SlideShare a Scribd company logo

RealMe Technical Overview 2013 v1.1

Download as PPTX, PDF
V
Venkat Maddali

RealMe technical overview to Wellington Solution Architects Forum.

DesignTechnology
1 of 31
RealMe ® Technical Overview: November 2013 Venkat Maddali Solution Architect Department of Internal Affairs
What is RealMe? RealMe is a partnership between New Zealand Post and Department of Internal Affairs. RealMe offers: • Authentication: RealMe Login Service The RealMe Login Service allows the user to use a same login (i.e. username and password) to access a wide range of public and private sector online services. • Online Identity Assurance: RealMe Assertion Service The RealMe Assertion Service allows the user to provide their verified personal information from multiple authoritative source to a wide range of private and public sector online services.
Key Terminology • RealMe Account – also know as RealMe login which allows the user to authenticate at the relying parties. The user can create multiple accounts and they are pseudonymous. • RealMe Verified Account – the user can have only one verified account which can be accessed via moderate strength authentication ( username, password and OTP). The verified account is linked with verified identity( IVS) and verified residential address (AVS) through user consent .
RealMe Services – Current State Client organisations Agencies Banks Login Platform Applications Launch market focus Powered by ID Assurance Consent Service Account Service Personal Information Providers NZP DIA RealMe login – low or moderate
RealMe Key Principles The following are few key principles for RealMe • Privacy • User centricity • Integrity • Security . Page 5
RealMe ecosystem SA1 SA2 SA3 Bank Relying Parties SAML SAML Login Service (SAML2.0 IDP) Assertion Service (SAML2.0 IDP) Context Mapping Service (STS) Consent Service Account Service (SAMLv2.0 SP) Helpdesk Service RealMe SAML, WS- Trust Identity Attribute Providers IVS AVS Agency 3 Agency 4 Web Bank
RealMe Integration Patterns • Login Integration Patterns ( RealMe <-> RP) • IAP Integration Patterns ( RealMe <-> IAP) • Identity Assurance Integration Patterns (RealMe <-> RP)
Login Integration Patterns • Login Only – core user authentication pattern • Extend Login – an extension to Login Only integration pattern • Seamless Login - an extension to Login Only integration pattern
Login Integration Patterns L1 – Login Only Relying Party Context: • Relying Party is required to authenticate a user for • Account creation • Apply for entitlements • Identifying the user returning to the service, etc • The relying party runs their own evidence of identity (EOI) process to verify the user and granting entitlements etc
Login Integration Patterns L1 – Login Only 9. Landing Page 1. Initiates transaction 4. Displays login page and user submits credentials Relying Party RealMe Web Application 8. FLT + Authentication strength 2. forwards 3. SAMLv2.0 Authn Request 5.SAMLv2.0 Artifact 6. Artifact Resolve SAMLv2.0 Service Provider 7. SAML v2.0 Assertion Login Service (SAMLv2.0 IDP)
Login Integration Patterns L1 – Login Only High Level Use Case Diagram
Login Integration Patterns L1 – Login Only Technical Integration Specification Login Integration Standard: SAMLv2.0 • Profile: Web SSO Profile – SP initiated SSO • Binding: Artifact Binding
Login Integration Patterns L2 – Extend Login Relying Party Context: Relying Party extends the user authentication to other relying parties (web services) to: • pull personal information to support their EOI process, entitlement process,etc • push personal information to support other relying party's EOI process, entitlement process
Login Integration Patterns L2 – Extend Login 17. Confirmation message 10. Submits details Relying Party RealMe Web Application 13. Request for personal info 16. Response Web Service Relying Party2 Login Service (SAMLv2.0 IDP) Context Mapping Service (STS)
Login Integration Patterns L2 – Extend Login High Level Use Case Diagram RealMe Extend Login Context Login Relying Party 2 Submits credentails <<include>> <<include>> <<include>> User Apply Send / Update Personal Information <<extend>> User Provisioning Relying Party
Login Integration Patterns L2 – Extend Login Technical Integration Specification Integration Standards: SAMLv2.0, WS-Trust 1.4 • SAMLv2.0 Profile: Web SSO Profile – SP initiated SSO • SAMLv2.0 Binding: Artifact Binding • WS-Trust Bindings: Issue and Validate
Login Integration Patterns L3 – Seamless Login Relying Party Context: • Two relying parties have a direct relationship and one relying party provides a navigational link, so that the user can seamlessly navigate to other relying party to: • View/ manage their account at the other relying party • Apply for entitlements, etc
Login Integration Patterns L3 – Seamless Login 16. Landing Page Relying Party Web Application 10. Clicks Link to RP2 RealMe Login Service (SAMLv2.0 IDP) Context Mapping Service (STS) 15. Authn strength + FLTRP2 Web Application SAMLv2.0 Service Provider Relying Party2 14. SAMLv2.0 Assertion through Artifact Binding (IDP initiated SSO)
Login Integration Patterns L3 – Seamless Login Technical Integration Specification Integration Standard: SAMLv2.0, WS-Trust 1.4 • SAMLv2.0 Profile for RP2: Web SSO Profile – IDP initiated SSO • SAMLv2.0 Binding for RP2: Artifact Binding • WS-Trust Bindings for RP1: Issue
Login Integration Patterns L3 – Seamless Login High Level Use Case Diagram RealMe Login Seamless Login Relying Party 2 Submits credentails <<include>> <<include>> <<include>> User manages Create/ Manage Account Manage Account Relying Party <<extend>> Navigate to RP2
RealMe Verified Account RealMe Verified Account • • • • The RealMe Verified Account is like a dashboard for the user. RealMe doesn’t store any personal information, rather collates the personal information from the identity attribute providers and displays them to the user. The user can see the account information from the Identity Attribute Provider, which includes the status (No Account, In Progress, Valid, and Invalid) and the personal information if the status is “valid”. RealMe also provides navigational links to the identity attribute providers so that the user can apply for an account or update their account at the identity attribute providers.
IAP Integration Patterns • Get Status or Personal information – retrieving status or personal information from identity attribute provider • Seamless Login to Identity Attribute Provider - is an implementation of seamless login use case (i.e. navigating the user from RealMe to identity attribute provider seamlessly).
IAP Integration Patterns IAP1 – Get Status or Personal Information 3. moderate strength authentication 5. Provides consent for RealMe 1. Clicks Manage Verified Account 12. Display personal information RealMe 2. SAML Authn Request Login Service (SAMLv2.0 IDP) Consent Service 4. SAML Assertion Account Service (SAMLv2.0 SP) 11. SAML Attribute Query Response 7. Get Token for IVS or AVS Context Mapping Service (STS) 8. Encrypted SAML Token 9. SAML Attribute Query Request 10.Decrypt SAML Token. Returns FLTIAP Identity Attribute Providers IVS AVS IAP 3 IAP 4 Web Bank
IAP Integration Patterns IAP1 – Get Status or Personal Information Technical Integration Specification Integration Standards for IAP: SAMLv2.0, WS-Trust1.4 • SAMLv2.0 Profile: Attribute Query Profile • SAMLv2.0 Binding: SOAP Binding • WS-Trust1.4 Bindings – Validate
IAP Integration Patterns IAP2 – Seamless Login to IAP 17. Landing Page 12. Clicks Apply Button to IVS RealMe Login Service (SAMLv2.0 IDP) 13. Get Token for IVS Account Service (SAMLv2.0 SP) Context Mapping Service (STS) 14. Encrypted SAML Token 16. SAML Assertion (IDP initiated SSO) Identity Attribute Providers IVS AVS Agency 3 Agency 4 Web Bank
IAP Integration Patterns IAP2 – Seamless Login to IAP Technical Integration Specification Integration Standards for IAP: SAMLv2.0 • SAMLv2.0 Profile: WebSSO Profile – IDP initiated SSO • SAMLv2.0 Binding: Artifact Binding
Identity Assurance integration patterns A1 – Assert only Relying Party Context: • The user is required to provide verified personal information to the Relying Party online: • For account creation (e.g. at a bank) • Apply for an Entitlement (e.g. for a student loan, mortgage etc) • The Relying Party wants to reduce their back office process for the verification of user provided data.
Identity Assurance integration patterns A1 – Assert only 12. Provides consent to displayed data 15. Confirmation page RealMe Relying Party Login Service (SAMLv2.0 IDP) Web Application 14. Returns personal info 2. forwards request 4. SAML Authn Request Consent Service 6.SAML Assertion 8. Token for IVS/AVS Assertion Service (SAMLv2.0 IDP) SAMLv2.0 Service Provider Context Mapping Service (STS) 9. Encrypted Token 11.Attrribute Query Response IVS 10. SAML Attribute Query Request 11. Decrypt Token. Returns FLTIVS AVS Identity Attribute Providers
Identity Assurance integration patterns A1 – Assert only Technical Integration Specification Assertion Integration Standard: SAMLv2.0 • Profile: Web SSO Profile – SP initiated SSO • Binding: Artifact Binding
Few other points • Mature integration process and detailed integration collateral • RealMe exposes multiple integration environments for the relying parties • Dev to RealMe MTS • Test to RealMe ITE • Production/ DR to RealMe production • RealMe services can be extended to mobile applications as the user interface follows the responsive design.
RealMe Questions ??? Page 31

