1. Competence Center ELAN Fraunhofer FOKUS
Identity Management
Workshop: Russian-German Centre for Interoperable eGovernment Systems
Berlin,
B li 10th J
January 2011
Petra Hoepner
2. Competence Center ELAN Fraunhofer FOKUS
Co cept o de t ty a age e t
Concept of identity management
Every person is many
2
3. Competence Center ELAN Fraunhofer FOKUS
Co cept o de t ty a age e t
Concept of identity management
What is a digital identity?
Statements about a person
Long living identifier
g g
Set of attributes that describe
characteristics and permissions
People ha e different digital identities
have diffe ent
for different purposes
The particular relevant one is being
used
Usage requires that only the legitimate
owner can use this identity
3
4. Competence Center ELAN Fraunhofer FOKUS
Co cept o de t ty a age e t
Concept of identity management
Vision: Citizens friendly identity management
Every citizen has a digital identity with various attributes, that he can use to carry
y g y , y
out interactions in the digital world.
He is free to decide to whom he leaves which attributes of his digital identity and
for how long. He trusts in that the recipient of this information, e.g. the service
provider is authentic.
The citi en is in cont ol of the flo of his pe sonal info mation - e en ac oss
citizen control flow personal information even across
domains.
If it is not necessary for the transaction to transmit personal attributes - he can
refuse it.
It is easy for the citizen to use his digital identity and to select the appropriate
attributes for each transaction.
4
5. Competence Center ELAN Fraunhofer FOKUS
Dimension of Identity Management
Heterogenous Landscape
Email-Access User name
via website
i b it Password
Pass ord
User name
Online-Banking Password
eGovernment User name
services Password
Biometrics
IPSec eCommerce User name
services Password
User name
Workplace
Phishing Password
Fraud
User name
Trojans Private Password
other
6. Competence Center ELAN Fraunhofer FOKUS
Identity Management Stakeholders
Application and management of secure electronic identities
7. Competence Center ELAN Fraunhofer FOKUS
Identity Functions and S i
Id tit F ti d Services
Identification/
Registration/
R i t ti /
Secure Identity Management comprises:
at identity provider
or service provider
Identification and Registration of users
Authentication Authentication of users, i.e. transmit and verify
„Login“ – identities (who am I?)
Services, Websites,
Man
Communities Authorization of users for specific access (what
nagement
am I allowed to do?)
Authorization Monitoring und Auditing of usage
Roles and rights Management of user id titi
M t f identities, roles and rights
l d i ht
Allow / deny access (management of life cycle, sessions and security
context)
Monitoring and Auditing
Evidence of usage
8. Competence Center ELAN Fraunhofer FOKUS
Evolution of Identity Management
Identity
Convergence
User centric
Identity Trust and
interoperability of
Federated Id
F d t d User-centric
User centric and various identity
i id tit
service-centric solutions and
Architectural identities match
approach: Identity services
as a set of
SingleSignOn
g g attributes; Sharing
of service-centric
Single user-centric
IDs
ID paired with
Username many service-
Password centric IDs
9. Competence Center ELAN Fraunhofer FOKUS
Secure eIdentity Laboratory
eIdentity-Laboratory
Cooperation of Fraunhofer FOKUS and the Bundesdruckerei
Goals:
Provision of a process- and service
oriented architecture for identity-related
information.
Integration of various eIdentity
technologies and solutions
Platform a d a showcase for secu e
at o and s o case o secure
digital identities in innovative
application scenarios
11. Competence Center ELAN Fraunhofer FOKUS
The New Ge a ID Ca d
e e German Card
Electronic functions
online ID function
new ID card was launched in
Germany on 1 November 2010
Sovereign ID function / optionally stored on chip
It combines the traditional ID qualified electronic signature (QES)
card with th
d ith three new electronic
l t i
functions
11
12. Competence Center ELAN Fraunhofer FOKUS
The German eID
Innovation – Mutual identification
The Service Provider has to register with a German authority to access the German eID card
and its attributes like name, address and age.
