Home >Documents >Insu Eid 20111018

Insu Eid 20111018

Date post:11-Jul-2015
Category:
View:1,139 times
Download:2 times
Share this document with a friend
Transcript:

eID in Belgium

EID in Belgium

INSU - Stockholm 24/Oct/2011 Bart Hanssens

Introduction

Electronic ID Card (front)

Electronic ID Card (back)

Electronic ID Card

Compulsory8 million cards

Contact card

Basic infoName, address, gender, unique national number

Low-res photo (no advanced biometrics)

2 Key-pairsSigning and authentication (same PIN code)

No PIN-code caching for signing

Some applications

Tax on WebMost popular

Police on WebReport shoplifting, vandalism, bike theft

National e-Lottery

Loyalty card

Library card

Community

Almost all components are open sourceLGPL, not EUPL

Multi-channel supportHelpdesk for middleware

Google group / mailing list, twitter, ...

Demo site, documentation, videos, ...

Components

Classic middleware

Open sourceLGPL, not EUPL

Windows, MacOS, Linux 32/64-bitUser-friendly quick install available

Small SDKV3: own API

V4: PKCS#11 v1.2

Issue: user still has to install it manually

Federal Authentication Service

SAML 2

eID card and token

SupportedFederal, Regional, Municipalities

BrowserJBOSSNew architecture: IDP example

EID CardIDPTrust ServiceAppletWebsite

jtrust

OCSPBelgium

Module

Applet

Java SE 6

Communicates directly with the cardNo middleware required !

Supported on recent (desktop) browsersIE 7+, Firefox 3+, Chrome 9+, Safari

Auto-installs correct JRE

Identity Provider

Uses Applet and Trust Service

JBoss 6 package

Communicates with Relying Parties (sites)

Multi-protocolSAML 2, OpenID 2, WS-Federation

Integrators don't have to be eID experts !

Not available as service (yet)Best effort support

Trust

Trust ServiceChecks validity

OCSP or (cached) CRL

jTrust libraryCRL

Validation of X509 certificates

Alternative to Java Certification Path Validator API

Drupal eID IDP module

Will be released as open sourceNOT the Coworks module on Drupal.org

Reuses Drupal's openid codeBut core openid module must be disabled

User-friendly:Log in button: no need to remember URL

Self-registration with eID

Mapping of eID info to Profile module fieldsOpenID AX Schema

Digital Signature Service

Uses Applet, Trust and Timestamp Service

XAdES-X-L

Sign any XML documentETSI ASiC (ZIP)

ODF / OOXML

Define your own format

VisualisationAdmin can register trusted XSLTs

Optionally: embed eID photo

green mark in OpenOffice / MS-Office

Demo: Drupal and eID

Step 1: push beID button

Step 2: insert eID card

Step 3: enter PIN code

Step 4: enter email address

More info

References

http://eid.belgium.be

http://code.google.com/p/eid-applet/

http://code.google.com/p/eid-idp/

http://code.google.com/p/eid-dss/

http://code.google.com/p/jtrust/

https://www.e-contract.be

Questions ?

Thanks !

Fedict Federal Public Service ICTMaria-Theresiastraat 1/31000 Brussels (Belgium)www.fedict.be

bart.hanssens[at]fedict.be | @BartHanssens

Fedict 2011. All rights reserved | p.

Fedict logo

.be logo

Fedict logo

Fedict 2011. All rights reserved

Popular Tags:
of 25/25
© Fedict 2011. All rights reserved EID in Belgium INSU - Stockholm – 24/Oct/2011 Bart Hanssens
Embed Size (px)
Recommended