Recommended

Learn with WSO2 - API Security
Learn with WSO2 - API Security Learn with WSO2 - API Security
Learn with WSO2 - API Security WSO2
 
OAuth2 & OpenID Connect
OAuth2 & OpenID ConnectOAuth2 & OpenID Connect
OAuth2 & OpenID ConnectMarcin Wolnik
 
Extended Security with WSO2 API Management Platform
Extended Security with WSO2 API Management PlatformExtended Security with WSO2 API Management Platform
Extended Security with WSO2 API Management PlatformWSO2
 
CIS14: OAuth and OpenID Connect in Action
CIS14: OAuth and OpenID Connect in ActionCIS14: OAuth and OpenID Connect in Action
CIS14: OAuth and OpenID Connect in ActionCloudIDSummit
 
Microservice security with spring security 5.1,Oauth 2.0 and open id connect
Microservice security with spring security 5.1,Oauth 2.0 and open id connect Microservice security with spring security 5.1,Oauth 2.0 and open id connect
Microservice security with spring security 5.1,Oauth 2.0 and open id connect Nilanjan Roy
 
OAuth 2.0 and OpenID Connect
OAuth 2.0 and OpenID ConnectOAuth 2.0 and OpenID Connect
OAuth 2.0 and OpenID ConnectJacob Combs
 
OAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId ConnectOAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId ConnectSaran Doraiswamy
 
Web API 2 Token Based Authentication
Web API 2 Token Based AuthenticationWeb API 2 Token Based Authentication
Web API 2 Token Based Authenticationjeremysbrown
 

Recommended

Learn with WSO2 - API Security
Learn with WSO2 - API Security Learn with WSO2 - API Security
Learn with WSO2 - API Security WSO2
 
OAuth2 & OpenID Connect
OAuth2 & OpenID ConnectOAuth2 & OpenID Connect
OAuth2 & OpenID ConnectMarcin Wolnik
 
Extended Security with WSO2 API Management Platform
Extended Security with WSO2 API Management PlatformExtended Security with WSO2 API Management Platform
Extended Security with WSO2 API Management PlatformWSO2
 
CIS14: OAuth and OpenID Connect in Action
CIS14: OAuth and OpenID Connect in ActionCIS14: OAuth and OpenID Connect in Action
CIS14: OAuth and OpenID Connect in ActionCloudIDSummit
 
Microservice security with spring security 5.1,Oauth 2.0 and open id connect
Microservice security with spring security 5.1,Oauth 2.0 and open id connect Microservice security with spring security 5.1,Oauth 2.0 and open id connect
Microservice security with spring security 5.1,Oauth 2.0 and open id connect Nilanjan Roy
 
OAuth 2.0 and OpenID Connect
OAuth 2.0 and OpenID ConnectOAuth 2.0 and OpenID Connect
OAuth 2.0 and OpenID ConnectJacob Combs
 
OAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId ConnectOAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId ConnectSaran Doraiswamy
 
Web API 2 Token Based Authentication
Web API 2 Token Based AuthenticationWeb API 2 Token Based Authentication
Web API 2 Token Based Authenticationjeremysbrown
 
#5 WSO2 Masterclassitalia - WSO2 Identity Server, un approccio OAUTH2
#5 WSO2 Masterclassitalia - WSO2 Identity Server, un approccio OAUTH2#5 WSO2 Masterclassitalia - WSO2 Identity Server, un approccio OAUTH2
#5 WSO2 Masterclassitalia - WSO2 Identity Server, un approccio OAUTH2Profesia Srl, Lynx Group
 
Claims Based Identity In Share Point 2010
Claims Based Identity In Share Point 2010Claims Based Identity In Share Point 2010
Claims Based Identity In Share Point 2010Steve Sofian
 
24032022 Zero Trust for Developers Pub.pdf
24032022 Zero Trust for Developers Pub.pdf24032022 Zero Trust for Developers Pub.pdf
24032022 Zero Trust for Developers Pub.pdfTomasz Kopacz
 
OAuth 2
OAuth 2OAuth 2
OAuth 2ChrisWood262
 
Intro to OAuth2 and OpenID Connect
Intro to OAuth2 and OpenID ConnectIntro to OAuth2 and OpenID Connect
Intro to OAuth2 and OpenID ConnectLiamWadman
 
OAuth2 - Introduction
OAuth2 - IntroductionOAuth2 - Introduction
OAuth2 - IntroductionKnoldus Inc.
 
Stateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTStateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTGaurav Roy
 
SAML VS OAuth 2.0 VS OpenID Connect
SAML VS OAuth 2.0 VS OpenID ConnectSAML VS OAuth 2.0 VS OpenID Connect
SAML VS OAuth 2.0 VS OpenID ConnectUbisecure
 
Introducing CAS 3.0 Protocol: Security and Performance
Introducing CAS 3.0 Protocol: Security and PerformanceIntroducing CAS 3.0 Protocol: Security and Performance
Introducing CAS 3.0 Protocol: Security and PerformanceAmin Saqi
 
Multi-Factor Authentication & Authorisation
Multi-Factor Authentication & AuthorisationMulti-Factor Authentication & Authorisation
Multi-Factor Authentication & AuthorisationUbisecure
 
Securing your APIs with OAuth, OpenID, and OpenID Connect
Securing your APIs with OAuth, OpenID, and OpenID ConnectSecuring your APIs with OAuth, OpenID, and OpenID Connect
Securing your APIs with OAuth, OpenID, and OpenID ConnectManish Pandit
 
Protecting web APIs with OAuth 2.0
Protecting web APIs with OAuth 2.0Protecting web APIs with OAuth 2.0
Protecting web APIs with OAuth 2.0Vladimir Dzhuvinov
 
The OAuth 2.0 Authorization Framework
The OAuth 2.0 Authorization FrameworkThe OAuth 2.0 Authorization Framework
The OAuth 2.0 Authorization FrameworkSamuele Cozzi
 
SAML 2
SAML 2SAML 2
SAML 2Steward_John
 
Intro to API Security with Oauth 2.0
Intro to API Security with Oauth 2.0Intro to API Security with Oauth 2.0
Intro to API Security with Oauth 2.0Functional Imperative
 
Demystifying SAML 2.0,Oauth 2.0, OpenID Connect
Demystifying SAML 2.0,Oauth 2.0, OpenID ConnectDemystifying SAML 2.0,Oauth 2.0, OpenID Connect
Demystifying SAML 2.0,Oauth 2.0, OpenID ConnectVinay Manglani
 
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the CloudSharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the CloudDanny Jessee
 
OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...
OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...
OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...Good Dog Labs, Inc.
 
Authentication Models
Authentication ModelsAuthentication Models
Authentication ModelsRaj Chanchal
 
An introduction to OAuth 2
An introduction to OAuth 2An introduction to OAuth 2
An introduction to OAuth 2Sanjoy Kumar Roy
 
[WSO2Con USA 2018] Identity APIs is the New Black
[WSO2Con USA 2018] Identity APIs is the New Black[WSO2Con USA 2018] Identity APIs is the New Black
[WSO2Con USA 2018] Identity APIs is the New BlackWSO2
 
Single Sign-On Best Practices
Single Sign-On Best PracticesSingle Sign-On Best Practices
Single Sign-On Best PracticesSalesforce Developers
 

More Related Content

What's hot

#5 WSO2 Masterclassitalia - WSO2 Identity Server, un approccio OAUTH2
#5 WSO2 Masterclassitalia - WSO2 Identity Server, un approccio OAUTH2#5 WSO2 Masterclassitalia - WSO2 Identity Server, un approccio OAUTH2
#5 WSO2 Masterclassitalia - WSO2 Identity Server, un approccio OAUTH2Profesia Srl, Lynx Group
 
Claims Based Identity In Share Point 2010
Claims Based Identity In Share Point 2010Claims Based Identity In Share Point 2010
Claims Based Identity In Share Point 2010Steve Sofian
 
24032022 Zero Trust for Developers Pub.pdf
24032022 Zero Trust for Developers Pub.pdf24032022 Zero Trust for Developers Pub.pdf
24032022 Zero Trust for Developers Pub.pdfTomasz Kopacz
 
Intro to OAuth2 and OpenID Connect
Intro to OAuth2 and OpenID ConnectIntro to OAuth2 and OpenID Connect
Intro to OAuth2 and OpenID ConnectLiamWadman
 
OAuth2 - Introduction
OAuth2 - IntroductionOAuth2 - Introduction
OAuth2 - IntroductionKnoldus Inc.
 
Stateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTStateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTGaurav Roy
 
SAML VS OAuth 2.0 VS OpenID Connect
SAML VS OAuth 2.0 VS OpenID ConnectSAML VS OAuth 2.0 VS OpenID Connect
SAML VS OAuth 2.0 VS OpenID ConnectUbisecure
 
Introducing CAS 3.0 Protocol: Security and Performance
Introducing CAS 3.0 Protocol: Security and PerformanceIntroducing CAS 3.0 Protocol: Security and Performance
Introducing CAS 3.0 Protocol: Security and PerformanceAmin Saqi
 
Multi-Factor Authentication & Authorisation
Multi-Factor Authentication & AuthorisationMulti-Factor Authentication & Authorisation
Multi-Factor Authentication & AuthorisationUbisecure
 
Securing your APIs with OAuth, OpenID, and OpenID Connect
Securing your APIs with OAuth, OpenID, and OpenID ConnectSecuring your APIs with OAuth, OpenID, and OpenID Connect
Securing your APIs with OAuth, OpenID, and OpenID ConnectManish Pandit
 
Protecting web APIs with OAuth 2.0
Protecting web APIs with OAuth 2.0Protecting web APIs with OAuth 2.0
Protecting web APIs with OAuth 2.0Vladimir Dzhuvinov
 
The OAuth 2.0 Authorization Framework
The OAuth 2.0 Authorization FrameworkThe OAuth 2.0 Authorization Framework
The OAuth 2.0 Authorization FrameworkSamuele Cozzi
 
Intro to API Security with Oauth 2.0
Intro to API Security with Oauth 2.0Intro to API Security with Oauth 2.0
Intro to API Security with Oauth 2.0Functional Imperative
 
Demystifying SAML 2.0,Oauth 2.0, OpenID Connect
Demystifying SAML 2.0,Oauth 2.0, OpenID ConnectDemystifying SAML 2.0,Oauth 2.0, OpenID Connect
Demystifying SAML 2.0,Oauth 2.0, OpenID ConnectVinay Manglani
 
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the CloudSharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the CloudDanny Jessee
 
OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...
OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...
OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...Good Dog Labs, Inc.
 
