Идентификация - Identity Management (Германия - Fraunhofer FOKUS 2011)

Competence Center ELAN Fraunhofer FOKUS

Identity Management

Workshop: Russian-German Centre for Interoperable eGovernment Systems
Berlin,
B li 10th J
January 2011

Petra Hoepner


Co cept o de t ty a age e t
Concept of identity management
Every person is many

2


What is a digital identity?

Statements about a person
Long living identifier
g g
Set of attributes that describe
characteristics and permissions
People ha e different digital identities
have diffe ent
for different purposes
The particular relevant one is being
used
Usage requires that only the legitimate
owner can use this identity

3


Vision: Citizens friendly identity management
Every citizen has a digital identity with various attributes, that he can use to carry
y g y , y
out interactions in the digital world.

He is free to decide to whom he leaves which attributes of his digital identity and
for how long. He trusts in that the recipient of this information, e.g. the service
provider is authentic.

The citi en is in cont ol of the flo of his pe sonal info mation - e en ac oss
citizen control flow personal information even across
domains.

If it is not necessary for the transaction to transmit personal attributes - he can
refuse it.

It is easy for the citizen to use his digital identity and to select the appropriate
attributes for each transaction.

4


Dimension of Identity Management
Heterogenous Landscape
Email-Access User name
via website
i b it Password
Pass ord

User name
Online-Banking Password

eGovernment User name
services Password
Biometrics
IPSec eCommerce User name
services Password

User name
Workplace
Phishing Password

Fraud
User name
Trojans Private Password

other


Identity Management Stakeholders
Application and management of secure electronic identities


Identity Functions and S i
Id tit F ti d Services

Identification/
Registration/
R i t ti /
Secure Identity Management comprises:
at identity provider
or service provider
Identification and Registration of users

Authentication Authentication of users, i.e. transmit and verify
„Login“ – identities (who am I?)
Services, Websites,

Man
Communities Authorization of users for specific access (what

nagement
am I allowed to do?)

Authorization Monitoring und Auditing of usage
Roles and rights Management of user id titi
M t f identities, roles and rights
l d i ht
Allow / deny access (management of life cycle, sessions and security
context)

Monitoring and Auditing
Evidence of usage


Evolution of Identity Management

Identity
Convergence
User centric
Identity Trust and
interoperability of
Federated Id
F d t d User-centric
User centric and various identity
i id tit
service-centric solutions and
Architectural identities match
approach: Identity services
as a set of
SingleSignOn
g g attributes; Sharing
of service-centric
Single user-centric
IDs
ID paired with
Username many service-
Password centric IDs


Secure eIdentity Laboratory
eIdentity-Laboratory
Cooperation of Fraunhofer FOKUS and the Bundesdruckerei

Goals:
Provision of a process- and service
oriented architecture for identity-related
information.
Integration of various eIdentity
technologies and solutions
Platform a d a showcase for secu e
at o and s o case o secure
digital identities in innovative
application scenarios


The New Ge a ID Ca d
e e German Card

10


The New Ge a ID Ca d
e e German Card
Electronic functions
online ID function

new ID card was launched in
Germany on 1 November 2010

Sovereign ID function / optionally stored on chip

It combines the traditional ID qualified electronic signature (QES)
card with th
d ith three new electronic
l t i
functions

11


The German eID
Innovation – Mutual identification

The Service Provider has to register with a German authority to access the German eID card
and its attributes like name, address and age.

Citizen Service Provider identifies itself Service
With an authorization ce t cate
t a aut o at o certificate Provider
Citizen as well as the SP are
trustworthy player within the
German eID framework
G ID f k
Is the service
provider Does the person
Citizen identifies herself
trustworthy? really exist?
with German eID


Authentication ith
A thentication with the Ge man eID ca d
German card

Service Provider

Transfer ID-data
User authenticated 1 7
to service provider
Access Web site
8
Redirect to 2
eID-service provider
4 Chip- and Terminal-
h d l
Citizen Authentication
3
Display
4 6
forms
Transfer ID d
T f ID-data
First name
Last name 5 eID-Service
Co
Confirm ID-
Age or:
ID-secret + service data with PIN
Provider
... provider number
= Pseudonym


Innovative applications – Identity of person and car
Car re-registration with the new German eID card and a future
automotive card

Car re-registration incorporating the
eID card and an e-paper based
automotive card


Identity and Privacy
myID.privat: Privacy based on trusted combination of identity attributes
Privacy and data security become more
important in the virtual world
Vision: anonymity and pseudonymity are
possible with trusted electronic identities
Design of an infrastructure supporting
privacy of personal data
Analysis and development of technologies
for the combination of attributes
Implementation of privacy-supporting
scenarios
Integration of the new German identity
card


Secure Id titi in the cloud
S Identities i th l d
eGovernment Services
Secure authentication and
access using the identity Social Networks
card to built trust between
provider and user of
services eBusiness Services
On
Identity/Attribute Provider

eSafe

Secure Identity
in the Cloud

Secure Authentication and Access

New German eID card


Challenges in clouds
Ch ll i l d
Trust Relations

TRUST


Challenges in clouds
Ch ll i l d
Identity services

Identification, User Provisioning
Single user or bulk provisioning, types of users, rapid turnaround
Authentication
Secure authentication of internal privileged users (e.g. IT personnel)
Secure authentication of external users (e.g. citizen, business users)
Built-in
B ilt i mechanisms or id tit management services
h i identity t i
Federated identities, single-sign-on, user-centric approaches, delegation of identity
Access control
Authorization and access based on user credentials (user profiles, roles)
Authorization policy handling, authorization decisions, access control model
g
Auditing
Provision of audit logs, liability
Privacy
Identity attributes data documents service usage
attributes, data, documents,


Missions for identity management
ss o s o de t ty a age e t
Secure eIdentity: Important Steps

Development of future-oriented and
secure solutions for complex identities in
the virtual world in conjunction with the
new ID card
Promote the secure and seamless media
communication among heterogeneous
systems based on standardized
y
procedures / protocols
Cross-border interoperability
Contextual use of identity attributes
Privacy-supporting technologies
Combining various industry approaches,
standards and solutions

Modern industry states need an IT-infrastructure capable of managing
securely electronic id titi
l l t i identities

19


Petra H
P t Hoepner

Fraunhofer FOKUS
Research Group eIdentity
Kaiserin-Augusta-Allee 31, 10589 Berlin,
Germany y

Tel +49 (30) 3463 7185
Fax +49 (30) 3463 8000

Internet: www.fokus.fraunhofer.de
Email: petra hoepner@fokus fraunhofer de
petra.hoepner@fokus.fraunhofer.de

Идентификация - Identity Management (Германия - Fraunhofer FOKUS 2011)

Recomendados

Recomendados

Más contenido relacionado

La actualidad más candente

La actualidad más candente (20)

Similar a Идентификация - Identity Management (Германия - Fraunhofer FOKUS 2011)

Similar a Идентификация - Identity Management (Германия - Fraunhofer FOKUS 2011) (20)

Más de Victor Gridnev

Más de Victor Gridnev (20)

Último

Último (20)

Идентификация - Identity Management (Германия - Fraunhofer FOKUS 2011)