nd version) Yes • SAML2.0 Yes No • OpenID Yes (2nd version) Yes • https Yes Yes • Interfaces: • Web Yes Yes • RestFull No Yes • Markets: Telecommunication Internet Shops
What we have and what we will offer in detail to FI-Ware UC projects. Customer self care / Customer care tools Identity management / Authentication • At the portal, the user may choose different authentication methods: • username / password • Facebook Connect (Facebook can be used as Identity Provider) • Support of ABC4Trust credentials • Other authentication methods (not in portal) include: • AAA • GBA • German eID • Identity federation in general possible • Full list of attributes can be viewed on overview page • Transparency towards user is an important concern • At the portal, users are able to view and (partially) modify their attributes • Basic identifiers cannot be modified (because e.g. full name is legally bound to a contract) Service specific profile Features for One-IDM customers • Service specific attributes can be viewed • Account name at service • Account type (existing or on-demand) • Attribute release policy (admin role) • Authentication at service can consider the trust level of used authentication method at portal (cf. box above) • Service will be managed and hosted by NSN • Provisioning of user accounts will be done by NSN • Set-up of trust relations will be done by NSN • Configuration of attribute database scheme will be done by NSN The red marked features will be not available in the project.
How you can use the One-IDM federation One-IDM System IdMServer Example Service IdM Portal Service browserbasedredirect User’s Home
The Global Customer Platform GCP
What we have and what we will offer in detail to FI-Ware UC projects. Customer self care / Customer care tools Registration / Identity management / Product booking • Customizable customer self care portal for customer data administration, account administration, contract management, billing management • Customer care tooling for managing user-data, customer-data, contract-data and invoicing • Customer care tooling can be integrated with existing customer care systems • Complete online registration • Complete Login, logout, single-sign-on • Registration and login using 3rd party identity providers (facebook, google, yahoo!, …) • Password change, password recovery, management of 3rd party ID-federations • OAuth 2.0-based API for apps on iOS, android, … • Complete checkout-process for product booking • Complete management of payment-information Product management / Subscription management for free products Features for GCP-B2B-customers • Product catalog management (commercial aspects such as price-plans, contractual attributes) • Payment management for subscription products • Wide range of pricing-models for subscriptions (fixed recurring, trial periods, set-up fees, usage based post paid, …) • Global payment methods • Cloud-offer: Managed and hosted environment • DTAG security- and data-privacy standards • Complete online administration • Online management of customer care agents • Complete control over your brand – white-label platform • Any functionality also exposed via APIs for full integration • Complete and comprehensive online documentation The red marked features will be not available in the project.
How you can use GCP WEB Shop login Customer Self-care Management WEB Shop login Registrationor Login Customer Care Management Tenant Instance WEB Shop login Admin Configuration Global Customer Platform
How to access the demos Outlook GCP demo https://logint2.idm.toon.sul.t-online.de/media-store https://logint2.idm.toon.sul.t-online.de/music-service https://logint2.idm.toon.sul.t-online.de/video-service Please contact wolfgang.steigerwald@telekom.de One-IDM https://85.183.197.168:8443/idmPortal http://85.183.197.168/shop/catalog Please contact gerald.meyer@nsn.com Prerequisite: add these lines to your „hosts“ file(/etc/hosts or c:\windows\system32\drivers\etc\hosts): 85.183.197.168 idm.nsn.com 85.183.197.168 payb.nsn.com 85.183.197.168easybuy • During the project we will provide a common interface for both IDM systems • We will provide additional features: • One-IDM: • switch to Digital Self • support of OAuth2.0, OpenID, eID • GCP: • new features will be developed regarding customer needs • enhancements to the REST-API