Authentication Models
Authentication ModelsAuthentication Models
Authentication ModelsRaj Chanchal
 
An introduction to OAuth 2
An introduction to OAuth 2An introduction to OAuth 2
An introduction to OAuth 2Sanjoy Kumar Roy
 

What's hot (20)

#5 WSO2 Masterclassitalia - WSO2 Identity Server, un approccio OAUTH2
#5 WSO2 Masterclassitalia - WSO2 Identity Server, un approccio OAUTH2#5 WSO2 Masterclassitalia - WSO2 Identity Server, un approccio OAUTH2
#5 WSO2 Masterclassitalia - WSO2 Identity Server, un approccio OAUTH2
 
Claims Based Identity In Share Point 2010
Claims Based Identity In Share Point 2010Claims Based Identity In Share Point 2010
Claims Based Identity In Share Point 2010
 
24032022 Zero Trust for Developers Pub.pdf
24032022 Zero Trust for Developers Pub.pdf24032022 Zero Trust for Developers Pub.pdf
24032022 Zero Trust for Developers Pub.pdf
 
OAuth 2
OAuth 2OAuth 2
OAuth 2
 
Intro to OAuth2 and OpenID Connect
Intro to OAuth2 and OpenID ConnectIntro to OAuth2 and OpenID Connect
Intro to OAuth2 and OpenID Connect
 
OAuth2 - Introduction
OAuth2 - IntroductionOAuth2 - Introduction
OAuth2 - Introduction
 
Stateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTStateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWT
 
SAML VS OAuth 2.0 VS OpenID Connect
SAML VS OAuth 2.0 VS OpenID ConnectSAML VS OAuth 2.0 VS OpenID Connect
SAML VS OAuth 2.0 VS OpenID Connect
 
Introducing CAS 3.0 Protocol: Security and Performance
Introducing CAS 3.0 Protocol: Security and PerformanceIntroducing CAS 3.0 Protocol: Security and Performance
Introducing CAS 3.0 Protocol: Security and Performance
 
Multi-Factor Authentication & Authorisation
Multi-Factor Authentication & AuthorisationMulti-Factor Authentication & Authorisation
Multi-Factor Authentication & Authorisation
 
Securing your APIs with OAuth, OpenID, and OpenID Connect
Securing your APIs with OAuth, OpenID, and OpenID ConnectSecuring your APIs with OAuth, OpenID, and OpenID Connect
Securing your APIs with OAuth, OpenID, and OpenID Connect
 
Protecting web APIs with OAuth 2.0
Protecting web APIs with OAuth 2.0Protecting web APIs with OAuth 2.0
Protecting web APIs with OAuth 2.0
 
The OAuth 2.0 Authorization Framework
The OAuth 2.0 Authorization FrameworkThe OAuth 2.0 Authorization Framework
The OAuth 2.0 Authorization Framework
 
SAML 2
SAML 2SAML 2
SAML 2
 
Intro to API Security with Oauth 2.0
Intro to API Security with Oauth 2.0Intro to API Security with Oauth 2.0
Intro to API Security with Oauth 2.0
 
Demystifying SAML 2.0,Oauth 2.0, OpenID Connect
Demystifying SAML 2.0,Oauth 2.0, OpenID ConnectDemystifying SAML 2.0,Oauth 2.0, OpenID Connect
Demystifying SAML 2.0,Oauth 2.0, OpenID Connect
 
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the CloudSharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
 
OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...
OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...
OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...
 
Authentication Models
Authentication ModelsAuthentication Models
Authentication Models
 
An introduction to OAuth 2
An introduction to OAuth 2An introduction to OAuth 2
An introduction to OAuth 2
 

Similar to RealMe Technical Overview 2013 v1.1

[WSO2Con USA 2018] Identity APIs is the New Black
[WSO2Con USA 2018] Identity APIs is the New Black[WSO2Con USA 2018] Identity APIs is the New Black
[WSO2Con USA 2018] Identity APIs is the New BlackWSO2
 
OAuth with Salesforce - Demystified
OAuth with Salesforce - DemystifiedOAuth with Salesforce - Demystified
OAuth with Salesforce - DemystifiedCalvin Noronha
 
CIS 2015 Extreme OpenID Connect - John Bradley
CIS 2015 Extreme OpenID Connect - John BradleyCIS 2015 Extreme OpenID Connect - John Bradley
CIS 2015 Extreme OpenID Connect - John BradleyCloudIDSummit
 
CIS 2015 Extreme OAuth - Paul Meyer
CIS 2015 Extreme OAuth - Paul MeyerCIS 2015 Extreme OAuth - Paul Meyer
CIS 2015 Extreme OAuth - Paul MeyerCloudIDSummit
 
SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...
SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...
SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...NCCOMMS
 
[WSO2Con EU 2018] Identity APIs is the New Black
[WSO2Con EU 2018] Identity APIs is the New Black[WSO2Con EU 2018] Identity APIs is the New Black
[WSO2Con EU 2018] Identity APIs is the New BlackWSO2
 
Identity as a Matter of Public Safety
Identity as a Matter of Public SafetyIdentity as a Matter of Public Safety
Identity as a Matter of Public SafetyAdam Lewis
 
O auth2 with angular js
O auth2 with angular jsO auth2 with angular js
O auth2 with angular jsBixlabs
 
A 4 line login - line platform
A 4 line login - line platformA 4 line login - line platform
A 4 line login - line platformLINE Corporation
 
Federation Services
Federation ServicesFederation Services
Federation ServicesEmpowerID
 
Open source wso2 identity server sso with drupal 8
Open source wso2 identity server sso with drupal 8Open source wso2 identity server sso with drupal 8
Open source wso2 identity server sso with drupal 8Iwantha Lekamge
 
Complex architectures for authentication and authorization on AWS
Complex architectures for authentication and authorization on AWSComplex architectures for authentication and authorization on AWS
Complex architectures for authentication and authorization on AWSBoyan Dimitrov
 
Managing Identities in the World of APIs
Managing Identities in the World of APIsManaging Identities in the World of APIs
Managing Identities in the World of APIsApigee | Google Cloud
 
NIC 2014 Modern Authentication for the Cloud Era
NIC 2014 Modern Authentication for the Cloud EraNIC 2014 Modern Authentication for the Cloud Era
NIC 2014 Modern Authentication for the Cloud EraMorgan Simonsen
 
Securing Microservices in Hybrid Cloud
Securing Microservices in Hybrid CloudSecuring Microservices in Hybrid Cloud
Securing Microservices in Hybrid CloudVMware Tanzu
 
