Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Идентификация - Identity Management (Германия - Fraunhofer FOKUS 2011)


Published on

Identity Management (Fraunhofer FOKUS 2011)

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

Идентификация - Identity Management (Германия - Fraunhofer FOKUS 2011)

  1. 1. Competence Center ELAN Fraunhofer FOKUS Identity Management Workshop: Russian-German Centre for Interoperable eGovernment Systems Berlin, B li 10th J January 2011 Petra Hoepner
  2. 2. Competence Center ELAN Fraunhofer FOKUS Co cept o de t ty a age e t Concept of identity management Every person is many 2
  3. 3. Competence Center ELAN Fraunhofer FOKUS Co cept o de t ty a age e t Concept of identity management What is a digital identity? Statements about a person Long living identifier g g Set of attributes that describe characteristics and permissions People ha e different digital identities have diffe ent for different purposes The particular relevant one is being used Usage requires that only the legitimate owner can use this identity 3
  4. 4. Competence Center ELAN Fraunhofer FOKUS Co cept o de t ty a age e t Concept of identity management Vision: Citizens friendly identity management Every citizen has a digital identity with various attributes, that he can use to carry y g y , y out interactions in the digital world. He is free to decide to whom he leaves which attributes of his digital identity and for how long. He trusts in that the recipient of this information, e.g. the service provider is authentic. The citi en is in cont ol of the flo of his pe sonal info mation - e en ac oss citizen control flow personal information even across domains. If it is not necessary for the transaction to transmit personal attributes - he can refuse it. It is easy for the citizen to use his digital identity and to select the appropriate attributes for each transaction. 4
  5. 5. Competence Center ELAN Fraunhofer FOKUS Dimension of Identity Management Heterogenous Landscape Email-Access User name via website i b it Password Pass ord User name Online-Banking Password eGovernment User name services Password Biometrics IPSec eCommerce User name services Password User name Workplace Phishing Password Fraud User name Trojans Private Password other
  6. 6. Competence Center ELAN Fraunhofer FOKUS Identity Management Stakeholders Application and management of secure electronic identities
  7. 7. Competence Center ELAN Fraunhofer FOKUS Identity Functions and S i Id tit F ti d Services Identification/ Registration/ R i t ti / Secure Identity Management comprises: at identity provider or service provider Identification and Registration of users Authentication Authentication of users, i.e. transmit and verify „Login“ – identities (who am I?) Services, Websites, Man Communities Authorization of users for specific access (what nagement am I allowed to do?) Authorization Monitoring und Auditing of usage Roles and rights Management of user id titi M t f identities, roles and rights l d i ht Allow / deny access (management of life cycle, sessions and security context) Monitoring and Auditing Evidence of usage
  8. 8. Competence Center ELAN Fraunhofer FOKUS Evolution of Identity Management Identity Convergence User centric Identity Trust and interoperability of Federated Id F d t d User-centric User centric and various identity i id tit service-centric solutions and Architectural identities match approach: Identity services as a set of SingleSignOn g g attributes; Sharing of service-centric Single user-centric IDs ID paired with Username many service- Password centric IDs
  9. 9. Competence Center ELAN Fraunhofer FOKUS Secure eIdentity Laboratory eIdentity-Laboratory Cooperation of Fraunhofer FOKUS and the Bundesdruckerei Goals: Provision of a process- and service oriented architecture for identity-related information. Integration of various eIdentity technologies and solutions Platform a d a showcase for secu e at o and s o case o secure digital identities in innovative application scenarios
  10. 10. Competence Center ELAN Fraunhofer FOKUS The New Ge a ID Ca d e e German Card 10
  11. 11. Competence Center ELAN Fraunhofer FOKUS The New Ge a ID Ca d e e German Card Electronic functions online ID function new ID card was launched in Germany on 1 November 2010 Sovereign ID function / optionally stored on chip It combines the traditional ID qualified electronic signature (QES) card with th d ith three new electronic l t i functions 11
  12. 12. Competence Center ELAN Fraunhofer FOKUS The German eID Innovation – Mutual identification The Service Provider has to register with a German authority to access the German eID card and its attributes like name, address and age. Citizen Service Provider identifies itself Service With an authorization ce t cate t a aut o at o certificate Provider Citizen as well as the SP are trustworthy player within the German eID framework G ID f k Is the service provider Does the person Citizen identifies herself trustworthy? really exist? with German eID
  13. 13. Competence Center ELAN Fraunhofer FOKUS Authentication ith A thentication with the Ge man eID ca d German card Service Provider Transfer ID-data User authenticated 1 7 to service provider Access Web site 8 Redirect to 2 eID-service provider 4 Chip- and Terminal- h d l Citizen Authentication 3 Display4 6 forms Transfer ID d T f ID-data First name Last name 5 eID-Service Co Confirm ID- Age or: ID-secret + service data with PIN Provider ... provider number = Pseudonym
  14. 14. Competence Center ELAN Fraunhofer FOKUS Innovative applications – Identity of person and car Car re-registration with the new German eID card and a future automotive card Car re-registration incorporating the eID card and an e-paper based automotive card
  15. 15. Competence Center ELAN Fraunhofer FOKUS Identity and Privacy myID.privat: Privacy based on trusted combination of identity attributes Privacy and data security become more important in the virtual world Vision: anonymity and pseudonymity are possible with trusted electronic identities Design of an infrastructure supporting privacy of personal data Analysis and development of technologies for the combination of attributes Implementation of privacy-supporting scenarios Integration of the new German identity card
  16. 16. Competence Center ELAN Fraunhofer FOKUS Secure Id titi in the cloud S Identities i th l d eGovernment Services Secure authentication and access using the identity Social Networks card to built trust between provider and user of services eBusiness Services On Identity/Attribute Provider eSafe Secure Identity in the Cloud Secure Authentication and Access New German eID card
  17. 17. Competence Center ELAN Fraunhofer FOKUSChallenges in cloudsCh ll i l dTrust Relations TRUST
  18. 18. Competence Center ELAN Fraunhofer FOKUS Challenges in clouds Ch ll i l d Identity services Identification, User Provisioning Single user or bulk provisioning, types of users, rapid turnaround Authentication Secure authentication of internal privileged users (e.g. IT personnel) Secure authentication of external users (e.g. citizen, business users) Built-in B ilt i mechanisms or id tit management services h i identity t i Federated identities, single-sign-on, user-centric approaches, delegation of identity Access control Authorization and access based on user credentials (user profiles, roles) Authorization policy handling, authorization decisions, access control model g Auditing Provision of audit logs, liability Privacy Identity attributes data documents service usage attributes, data, documents,
  19. 19. Competence Center ELAN Fraunhofer FOKUS Missions for identity management ss o s o de t ty a age e t Secure eIdentity: Important Steps Development of future-oriented and secure solutions for complex identities in the virtual world in conjunction with the new ID card Promote the secure and seamless media communication among heterogeneous systems based on standardized y procedures / protocols Cross-border interoperability Contextual use of identity attributes Privacy-supporting technologies Combining various industry approaches, standards and solutions Modern industry states need an IT-infrastructure capable of managing securely electronic id titi l l t i identities 19
  20. 20. Competence Center ELAN Fraunhofer FOKUSPetra HP t HoepnerFraunhofer FOKUSResearch Group eIdentityKaiserin-Augusta-Allee 31, 10589 Berlin,Germany yTel +49 (30) 3463 7185Fax +49 (30) 3463 8000Internet: www.fokus.fraunhofer.deEmail: petra hoepner@fokus fraunhofer de