Your SlideShare is downloading. ×
0
Insu Eid 20111018
Insu Eid 20111018
Insu Eid 20111018
Insu Eid 20111018
Insu Eid 20111018
Insu Eid 20111018
Insu Eid 20111018
Insu Eid 20111018
Insu Eid 20111018
Insu Eid 20111018
Insu Eid 20111018
Insu Eid 20111018
Insu Eid 20111018
Insu Eid 20111018
Insu Eid 20111018
Insu Eid 20111018
Insu Eid 20111018
Insu Eid 20111018
Insu Eid 20111018
Insu Eid 20111018
Insu Eid 20111018
Insu Eid 20111018
Insu Eid 20111018
Insu Eid 20111018
Insu Eid 20111018
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Insu Eid 20111018

1,129

Published on

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,129
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. EID in Belgium INSU - Stockholm – 24/Oct/2011 Bart Hanssens
  • 2. Introduction
  • 3. Electronic ID Card (front)
  • 4. Electronic ID Card (back)
  • 5. Electronic ID Card <ul><li>Compulsory </li><ul><li>8 million cards </li></ul><li>Contact card
  • 6. Basic info </li><ul><li>Name, address, gender, unique national number
  • 7. Low-res photo (no advanced biometrics) </li></ul><li>2 Key-pairs </li><ul><li>Signing and authentication (same PIN code)
  • 8. No PIN-code caching for signing </li></ul></ul>
  • 9. Some applications <ul><li>Tax on Web </li><ul><li>Most “popular” </li></ul><li>Police on Web </li><ul><li>Report shoplifting, vandalism, bike theft </li></ul><li>National e-Lottery
  • 10. Loyalty card
  • 11. Library card </li></ul>
  • 12. Community <ul><li>Almost all components are open source </li><ul><li>LGPL, not EUPL </li></ul><li>Multi-channel support </li><ul><li>Helpdesk for middleware
  • 13. Google group / mailing list, twitter, ... </li></ul><li>Demo site, documentation, videos, ... </li></ul>
  • 14. Components
  • 15. Classic middleware <ul><li>Open source </li><ul><li>LGPL, not EUPL </li></ul><li>Windows, MacOS, Linux 32/64-bit </li><ul><li>User-friendly “quick install” available </li></ul><li>Small SDK </li><ul><li>V3: own API
  • 16. V4: PKCS#11 v1.2 </li></ul><li>Issue: user still has to install it manually </li></ul>
  • 17. Federal Authentication Service <ul><li>SAML 2
  • 18. eID card and token
  • 19. Supported </li><ul><li>Federal, Regional, Municipalities </li></ul></ul>
  • 20. New architecture: IDP example Browser JBOSS EID Card IDP Trust Service Applet Website jtrust OCSP Belgium Module
  • 21. Applet <ul><li>Java SE 6
  • 22. Communicates directly with the card </li><ul><li>No middleware required ! </li></ul><li>Supported on recent (desktop) browsers </li><ul><li>IE 7+, Firefox 3+, Chrome 9+, Safari
  • 23. Auto-installs correct JRE </li></ul></ul>
  • 24. Identity Provider <ul><li>Uses Applet and Trust Service
  • 25. JBoss 6 package
  • 26. Communicates with Relying Parties (sites)
  • 27. Multi-protocol </li><ul><li>SAML 2, OpenID 2, WS-Federation
  • 28. Integrators don't have to be eID experts ! </li></ul><li>Not available as service (yet) </li><ul><li>Best effort support </li></ul></ul>
  • 29. Trust <ul><li>Trust Service </li><ul><li>Checks validity
  • 30. OCSP or (cached) CRL </li></ul><li>jTrust library </li><ul><li>CRL
  • 31. Validation of X509 certificates
  • 32. Alternative to Java Certification Path Validator API </li></ul></ul>
  • 33. Drupal eID – IDP module <ul><li>Will be released as open source </li><ul><li>NOT the Coworks module on Drupal.org </li></ul><li>Reuses Drupal's openid code </li><ul><li>But “core” openid module must be disabled </li></ul><li>User-friendly: </li><ul><li>Log in button: no need to remember URL
  • 34. Self-registration with eID </li></ul><li>Mapping of eID info to Profile module fields </li><ul><li>OpenID AX Schema </li></ul></ul>
  • 35. Digital Signature Service <ul><li>Uses Applet, Trust and Timestamp Service
  • 36. XAdES-X-L
  • 37. Sign any XML “document” </li><ul><li>ETSI ASiC (ZIP)
  • 38. ODF / OOXML
  • 39. Define your own format </li></ul><li>Visualisation </li><ul><li>Admin can register trusted XSLTs
  • 40. Optionally: embed eID photo
  • 41. “green mark” in OpenOffice / MS-Office </li></ul></ul>
  • 42. Demo: Drupal and eID
  • 43. Step 1: push beID button
  • 44. Step 2: insert eID card
  • 45. Step 3: enter PIN code
  • 46. Step 4: enter email address
  • 47. More info
  • 48. References <ul><li>http://eid.belgium.be
  • 49. http://code.google.com/p/eid-applet/
  • 50. http://code.google.com/p/eid-idp/
  • 51. http://code.google.com/p/eid-dss/
  • 52. http://code.google.com/p/jtrust/
  • 53. https://www.e-contract.be </li></ul>
  • 54. Questions ?
  • 55. Thanks ! Fedict – Federal Public Service ICT Maria-Theresiastraat 1/3 1000 Brussels (Belgium) www.fedict.be bart.hanssens[at]fedict.be | @BartHanssens

×