CIS13: Identity as a Matter of Public Safety: A Case Study in Secure API Acce...
CIS13: Identity as a Matter of Public Safety: A Case Study in Secure API Acce...CIS13: Identity as a Matter of Public Safety: A Case Study in Secure API Acce...
CIS13: Identity as a Matter of Public Safety: A Case Study in Secure API Acce...CloudIDSummit
 

Similar to RealMe Technical Overview 2013 v1.1 (20)

[WSO2Con USA 2018] Identity APIs is the New Black
[WSO2Con USA 2018] Identity APIs is the New Black[WSO2Con USA 2018] Identity APIs is the New Black
[WSO2Con USA 2018] Identity APIs is the New Black
 
Single Sign-On Best Practices
Single Sign-On Best PracticesSingle Sign-On Best Practices
Single Sign-On Best Practices
 
OAuth with Salesforce - Demystified
OAuth with Salesforce - DemystifiedOAuth with Salesforce - Demystified
OAuth with Salesforce - Demystified
 
CIS 2015 Extreme OpenID Connect - John Bradley
CIS 2015 Extreme OpenID Connect - John BradleyCIS 2015 Extreme OpenID Connect - John Bradley
CIS 2015 Extreme OpenID Connect - John Bradley
 
CIS 2015 Extreme OAuth - Paul Meyer
CIS 2015 Extreme OAuth - Paul MeyerCIS 2015 Extreme OAuth - Paul Meyer
CIS 2015 Extreme OAuth - Paul Meyer
 
SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...
SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...
SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...
 
[WSO2Con EU 2018] Identity APIs is the New Black
[WSO2Con EU 2018] Identity APIs is the New Black[WSO2Con EU 2018] Identity APIs is the New Black
[WSO2Con EU 2018] Identity APIs is the New Black
 
Identity as a Matter of Public Safety
Identity as a Matter of Public SafetyIdentity as a Matter of Public Safety
Identity as a Matter of Public Safety
 
O auth2 with angular js
O auth2 with angular jsO auth2 with angular js
O auth2 with angular js
 
A 4 line login - line platform
A 4 line login - line platformA 4 line login - line platform
A 4 line login - line platform
 
Federation Services
Federation ServicesFederation Services
Federation Services
 
SSO Manager
SSO ManagerSSO Manager
SSO Manager
 
Open source wso2 identity server sso with drupal 8
Open source wso2 identity server sso with drupal 8Open source wso2 identity server sso with drupal 8
Open source wso2 identity server sso with drupal 8
 
Complex architectures for authentication and authorization on AWS
Complex architectures for authentication and authorization on AWSComplex architectures for authentication and authorization on AWS
Complex architectures for authentication and authorization on AWS
 
Managing Identities in the World of APIs
Managing Identities in the World of APIsManaging Identities in the World of APIs
Managing Identities in the World of APIs
 
NIC 2014 Modern Authentication for the Cloud Era
NIC 2014 Modern Authentication for the Cloud EraNIC 2014 Modern Authentication for the Cloud Era
NIC 2014 Modern Authentication for the Cloud Era
 
Amazon Cognito Deep Dive
Amazon Cognito Deep DiveAmazon Cognito Deep Dive
Amazon Cognito Deep Dive
 
Securing Microservices in Hybrid Cloud
Securing Microservices in Hybrid CloudSecuring Microservices in Hybrid Cloud
Securing Microservices in Hybrid Cloud
 
CIS13: Identity as a Matter of Public Safety: A Case Study in Secure API Acce...
CIS13: Identity as a Matter of Public Safety: A Case Study in Secure API Acce...CIS13: Identity as a Matter of Public Safety: A Case Study in Secure API Acce...
CIS13: Identity as a Matter of Public Safety: A Case Study in Secure API Acce...
 
Cognito Customer Deep Dive
Cognito Customer Deep DiveCognito Customer Deep Dive
Cognito Customer Deep Dive
 

Recently uploaded

SCRIP Lua HTTP PROGRACMACION PLC WECON CA
SCRIP Lua HTTP PROGRACMACION PLC WECON CASCRIP Lua HTTP PROGRACMACION PLC WECON CA
SCRIP Lua HTTP PROGRACMACION PLC WECON CANestorGamez6
 
Kala jadu for love marriage | Real amil baba | Famous amil baba | kala jadu n...
Kala jadu for love marriage | Real amil baba | Famous amil baba | kala jadu n...Kala jadu for love marriage | Real amil baba | Famous amil baba | kala jadu n...
Kala jadu for love marriage | Real amil baba | Famous amil baba | kala jadu n...babafaisel
 
VIP Call Girls Bhiwandi Ananya 8250192130 Independent Escort Service Bhiwandi
VIP Call Girls Bhiwandi Ananya 8250192130 Independent Escort Service BhiwandiVIP Call Girls Bhiwandi Ananya 8250192130 Independent Escort Service Bhiwandi
VIP Call Girls Bhiwandi Ananya 8250192130 Independent Escort Service BhiwandiSuhani Kapoor
 
Raj Nagar Extension Call Girls 9711199012 WhatsApp No, Delhi Escorts in Raj N...
Raj Nagar Extension Call Girls 9711199012 WhatsApp No, Delhi Escorts in Raj N...Raj Nagar Extension Call Girls 9711199012 WhatsApp No, Delhi Escorts in Raj N...
Raj Nagar Extension Call Girls 9711199012 WhatsApp No, Delhi Escorts in Raj N...ankitnayak356677
 
Design Portfolio - 2024 - William Vickery
Design Portfolio - 2024 - William VickeryDesign Portfolio - 2024 - William Vickery
Design Portfolio - 2024 - William VickeryWilliamVickery6
 
Fashion trends before and after covid.pptx
Fashion trends before and after covid.pptxFashion trends before and after covid.pptx
Fashion trends before and after covid.pptxVanshNarang19
 
Abu Dhabi Call Girls O58993O4O2 Call Girls in Abu Dhabi`
Abu Dhabi Call Girls O58993O4O2 Call Girls in Abu Dhabi`Abu Dhabi Call Girls O58993O4O2 Call Girls in Abu Dhabi`
Abu Dhabi Call Girls O58993O4O2 Call Girls in Abu Dhabi`dajasot375
 
NO1 Trending kala jadu Love Marriage Black Magic Punjab Powerful Black Magic ...
NO1 Trending kala jadu Love Marriage Black Magic Punjab Powerful Black Magic ...NO1 Trending kala jadu Love Marriage Black Magic Punjab Powerful Black Magic ...
NO1 Trending kala jadu Love Marriage Black Magic Punjab Powerful Black Magic ...Amil baba
 
