stork 2.0 service boost egov services through identity ...€¦ ·...

þ  i4M Lab" Stork 2.0 is an EU co-‐funded project INFSO-‐ICT-‐PSP-‐297263

@INFOSTRAG, #syros, #july2014, #stork2, #e-government

How a country would intelligently use STORK 2.0 service offerings: Boost eGov Services through Identity Attributes Provision

<Petros KAVASSALIS, Univ. of the Aegean, i4M Lab & CTIP, Greece> <Stelios LELIS, Univ. of the Aegean, i4M Lab, Greece>

þ  i4M Lab"

þ  i4M Lab"

•  sophisticated products •  R. Anand et al, 2012,

IMF: “… Some products are more sophisticated, in the sense that they are associated with higher productivity levels*, and those countries that latch on to such products will perform better. Over time, the sophistication of a country’s production structure may evolve, through either an increase in the quality of previously produced goods, or a move into new, more sophisticated products….” (* and low price elasticity of exports)

2 Stork 2.0 is an EU co-‐funded

project INFSO-‐ICT-‐PSP-‐297263

background

þ  i4M Lab"

presentation outline

•  STORK 2.0: The European Network for e-identity provision –  online identity federation –  identity attributes

•  e-government services –  the “information move” requirement –  aggregate information from various sources

•  Re-use STORK 2.0 to provide smart e-gov services



þ  i4M Lab"

STORK in a picture…



Italian ciEzen

Italian Stork

gateway “C-‐PEPS”

e-‐ID + aNribute provider ( Italian )

3. select your country

4a. consent? 4b. which e-‐ID?

2. go Stork! 1. ask for service

service provider

Swedish Stork

gateway “S-‐PEPS”

5a. authenAcaAon 5b. consent (final)

þ  i4M Lab"

What are identity attributes?



example: diploma supplement

•  Name-value pairs (data) •  Provide basic personal identity

for a digital subject (physical person or legal entity)

–  Name. address etc. •  Used also to define

characteristics; examples: –  Is over 18? –  Has income below 10KE

(Year2013)? –  Has business location in Paris

•  Attributes may also contain rich information about a subject, such as education profile, purchasing behavior, bank account and balance etc.

–  Complex attributes

þ  i4M Lab"

STORK 2.0 in a nutshell

•  A common framework for cross-border federation and delivery of electronic identity in Europe –  In online-processes

•  web authentication via multi-attributes digital identities •  e-mandate provision (vital for legal entities) •  e-signature cross-border transfer

–  Open standards (SAML 2.0, HTTP POST, WebSSO) –  Deployment model

•  Based on the creation of “PEPS” proxy nodes •  EU Member States develop their own PEPS… a more decentralized

architecture could be possible •  Pilots in real-world environment (examples, open a bank account,

diploma supplement, mandates with detailed power description etc.) •  Previous STORK until Dec. 2011 - STORK 2.0: 2013-15, go pilot

now, go in real life after the end of STORK 2.0

Stork 2.0 is an EU co-‐funded project INFSO-‐ICT-‐

PSP-‐297263 6

þ  i4M Lab"

STORK 2.0 in detail



!

STORK EU-‐EEA MS proxy nodes

IdenLty and AMribute Providers

Service Prov

iders

MS B

idenLty as a service

***In US: Backend ANribute Exchange (BAE) but only for Federal Government Services

þ  i4M Lab"

Who is in? 19 EU countries!



þ  i4M Lab"

STORK 2.0 basic features: (i) a network of proxy nodes (PEPS)



+$FGH!FQ3.Q(36!<&.!936!R32T3.!+/1/38! ! X,'*!BY/S!?@BB!

!

!!+$FGH:3"=!!#&98&./(,2!! ! !!!!!!!!!!!!!!!!%103!O!&<!?P!

!!

X '>8!(9:8<AQ8<4B656:K!?A785!

