Using the OpenID protocol and SIM card-based authentication, the framework provides a secure and simple way to enable user registration and sign-in for your website. All you need to do is to define the identity attributes you wish to receive, the authentication method and the framework does the rest.

1. Identity
Management
Framework
A labs.ericsson.com API
http://labs.ericsson.com/apis/identity-management-framework/

2. Identity Management
Framework
› The Identity (ID) Management Framework enables your website to
provide easy and secure sign-in and sign-up.
› The ID Management Framework is composed by two main parts:
– An API that allows you to easily provide secure registration and
authentication functionalities to your website.
– A Portal that allows your end-users to manage and control their accounts.
› It is based on the OpenID protocol and provides support to GBA-
based authentication method.
– GBA is the upcoming technology for authentication using Mobile Network
Operators’ infrastructure.
› Support for Android smartphones and computer desktops.
© Ericsson AB 2010 | Page 2

3. WHY ID Management
Framework Enabler?
› Make your website easy and secure to sign-in and sign-up.
› Increase the number of registered users by eliminating the
barrier of creating a new account.
› Enable OpenID on your website with a few simple steps.
› No need to worry about registration forms, secure storage
of usernames and passwords, security algorithms and
protocols.
© Ericsson AB 2010 | Page 3

4. Main Features of the ID
Management Framework
› Support OpenID authentication: Your website can provide
login for your users using our ID Management Server or
any other OpenID Identity Provider on the Internet.
› Select the authentication method our Portal should use for
your users: Username/password or GBA-based
authentication.
› Request user’s information commonly requested on
registration forms (e.g., full name, email, phone, address).
© Ericsson AB 2010 | Page 4

5. ID Management Framework
Overview
© Ericsson AB 2010 | Page 5

6. Java Web API
› The API allows you to enable OpenID on your website.
› For your users, logging in your website can be as simple
as clicking on a button.
// Create a instance of the ClientAuthenticator class using the URL where your
// server will receive the responses for your authentication requests
ClientAuthenticator clientAuthenticator = new ClientAuthenticator ("http://
yoursite.com" + "?is_return=true");
// [Optional] Set which attributes you want to request.
AttributeRequest attrReq = new AttributeRequest();
attrReq.setFullnameRequested(true); attrReq.setEmailRequested(true);
// Create the authentication request URL. The userSuppliedString parameter is
// the OpenID identity informed by the user or our IdM server address.
String redirectRequestURL =
clientAuthenticator.getAuthRedirectionURL(userSuppliedString, attrReq);
// Redirect the user's browser and place the authentication request.
httpServletResponse.sendRedirect(redirectRequestURL);
© Ericsson AB 2010 | Page 6

7. Example application
Our API allows users to log into your website using the Ericsson
Labs Identity Management Framework.
The user’s web browser will be redirected to the Labs ID
Management website for authentication.
After successful authentication, the Labs ID Management Server
will redirect the user’s browser back to your website with a
confirmation, containing the user’s OpenID identity and some
optional attributes (e.g., full name, email, phone, address).
© Ericsson AB 2010 | Page 7

8. Android Support
› The user’s device can be
an Android smartphone.
› The framework
implements software that
partially simulates SIM
Card functionalities,
which we call GCE (GBA
Credential Engine).
© Ericsson AB 2010 | Page 8

9. © Ericsson AB 2010 | Page 9