VIP Call Girls Service Bhagyanagar Hyderabad Call +91-8250192130
VIP Call Girls Service Bhagyanagar Hyderabad Call +91-8250192130VIP Call Girls Service Bhagyanagar Hyderabad Call +91-8250192130
VIP Call Girls Service Bhagyanagar Hyderabad Call +91-8250192130Suhani Kapoor
 
Captivating Charm: Exploring Marseille's Hillside Villas with Our 3D Architec...
Captivating Charm: Exploring Marseille's Hillside Villas with Our 3D Architec...Captivating Charm: Exploring Marseille's Hillside Villas with Our 3D Architec...
Captivating Charm: Exploring Marseille's Hillside Villas with Our 3D Architec...Yantram Animation Studio Corporation
 
SD_The MATATAG Curriculum Training Design.pptx
SD_The MATATAG Curriculum Training Design.pptxSD_The MATATAG Curriculum Training Design.pptx
SD_The MATATAG Curriculum Training Design.pptxjanettecruzeiro1
 
A level Digipak development Presentation
A level Digipak development PresentationA level Digipak development Presentation
A level Digipak development Presentationamedia6
 
CALL ON ➥8923113531 🔝Call Girls Kalyanpur Lucknow best Female service 🧵
CALL ON ➥8923113531 🔝Call Girls Kalyanpur Lucknow best Female service 🧵CALL ON ➥8923113531 🔝Call Girls Kalyanpur Lucknow best Female service 🧵
CALL ON ➥8923113531 🔝Call Girls Kalyanpur Lucknow best Female service 🧵anilsa9823
 
VIP College Call Girls Gorakhpur Bhavna 8250192130 Independent Escort Service...
VIP College Call Girls Gorakhpur Bhavna 8250192130 Independent Escort Service...VIP College Call Girls Gorakhpur Bhavna 8250192130 Independent Escort Service...
VIP College Call Girls Gorakhpur Bhavna 8250192130 Independent Escort Service...Suhani Kapoor
 
Dubai Call Girls Pro Domain O525547819 Call Girls Dubai Doux
Dubai Call Girls Pro Domain O525547819 Call Girls Dubai DouxDubai Call Girls Pro Domain O525547819 Call Girls Dubai Doux
Dubai Call Girls Pro Domain O525547819 Call Girls Dubai Douxkojalkojal131
 
DragonBall PowerPoint Template for demo.pptx
DragonBall PowerPoint Template for demo.pptxDragonBall PowerPoint Template for demo.pptx
DragonBall PowerPoint Template for demo.pptxmirandajeremy200221
 
Revit Understanding Reference Planes and Reference lines in Revit for Family ...
Revit Understanding Reference Planes and Reference lines in Revit for Family ...Revit Understanding Reference Planes and Reference lines in Revit for Family ...
Revit Understanding Reference Planes and Reference lines in Revit for Family ...Narsimha murthy
 
CALL ON ➥8923113531 🔝Call Girls Aminabad Lucknow best Night Fun service
CALL ON ➥8923113531 🔝Call Girls Aminabad Lucknow best Night Fun serviceCALL ON ➥8923113531 🔝Call Girls Aminabad Lucknow best Night Fun service
CALL ON ➥8923113531 🔝Call Girls Aminabad Lucknow best Night Fun serviceanilsa9823
 
VIP Russian Call Girls in Saharanpur Deepika 8250192130 Independent Escort Se...
VIP Russian Call Girls in Saharanpur Deepika 8250192130 Independent Escort Se...VIP Russian Call Girls in Saharanpur Deepika 8250192130 Independent Escort Se...
VIP Russian Call Girls in Saharanpur Deepika 8250192130 Independent Escort Se...Suhani Kapoor
 

Recently uploaded (20)

SCRIP Lua HTTP PROGRACMACION PLC WECON CA
SCRIP Lua HTTP PROGRACMACION PLC WECON CASCRIP Lua HTTP PROGRACMACION PLC WECON CA
SCRIP Lua HTTP PROGRACMACION PLC WECON CA
 
Kala jadu for love marriage | Real amil baba | Famous amil baba | kala jadu n...
Kala jadu for love marriage | Real amil baba | Famous amil baba | kala jadu n...Kala jadu for love marriage | Real amil baba | Famous amil baba | kala jadu n...
Kala jadu for love marriage | Real amil baba | Famous amil baba | kala jadu n...
 
VIP Call Girls Bhiwandi Ananya 8250192130 Independent Escort Service Bhiwandi
VIP Call Girls Bhiwandi Ananya 8250192130 Independent Escort Service BhiwandiVIP Call Girls Bhiwandi Ananya 8250192130 Independent Escort Service Bhiwandi
VIP Call Girls Bhiwandi Ananya 8250192130 Independent Escort Service Bhiwandi
 
Raj Nagar Extension Call Girls 9711199012 WhatsApp No, Delhi Escorts in Raj N...
Raj Nagar Extension Call Girls 9711199012 WhatsApp No, Delhi Escorts in Raj N...Raj Nagar Extension Call Girls 9711199012 WhatsApp No, Delhi Escorts in Raj N...
Raj Nagar Extension Call Girls 9711199012 WhatsApp No, Delhi Escorts in Raj N...
 
Design Portfolio - 2024 - William Vickery
Design Portfolio - 2024 - William VickeryDesign Portfolio - 2024 - William Vickery
Design Portfolio - 2024 - William Vickery
 
Fashion trends before and after covid.pptx
Fashion trends before and after covid.pptxFashion trends before and after covid.pptx
Fashion trends before and after covid.pptx
 
Abu Dhabi Call Girls O58993O4O2 Call Girls in Abu Dhabi`
Abu Dhabi Call Girls O58993O4O2 Call Girls in Abu Dhabi`Abu Dhabi Call Girls O58993O4O2 Call Girls in Abu Dhabi`
Abu Dhabi Call Girls O58993O4O2 Call Girls in Abu Dhabi`
 
NO1 Trending kala jadu Love Marriage Black Magic Punjab Powerful Black Magic ...
NO1 Trending kala jadu Love Marriage Black Magic Punjab Powerful Black Magic ...NO1 Trending kala jadu Love Marriage Black Magic Punjab Powerful Black Magic ...
NO1 Trending kala jadu Love Marriage Black Magic Punjab Powerful Black Magic ...
 