I!%;%+!)&993)/8!(/8!91/(&91'!3"=!(9<.18/.,)/,.3!/&!<&.3(09!83.Q()3!-.&Q(73.8V!18!63''!18!(/8!91/(&91'!

83.Q()3!-.&Q(73.8!/&!<&.3(09!3"=!(9<.18/.,)/,.3C!$&!T3!1T'3!/&!,83!8,)S!3"=!(9<.18/.,)/,.3V!/S3!,83.!

-'1*8!19!(2-&./19/!.&'3j!6(/S&,/!S3.>S(8!-1./()(-1/(&9!/S3.3i8!9&!61*!/&!03/!71/1!3g)S19037C!$S,8!1!

%;%+!S18!N!(9/3.<1)38V!18!2173!)'31.!(9!/S3!<&''&6(90!)S1./E!

PEPS Colleagueinterface

National eID interface

ServiceProviderInterface

UserInterface




UserInterface

!

.6TG<8!H!`!%&%+!497!6:E!69:8<;438E!

$S(8!8)S321!(8!,837!/&!3g-'1(9!T.(3<'*!/S3!)&9)3-/,1'!(9/3.&-3.1T('(/*!2&73'C!

!

XVH %&%+!E:<G3:G<8!aS39!)&993)/(90!1!83.Q()3!-.&Q(73.!/&!/S3!+$FGH!-'1/<&.2V!/S(8!)&993)/(&9!6(''!T3!7&93!/S.&,0S!

S(8!91/(&91'!+$FGH!9&73C!$S(8!9&73!)&993)/8!/&!31)S!&<!/S3!&/S3.!91/(&91'!9&738!&<!/S3!-'1/<&.2V!

6S()S!&9!/S3(.!/,.9!)&993)/!/&!/S3!91/(&91'!3"=!(9<.18/.,)/,.3C!

C-PEPSColleagueinterface


UserInterface

S-PEPSServiceProviderInterface



UserInterface


!

.6TG<8!L!`!'aA!%&%+8E!3A??G9634:69T!

!

$S,8!&93!&<!/S3!/6&!%;%+38!S18!/S3!.&'3!&<!+:%;%+V!1//397(90!.3U,38/8!<.&2!+3.Q()3!%.&Q(73.8V!(9!

/S3!+%!)&,9/.*V!/S3!&/S3.!&93!S18!/S3!.&'3!&<!#:%;%+V!/1L(90!)1.3!&<!/S3!(9/3.<1)3!6(/S!/S3!)(/(k39V!

(9!)(/(k39i8!)&,9/.*C!$S(8!'18/!.&'3!1'8&!188,238!/S3!(9/3.<1)3!6(/S!3"=!-.&Q(8(&9(90!197!-&88(T'3!

177(/(&91'!I//.(T,/3!%.&Q(73.8C!

%'3183!9&/3!/S1/V!3Q39!/S&,0S!/S3!.37(.3)/(&9!<.&2!+%!/&!/S3!#:%;%+!0&38!/6()3!/S.&,0S!/S3!,83.i8!

T.&683.!197!/S.&,0S!/S3!+:%;%+V!/S383!(9/3.237(1/3!8/3-8!1.3!/.198-1.39/!<&.!/S3!,83.C!

$S383!.&'38V!+:%;%+!197!#:%;%+!)19!1'8&!T3!8339!6(/S(9!/S3!8/.,)/,.3!&<!/S3!%;%+!8&</61.3!197!

/S3! )&993)/&.8! /&! T3! (9/3..&01/37C!]&.21''*V! (9! &93! ).&88:T&.73.! /.1981)/(&9V! 1! %;%+!6(''! &9'*!

188,23!&93!&<!/S383!.&'38j!&9'*!(<!+%!)&,9/.*!197!)(/(k39!)&,9/.*!1.3!/S3!8123V!/S(8!%;%+!6&,'7!

