Upload
lehuong
View
224
Download
7
Embed Size (px)
Citation preview
©2013 Nokia Solutions and Networks. All rights reserved.
Restrictive download of documents Robert Seidl, Nokia Solutions and Networks
10/04/14 TDL / v.0.5 / Nokia Solutions and Networks / Robert Seidl
2 ©2013 Nokia Solutions and Networks. All rights reserved.
Introduction to the FI-WARE project
FI-WARE security chapter: combined demonstrator
Anonymous access to file store service
Policy based access to resources
Use of zero knowledge proof technology (Idemix)
10/04/14
Content
TDL / v.0.5 / Nokia Solutions and Networks / Robert Seidl
3 ©2013 Nokia Solutions and Networks. All rights reserved. 10/04/14
Our Objective FI-WARE
TDL / v.0.5 / Nokia Solutions and Networks / Robert Seidl
4 ©2013 Nokia Solutions and Networks. All rights reserved. 10/04/14
Use-Case Areas FI-WARE
TDL / v.0.5 / Nokia Solutions and Networks / Robert Seidl
5 ©2013 Nokia Solutions and Networks. All rights reserved. 10/04/14
Core Platform Architecture FI-WARE
TDL / v.0.5 / Nokia Solutions and Networks / Robert Seidl
6 ©2013 Nokia Solutions and Networks. All rights reserved.
Privacy
FI-WARE Security Chapter A collection of Generic Enablers (GE) for Security Functionality
TDL / v.0.5 / Nokia Solutions and Networks / Robert Seidl 10/04/14
7 ©2013 Nokia Solutions and Networks. All rights reserved. 10/04/14
Data Handling GE FI-WARE Security Chapter
Ø Focuses on revealing specific attributes or other data according to defined privacy and security conditions
Ø Deploys PPL language based on XACML to describe preferences and policies
Ø Attaches these preferences and policies to the data
Ø Allows definition of a specific retention period
TDL / v.0.5 / Nokia Solutions and Networks / Robert Seidl
8 ©2013 Nokia Solutions and Networks. All rights reserved. 10/04/14
Privacy-Preserving Authentication GE FI-WARE Security Chapter
Ø Provides building blocks to implement all roles of a privacy-preserving authentication system
Ø Based on Idemix crypto engine
Ø In particular, it allows ü identity providers to setup an online service for issuing privacy-
preserving attribute-based credentials (aka anonymous credentials)
ü end users to generate privacy-preserving tokens to anonymously authenticate to service providers
ü service providers to verify the user-generated tokens with respect to a given access policy
TDL / v.0.5 / Nokia Solutions and Networks / Robert Seidl
9 ©2013 Nokia Solutions and Networks. All rights reserved. 10/04/14
Identity Management – DigitalSelf GE FI-WARE Security Chapter
Ø Encompasses a number of aspects involved with users' access to networks, services and applications, including
ü Secure and private authentication
ü ‘Authorisation & Trust’ management
ü ‘User Profile’ management
ü Self management of personal data
ü ‘Single Sign-On’ (SSO) to service domains
ü ‘Identity Federation’ towards applications
TDL / v.0.5 / Nokia Solutions and Networks / Robert Seidl
10 ©2013 Nokia Solutions and Networks. All rights reserved. 10/04/14
Combined Demonstrator FI-WARE Security Chapter
WP8 Combined Demonstrator on Ø Identity Management GE (NSN) Ø Data Handling GE (SAP) Ø Privacy GE (IBM)
>> Taking privacy work from ABC4Trust project Making it work in the FI-WARE Platform <<
TDL / v.0.5 / Nokia Solutions and Networks / Robert Seidl
11 ©2013 Nokia Solutions and Networks. All rights reserved. 10/04/14
Description of Use-Case FI-WARE WP8 Combined Demonstrator
TDL / v.0.5 / Nokia Solutions and Networks / Robert Seidl
Demonstrator illustrates: Ø Anonymous access to file store service Ø Policy based access to resources Ø Use of zero knowledge proof technology (Idemix)
By use of the Generic Enablers: Ø Data Handling GE: An enhanced file store service allows access to resources based on “sticky” policies Ø Privacy GE: Provides building blocks for ‘User in the Cloud’, ‘Verifier as a Service’ and ‘Issuer Service’ Ø Identity GE: An enhanced IDM system provides attributes (PII) needed for issuing credentials
Result: Ø While respecting privacy of the user, selective attribute sharing will be supported
restricted to the ‘need to know’ principle.
12 ©2013 Nokia Solutions and Networks. All rights reserved. 10/04/14
High Level Architecture: Enrolment FI-WARE WP8 Combined Demonstrator
TDL / v.0.5 / Nokia Solutions and Networks / Robert Seidl
Iden%ty Agent / user in the cloud
Web Service
Privacy GE User
Iden%ty Mgnt. System / Issuer
Auth Server
DS Portal
Data Gateway
User login credentials for accessing Issuer Verified User attributes
Web Service
Privacy GE
Issuer
Privacy GE (IBM)
IdM GE (NSN)
Data Handling GE (SAP)
User Privacy GE credentials
13 ©2013 Nokia Solutions and Networks. All rights reserved. 10/04/14
High Level Architecture: Use-Case FI-WARE WP8 Combined Demonstrator
TDL / v.0.5 / Nokia Solutions and Networks / Robert Seidl
Iden%ty Agent / user in the cloud
Verifier
File Store
Web GUI Privacy GE (IBM)
IdM GE (NSN)
Data Handling GE (SAP)
Map storing verification policies based on policy ID File Store login credential for accessing Verifier
Web Service
Privacy GE
Verifier
Web Service
Privacy GE User
Map storing verification policy, verifier URL and resource URL based on nonce Map storing policy IDs based on resources File Store login credential for accessing Verifier
14 ©2013 Nokia Solutions and Networks. All rights reserved. 10/04/14
Snapshots of the Demo FI-WARE WP8 Combined Demonstrator
TDL / v.0.5 / Nokia Solutions and Networks / Robert Seidl
15 ©2013 Nokia Solutions and Networks. All rights reserved. 10/04/14 TDL / v.0.5 / Nokia Solutions and Networks / Robert Seidl
Questions and Answers FI-WARE WP8 Combined Demonstrator
? ?
? ? …
[email protected] https://abc4trust.eu http://www.fi-ware.org http://catalogue.fi-ware.org
©2013 Nokia Solutions and Networks. All rights reserved.
Thank you [email protected]