VIP Call Girls Service Bhagyanagar Hyderabad Call +91-8250192130
VIP Call Girls Service Bhagyanagar Hyderabad Call +91-8250192130VIP Call Girls Service Bhagyanagar Hyderabad Call +91-8250192130
VIP Call Girls Service Bhagyanagar Hyderabad Call +91-8250192130
 
Captivating Charm: Exploring Marseille's Hillside Villas with Our 3D Architec...
Captivating Charm: Exploring Marseille's Hillside Villas with Our 3D Architec...Captivating Charm: Exploring Marseille's Hillside Villas with Our 3D Architec...
Captivating Charm: Exploring Marseille's Hillside Villas with Our 3D Architec...
 
SD_The MATATAG Curriculum Training Design.pptx
SD_The MATATAG Curriculum Training Design.pptxSD_The MATATAG Curriculum Training Design.pptx
SD_The MATATAG Curriculum Training Design.pptx
 
A level Digipak development Presentation
A level Digipak development PresentationA level Digipak development Presentation
A level Digipak development Presentation
 
CALL ON ➥8923113531 🔝Call Girls Kalyanpur Lucknow best Female service 🧵
CALL ON ➥8923113531 🔝Call Girls Kalyanpur Lucknow best Female service 🧵CALL ON ➥8923113531 🔝Call Girls Kalyanpur Lucknow best Female service 🧵
CALL ON ➥8923113531 🔝Call Girls Kalyanpur Lucknow best Female service 🧵
 
VIP College Call Girls Gorakhpur Bhavna 8250192130 Independent Escort Service...
VIP College Call Girls Gorakhpur Bhavna 8250192130 Independent Escort Service...VIP College Call Girls Gorakhpur Bhavna 8250192130 Independent Escort Service...
VIP College Call Girls Gorakhpur Bhavna 8250192130 Independent Escort Service...
 
Dubai Call Girls Pro Domain O525547819 Call Girls Dubai Doux
Dubai Call Girls Pro Domain O525547819 Call Girls Dubai DouxDubai Call Girls Pro Domain O525547819 Call Girls Dubai Doux
Dubai Call Girls Pro Domain O525547819 Call Girls Dubai Doux
 
DragonBall PowerPoint Template for demo.pptx
DragonBall PowerPoint Template for demo.pptxDragonBall PowerPoint Template for demo.pptx
DragonBall PowerPoint Template for demo.pptx
 
Revit Understanding Reference Planes and Reference lines in Revit for Family ...
Revit Understanding Reference Planes and Reference lines in Revit for Family ...Revit Understanding Reference Planes and Reference lines in Revit for Family ...
Revit Understanding Reference Planes and Reference lines in Revit for Family ...
 
CALL ON ➥8923113531 🔝Call Girls Aminabad Lucknow best Night Fun service
CALL ON ➥8923113531 🔝Call Girls Aminabad Lucknow best Night Fun serviceCALL ON ➥8923113531 🔝Call Girls Aminabad Lucknow best Night Fun service
CALL ON ➥8923113531 🔝Call Girls Aminabad Lucknow best Night Fun service
 
VIP Russian Call Girls in Saharanpur Deepika 8250192130 Independent Escort Se...
VIP Russian Call Girls in Saharanpur Deepika 8250192130 Independent Escort Se...VIP Russian Call Girls in Saharanpur Deepika 8250192130 Independent Escort Se...
VIP Russian Call Girls in Saharanpur Deepika 8250192130 Independent Escort Se...
 
escort service sasti (*~Call Girls in Prasad Nagar Metro❤️9953056974
escort service sasti (*~Call Girls in Prasad Nagar Metro❤️9953056974escort service sasti (*~Call Girls in Prasad Nagar Metro❤️9953056974
escort service sasti (*~Call Girls in Prasad Nagar Metro❤️9953056974
 

