Klaus John, Proxy Authenticator Approach of a Signature based Single Sign on Proxy Solution for e-­‐Government Applications

  • 326 views
Uploaded on

#CeDEM13 Day 2 afternoon, Reflections, Main Hall, Chair: Morten Meyerhoff Nielsen

#CeDEM13 Day 2 afternoon, Reflections, Main Hall, Chair: Morten Meyerhoff Nielsen

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
326
On Slideshare
0
From Embeds
0
Number of Embeds
2

Actions

Shares
Downloads
1
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Service  Layer  Help  Layer  Customer  Layer  Browser    www.Help.gv.at  Portal    MOA-­‐ID  STORK   MOCCA  STORK  eDelivery   eSafe   HV-­‐Services  CiDzen  MOCCA  Server  MOA-­‐ID  Server  Graphics  Internet  Internet  eDelivery   eSafe   HV-­‐Services  26.05.13   1  Proxy  AuthenDcator  eGovernment  official  Channel  InformaDon    
  • 2. Help.gv.at:  Login  via  Mobile  26.05.13   2  eGovernment  official  Channel  InformaDon    
  • 3. Customer  Layer  myHelp  Layer  Service  Layer  Browser  eDelivery   eSafe   HV-­‐Services  MOA-­‐ID  STORK   MOCCA  STORK   MOA-­‐ID  STORK   MOCCA  STORK  CerDficate  &  Private  Key  in  accordance  to  §35  ZustG  in  Austria  CiDzen  MOCCA  Server  MOA-­‐ID  Server  Graphics  eDelivery,  eSave,  HV-­‐Services    CerDficate    GeneraDon  (pkcs12  Container)  ‚  [RegistraDon/Re-­‐entry  (a^er  First  RegistraDon)]  opDonal  CerDficate  Private  Key  1  2  CerDficate  GeneraDon  Internet  Internet  1  2  26.05.13   3    www.myHelp.gv.at  Portal    MOA-­‐ID  STORK   MOCCA  STORK  eSafe   HV-­‐Services  CerDficate  &    Private  Key  1  eDelivery  2  1  
  • 4. BRZ  eDelivery  Service:  Create  CerDficate  26.05.13   4  
  • 5. BRZ  eDelivery  Service:  pkcs12  Container  saved    26.05.13   5  
  • 6. Help.gv.at:  Connect  to  BRZ  eDelivery  Service  26.05.13   6  BRZ  eDelivery  Service  
  • 7. Service  Domain  myHelp  Domain    Private  User  Domain  Domain  Model:  Login  Request  26.05.13   7  CiDzen‘s  Client  Proxy  AuthenDcator  (Client  Proxy)  myHelp.gv.at  Key  Share  Holder  1  BRZ  login  page,  …  eDelivery  Service  meinBrief  login  page,  …  eDelivery  Service  Post  Server  login  page,  …  eDelivery  Service  Key  Share  Holder  n  1. URL  2. request  login  shared  Key  n  shared  Key  1  shared  Key      request  shared      Key  1-­‐n  
  • 8. BRZ  eDelivery  Service:  Upload  pkcs12  Container  26.05.13   8  
  • 9. BRZ  eDelivery  Service:  Show  Inbox  (2  Objects)  26.05.13   9  
  • 10. Sequence  Diagram  Data  Access  CiDzen   myHelp   ProxyAuthenDcator   KeySharholder  1   KeySharholder  n   Database   meinBrief  getData  validaDon  <  <  <  <  getData  getSharedKeyPart  1  getSharedKeyPart  n  validaDon  <   reconstructSharedKey  <  loadPrivateKey  +  CerDficate  <   decryptPrivateKey  +  CerDficate    <   connect  Post  Server  BRZ  eDeliveryService  26.05.13   10  
  • 11. Components  for  secure  saving  of  the    eDelivery  CerDficates  in  myHelp.gv.at  Key  Upload  Policy  Server  LDAP  MeinBrief  eDelivery  Service  load  access  Data  Key1  Access  (eDelivery  Correspondence)  myHelp.gv.at  load  CerDficate  +  Policy  Key  Site  Minder  (AuthenDcaDon)  store  CerDficate  +  Policy  Key  store  get  Key2+Key3  Key3  upload  CerDficate  +  Private    Key  MySQL  Post  Server  eDelivery  Service  BRZ  eDelivery  Service  Key2  based  on  (bPK+Key2+Key3)  26.05.13   11