188,23!T&/S!.&'38C!J,/!/S(8!8)391.(&!(8!9&/!).&88:T&.73.V!8&!&,/8(73!+$FGHi8!8)&-3V!197!(9!8&23!

)&,9/.(38!6&,'79i/!6&.LC!

SP S-‐PEPS

IdP

AP

C-‐PEPS

+$FGH!FQ3.Q(36!<&.!936!R32T3.!+/1/38! ! X,'*!BY/S!?@BB!

!

!!+$FGH:3"=!!#&98&./(,2!! ! !!!!!!!!!!!!!!!!%103!O!&<!?P!

!!

X '>8!(9:8<AQ8<4B656:K!?A785!

I!%;%+!)&993)/8!(/8!91/(&91'!3"=!(9<.18/.,)/,.3!/&!<&.3(09!83.Q()3!-.&Q(73.8V!18!63''!18!(/8!91/(&91'!

83.Q()3!-.&Q(73.8!/&!<&.3(09!3"=!(9<.18/.,)/,.3C!$&!T3!1T'3!/&!,83!8,)S!3"=!(9<.18/.,)/,.3V!/S3!,83.!

-'1*8!19!(2-&./19/!.&'3j!6(/S&,/!S3.>S(8!-1./()(-1/(&9!/S3.3i8!9&!61*!/&!03/!71/1!3g)S19037C!$S,8!1!

%;%+!S18!N!(9/3.<1)38V!18!2173!)'31.!(9!/S3!<&''&6(90!)S1./E!




UserInterface




UserInterface

!

.6TG<8!H!`!%&%+!497!6:E!69:8<;438E!

$S(8!8)S321!(8!,837!/&!3g-'1(9!T.(3<'*!/S3!)&9)3-/,1'!(9/3.&-3.1T('(/*!2&73'C!

!

XVH %&%+!E:<G3:G<8!aS39!)&993)/(90!1!83.Q()3!-.&Q(73.!/&!/S3!+$FGH!-'1/<&.2V!/S(8!)&993)/(&9!6(''!T3!7&93!/S.&,0S!

S(8!91/(&91'!+$FGH!9&73C!$S(8!9&73!)&993)/8!/&!31)S!&<!/S3!&/S3.!91/(&91'!9&738!&<!/S3!-'1/<&.2V!

6S()S!&9!/S3(.!/,.9!)&993)/!/&!/S3!91/(&91'!3"=!(9<.18/.,)/,.3C!



UserInterface




UserInterface


!

.6TG<8!L!`!'aA!%&%+8E!3A??G9634:69T!

!

$S,8!&93!&<!/S3!/6&!%;%+38!S18!/S3!.&'3!&<!+:%;%+V!1//397(90!.3U,38/8!<.&2!+3.Q()3!%.&Q(73.8V!(9!

/S3!+%!)&,9/.*V!/S3!&/S3.!&93!S18!/S3!.&'3!&<!#:%;%+V!/1L(90!)1.3!&<!/S3!(9/3.<1)3!6(/S!/S3!)(/(k39V!

(9!)(/(k39i8!)&,9/.*C!$S(8!'18/!.&'3!1'8&!188,238!/S3!(9/3.<1)3!6(/S!3"=!-.&Q(8(&9(90!197!-&88(T'3!

177(/(&91'!I//.(T,/3!%.&Q(73.8C!

%'3183!9&/3!/S1/V!3Q39!/S&,0S!/S3!.37(.3)/(&9!<.&2!+%!/&!/S3!#:%;%+!0&38!/6()3!/S.&,0S!/S3!,83.i8!

T.&683.!197!/S.&,0S!/S3!+:%;%+V!/S383!(9/3.237(1/3!8/3-8!1.3!/.198-1.39/!<&.!/S3!,83.C!

$S383!.&'38V!+:%;%+!197!#:%;%+!)19!1'8&!T3!8339!6(/S(9!/S3!8/.,)/,.3!&<!/S3!%;%+!8&</61.3!197!