RealMe Technical Overview 2013 v1.1

  • 1. RealMe ® Technical Overview: November 2013 Venkat Maddali Solution Architect Department of Internal Affairs
  • 2. What is RealMe? RealMe is a partnership between New Zealand Post and Department of Internal Affairs. RealMe offers: • Authentication: RealMe Login Service The RealMe Login Service allows the user to use a same login (i.e. username and password) to access a wide range of public and private sector online services. • Online Identity Assurance: RealMe Assertion Service The RealMe Assertion Service allows the user to provide their verified personal information from multiple authoritative source to a wide range of private and public sector online services.
  • 3. Key Terminology • RealMe Account – also know as RealMe login which allows the user to authenticate at the relying parties. The user can create multiple accounts and they are pseudonymous. • RealMe Verified Account – the user can have only one verified account which can be accessed via moderate strength authentication ( username, password and OTP). The verified account is linked with verified identity( IVS) and verified residential address (AVS) through user consent .
  • 4. RealMe Services – Current State Client organisations Agencies Banks Login Platform Applications Launch market focus Powered by ID Assurance Consent Service Account Service Personal Information Providers NZP DIA RealMe login – low or moderate
  • 5. RealMe Key Principles The following are few key principles for RealMe • Privacy • User centricity • Integrity • Security . Page 5
  • 6. RealMe ecosystem SA1 SA2 SA3 Bank Relying Parties SAML SAML Login Service (SAML2.0 IDP) Assertion Service (SAML2.0 IDP) Context Mapping Service (STS) Consent Service Account Service (SAMLv2.0 SP) Helpdesk Service RealMe SAML, WS- Trust Identity Attribute Providers IVS AVS Agency 3 Agency 4 Web Bank
  • 7. RealMe Integration Patterns • Login Integration Patterns ( RealMe <-> RP) • IAP Integration Patterns ( RealMe <-> IAP) • Identity Assurance Integration Patterns (RealMe <-> RP)
  • 8. Login Integration Patterns • Login Only – core user authentication pattern • Extend Login – an extension to Login Only integration pattern • Seamless Login - an extension to Login Only integration pattern
  • 9. Login Integration Patterns L1 – Login Only Relying Party Context: • Relying Party is required to authenticate a user for • Account creation • Apply for entitlements • Identifying the user returning to the service, etc • The relying party runs their own evidence of identity (EOI) process to verify the user and granting entitlements etc
  • 10. Login Integration Patterns L1 – Login Only 9. Landing Page 1. Initiates transaction 4. Displays login page and user submits credentials Relying Party RealMe Web Application 8. FLT + Authentication strength 2. forwards 3. SAMLv2.0 Authn Request 5.SAMLv2.0 Artifact 6. Artifact Resolve SAMLv2.0 Service Provider 7. SAML v2.0 Assertion Login Service (SAMLv2.0 IDP)
  • 11. Login Integration Patterns L1 – Login Only High Level Use Case Diagram
  • 12. Login Integration Patterns L1 – Login Only Technical Integration Specification Login Integration Standard: SAMLv2.0 • Profile: Web SSO Profile – SP initiated SSO • Binding: Artifact Binding
  • 13. Login Integration Patterns L2 – Extend Login Relying Party Context: Relying Party extends the user authentication to other relying parties (web services) to: • pull personal information to support their EOI process, entitlement process,etc • push personal information to support other relying party's EOI process, entitlement process
  • 14. Login Integration Patterns L2 – Extend Login 17. Confirmation message 10. Submits details Relying Party RealMe Web Application 13. Request for personal info 16. Response Web Service Relying Party2 Login Service (SAMLv2.0 IDP) Context Mapping Service (STS)
  • 15. Login Integration Patterns L2 – Extend Login High Level Use Case Diagram RealMe Extend Login Context Login Relying Party 2 Submits credentails <<include>> <<include>> <<include>> User Apply Send / Update Personal Information <<extend>> User Provisioning Relying Party
  • 16. Login Integration Patterns L2 – Extend Login Technical Integration Specification Integration Standards: SAMLv2.0, WS-Trust 1.4 • SAMLv2.0 Profile: Web SSO Profile – SP initiated SSO • SAMLv2.0 Binding: Artifact Binding • WS-Trust Bindings: Issue and Validate
  • 17. Login Integration Patterns L3 – Seamless Login Relying Party Context: • Two relying parties have a direct relationship and one relying party provides a navigational link, so that the user can seamlessly navigate to other relying party to: • View/ manage their account at the other relying party • Apply for entitlements, etc
  • 18. Login Integration Patterns L3 – Seamless Login 16. Landing Page Relying Party Web Application 10. Clicks Link to RP2 RealMe Login Service (SAMLv2.0 IDP) Context Mapping Service (STS) 15. Authn strength + FLTRP2 Web Application SAMLv2.0 Service Provider Relying Party2 14. SAMLv2.0 Assertion through Artifact Binding (IDP initiated SSO)
  • 19. Login Integration Patterns L3 – Seamless Login Technical Integration Specification Integration Standard: SAMLv2.0, WS-Trust 1.4 • SAMLv2.0 Profile for RP2: Web SSO Profile – IDP initiated SSO • SAMLv2.0 Binding for RP2: Artifact Binding • WS-Trust Bindings for RP1: Issue
  • 20. Login Integration Patterns L3 – Seamless Login High Level Use Case Diagram RealMe Login Seamless Login Relying Party 2 Submits credentails <<include>> <<include>> <<include>> User manages Create/ Manage Account Manage Account Relying Party <<extend>> Navigate to RP2
  • 21. RealMe Verified Account RealMe Verified Account • • • • The RealMe Verified Account is like a dashboard for the user. RealMe doesn’t store any personal information, rather collates the personal information from the identity attribute providers and displays them to the user. The user can see the account information from the Identity Attribute Provider, which includes the status (No Account, In Progress, Valid, and Invalid) and the personal information if the status is “valid”. RealMe also provides navigational links to the identity attribute providers so that the user can apply for an account or update their account at the identity attribute providers.
  • 22. IAP Integration Patterns • Get Status or Personal information – retrieving status or personal information from identity attribute provider • Seamless Login to Identity Attribute Provider - is an implementation of seamless login use case (i.e. navigating the user from RealMe to identity attribute provider seamlessly).
  • 23. IAP Integration Patterns IAP1 – Get Status or Personal Information 3. moderate strength authentication 5. Provides consent for RealMe 1. Clicks Manage Verified Account 12. Display personal information RealMe 2. SAML Authn Request Login Service (SAMLv2.0 IDP) Consent Service 4. SAML Assertion Account Service (SAMLv2.0 SP) 11. SAML Attribute Query Response 7. Get Token for IVS or AVS Context Mapping Service (STS) 8. Encrypted SAML Token 9. SAML Attribute Query Request 10.Decrypt SAML Token. Returns FLTIAP Identity Attribute Providers IVS AVS IAP 3 IAP 4 Web Bank
  • 24. IAP Integration Patterns IAP1 – Get Status or Personal Information Technical Integration Specification Integration Standards for IAP: SAMLv2.0, WS-Trust1.4 • SAMLv2.0 Profile: Attribute Query Profile • SAMLv2.0 Binding: SOAP Binding • WS-Trust1.4 Bindings – Validate
  • 25. IAP Integration Patterns IAP2 – Seamless Login to IAP 17. Landing Page 12. Clicks Apply Button to IVS RealMe Login Service (SAMLv2.0 IDP) 13. Get Token for IVS Account Service (SAMLv2.0 SP) Context Mapping Service (STS) 14. Encrypted SAML Token 16. SAML Assertion (IDP initiated SSO) Identity Attribute Providers IVS AVS Agency 3 Agency 4 Web Bank
  • 26. IAP Integration Patterns IAP2 – Seamless Login to IAP Technical Integration Specification Integration Standards for IAP: SAMLv2.0 • SAMLv2.0 Profile: WebSSO Profile – IDP initiated SSO • SAMLv2.0 Binding: Artifact Binding
  • 27. Identity Assurance integration patterns A1 – Assert only Relying Party Context: • The user is required to provide verified personal information to the Relying Party online: • For account creation (e.g. at a bank) • Apply for an Entitlement (e.g. for a student loan, mortgage etc) • The Relying Party wants to reduce their back office process for the verification of user provided data.
  • 28. Identity Assurance integration patterns A1 – Assert only 12. Provides consent to displayed data 15. Confirmation page RealMe Relying Party Login Service (SAMLv2.0 IDP) Web Application 14. Returns personal info 2. forwards request 4. SAML Authn Request Consent Service 6.SAML Assertion 8. Token for IVS/AVS Assertion Service (SAMLv2.0 IDP) SAMLv2.0 Service Provider Context Mapping Service (STS) 9. Encrypted Token 11.Attrribute Query Response IVS 10. SAML Attribute Query Request 11. Decrypt Token. Returns FLTIVS AVS Identity Attribute Providers
  • 29. Identity Assurance integration patterns A1 – Assert only Technical Integration Specification Assertion Integration Standard: SAMLv2.0 • Profile: Web SSO Profile – SP initiated SSO • Binding: Artifact Binding
  • 30. Few other points • Mature integration process and detailed integration collateral • RealMe exposes multiple integration environments for the relying parties • Dev to RealMe MTS • Test to RealMe ITE • Production/ DR to RealMe production • RealMe services can be extended to mobile applications as the user interface follows the responsive design.

Editor's Notes

  1. The conceptual future vision for RealMePrimary focus is on uptake through: More client organisations using RealMe and more Information Providers contributing verified data More service suites of Personal Information being packaged for client organisations.Potential for self asserted information
  2. Benefits of using the existing igovt technical platform and building out the existing services.