Citizen Service Provider identifies itself Service
With an authorization ce t cate
t a aut o at o certificate Provider
Citizen as well as the SP are
trustworthy player within the
German eID framework
G ID f k
Is the service
provider Does the person
Citizen identifies herself
trustworthy? really exist?
with German eID
13. Competence Center ELAN Fraunhofer FOKUS
Authentication ith
A thentication with the Ge man eID ca d
German card
Service Provider
Transfer ID-data
User authenticated 1 7
to service provider
Access Web site
8
Redirect to 2
eID-service provider
4 Chip- and Terminal-
h d l
Citizen Authentication
3
Display
4 6
forms
Transfer ID d
T f ID-data
First name
Last name 5 eID-Service
Co
Confirm ID-
Age or:
ID-secret + service data with PIN
Provider
... provider number
= Pseudonym
14. Competence Center ELAN Fraunhofer FOKUS
Innovative applications – Identity of person and car
Car re-registration with the new German eID card and a future
automotive card
Car re-registration incorporating the
eID card and an e-paper based
automotive card
15. Competence Center ELAN Fraunhofer FOKUS
Identity and Privacy
myID.privat: Privacy based on trusted combination of identity attributes
Privacy and data security become more
important in the virtual world
Vision: anonymity and pseudonymity are
possible with trusted electronic identities
Design of an infrastructure supporting
privacy of personal data
Analysis and development of technologies
for the combination of attributes
Implementation of privacy-supporting
scenarios
Integration of the new German identity
card
16. Competence Center ELAN Fraunhofer FOKUS
Secure Id titi in the cloud
S Identities i th l d
eGovernment Services
Secure authentication and
access using the identity Social Networks
card to built trust between
provider and user of
services eBusiness Services
On
Identity/Attribute Provider
eSafe
Secure Identity
in the Cloud
Secure Authentication and Access
New German eID card
17. Competence Center ELAN Fraunhofer FOKUS
Challenges in clouds
Ch ll i l d
Trust Relations
TRUST
18. Competence Center ELAN Fraunhofer FOKUS
Challenges in clouds
Ch ll i l d
Identity services
Identification, User Provisioning
Single user or bulk provisioning, types of users, rapid turnaround
Authentication
Secure authentication of internal privileged users (e.g. IT personnel)
Secure authentication of external users (e.g. citizen, business users)
Built-in
B ilt i mechanisms or id tit management services
h i identity t i
Federated identities, single-sign-on, user-centric approaches, delegation of identity
Access control
Authorization and access based on user credentials (user profiles, roles)
Authorization policy handling, authorization decisions, access control model
g
Auditing
Provision of audit logs, liability
Privacy
Identity attributes data documents service usage
attributes, data, documents,
19. Competence Center ELAN Fraunhofer FOKUS
Missions for identity management
ss o s o de t ty a age e t
Secure eIdentity: Important Steps
Development of future-oriented and
secure solutions for complex identities in
the virtual world in conjunction with the
new ID card
Promote the secure and seamless media
communication among heterogeneous
systems based on standardized
y
procedures / protocols
Cross-border interoperability
Contextual use of identity attributes
Privacy-supporting technologies
Combining various industry approaches,
standards and solutions
Modern industry states need an IT-infrastructure capable of managing
securely electronic id titi
l l t i identities
19
20. Competence Center ELAN Fraunhofer FOKUS
Petra H
P t Hoepner
Fraunhofer FOKUS
Research Group eIdentity
Kaiserin-Augusta-Allee 31, 10589 Berlin,
Germany y
Tel +49 (30) 3463 7185
Fax +49 (30) 3463 8000
Internet: www.fokus.fraunhofer.de
Email: petra hoepner@fokus fraunhofer de
petra.hoepner@fokus.fraunhofer.de