/S3! )&993)/&.8! /&! T3! (9/3..&01/37C!]&.21''*V! (9! &93! ).&88:T&.73.! /.1981)/(&9V! 1! %;%+!6(''! &9'*!

188,23!&93!&<!/S383!.&'38j!&9'*!(<!+%!)&,9/.*!197!)(/(k39!)&,9/.*!1.3!/S3!8123V!/S(8!%;%+!6&,'7!

188,23!T&/S!.&'38C!J,/!/S(8!8)391.(&!(8!9&/!).&88:T&.73.V!8&!&,/8(73!+$FGHi8!8)&-3V!197!(9!8&23!

)&,9/.(38!6&,'79i/!6&.LC!

þ  i4M Lab"

STORK 2.0 basic features: : (ii) an attribute collection and aggregation service



SP

National IdP

AtP1

AtP2

1 2

3

4

5

6

7

8

9

10 11

aMribute collecLon service

IdP

AP

SP

STORK 2.0 ACS

Interaction with the user

þ  i4M Lab"

e-identity in sum…

•  A digital identity is a composite document –  Multi-section; each section includes a personal attribute –  Multi-provider; attributes are collected from multiple Identity and

Attribute Providers -- IdPs and APs providing service at different quality levels (LOA)

•  Is managed by a federated identity structure (which also manages the user consent process)

•  Is created through the collection of attributes from IdPs and APs members of the federation

•  Is delivered to a Service Provider (SP), and consumed by the SP in an online authentication and access control process (user consent)



þ  i4M Lab"

The STORK 2.0 mechanism for identity attributes provision can be re-used to enable smart e-gov

services

•  e-gov services: requirements for federating personal information to (usually) produce an electronic document

•  Cross-border services by necessity –  Should span over multiple organizations

•  Always involve a process orchestrating various IT systems and users –  applicant interface –  basic registries –  gov IT (cms etc) –  employees desktops –  third party services (for example banks)



þ  i4M Lab"

An e-gov service as the outcome of a process


project INFSO-‐ICT-‐PSP-‐297263 Petros KAVASSALIS <pkavassalis@atlanLs-‐

13

Applicant: acEvity

Public Employee: acEvity

Legacy System and Third Part ApplicaEons

orchestraLon: business process management – case management etc.

this is a typical e-‐gov service!

service outcome

request

þ  i4M Lab"

Re-use STORK 2.0 as the basic infrastructure for e-gov processes support (national level)

•  Federated Identity can revolutionize e-government services –  Securing access to online government services through federated IDs

•  STORK 2.0 can provide “lessons to learn” on how to organize federated identity services at the national level

•  STORK 2.0 may also provide a mechanism for smart e-services requiring interaction with the users and not extended internal process automation –  BPMS solutions are expensive –  Public employees are reluctant to adopt a “task attribution” method of

work •  The STORK 2.0 infrastructure is here, the cost of re-using STORK in

national e-gov provision is limited, it can efficiently supply a lot of sophisticated scenarios of e-gob services (4th and 5th level of sophistication)…



þ  i4M Lab"

STORK 2.0 for e-government: an opportunity for smart and lean e-gov services

Example: subscription of freshmen in Greek Universities involves the physical presence of a student’s family. e-subscription through STORK 2.0!



ApplicaLon submission

recepLon STORK 2.0

IdP

minedu

idenLficaLon subscripLon

Document submission

þ  i4M Lab"

How STORK 2.0 makes it possible? By creating clean interfaces at the extreme points…



AP

IdP SP

STORK SAML 2.0

common enterprise technologies WS-‐REST

common enterprise technologies

SSO-‐WS-‐workflow

Streamline to increase aggregaLon efficiency

STORK enabled applicatons

þ  i4M Lab"

http://www.eid-stork2.eu



þ  i4M Lab" 18 Stork 2.0 is an EU co-‐funded


stork 2.0 service boost egov services through identity ...€¦ ·...

Documents