Date post: | 01-Apr-2015 |
Category: |
Documents |
Upload: | miranda-wade |
View: | 217 times |
Download: | 0 times |
WP8 Security and PrivacyIdentity Management
15. November 2012Wolfgang Steigerwald (DT)Robert Seidl (NSN)
The FI-WARE Project – Base Platform for Future Service Infrastructures
Agenda
Aspects of Identity Management
Differences of the IdM solutions
The Nokia Siemens Network (NSN) IdM-System
The Deutsche Telekom (DT) IdM-System
Questions, Answers and Discussion
The FI-WARE Project – Base Platform for Future Service Infrastructures
Device
Service Network
Application
User
Aspects of Identity Management
Authentication
private
secure
mutual
Single Sign-Onto
service domains
Identity Federationtowards
applications
Authorisation & Trust
Management
User & ProfileManagement
Authentication
Authorisation
Accounting
The FI-WARE Project – Base Platform for Future Service Infrastructures
FeaturesNSN DT
Authentication Methods:Username/Password Yes YeseID (STORK) Yes (2nd version) No3rd Party Login Yes YesAttribute Based Credentials Yes No
Supported Protocols:OAuth2.0 Yes (2nd version) YesSAML2.0 Yes NoOpenID Yes (2nd version) Yeshttps Yes Yes
Interfaces:Web Yes YesRestFull No Yes
Markets: Telecommunication Internet Shops
The FI-WARE Project – Base Platform for Future Service Infrastructures
Nokia Siemens Networks IDM Solution
One-IDM
The FI-WARE Project – Base Platform for Future Service Infrastructures
What we have and what we will offer in detail to FI-Ware UC projects.
Customer self care / Customer care tools
Service specific profile Features for One-IDM customers
Service will be managed and hosted by NSN Provisioning of user accounts will be done by
NSN Set-up of trust relations will be done by NSN Configuration of attribute database scheme
will be done by NSN
Service specific attributes can be viewed Account name at service Account type (existing or on-demand) Attribute release policy (admin role) Authentication at service can consider the
trust level of used authentication method at portal (cf. box above)
Full list of attributes can be viewed on overview page
Transparency towards user is an important concern
At the portal, users are able to view and (partially) modify their attributes
Basic identifiers cannot be modified (because e.g. full name is legally bound to a contract)
Identity management / AuthenticationAt the portal, the user may choose different authentication methods: username / password Facebook Connect (Facebook can be used as
Identity Provider) Support of ABC4Trust credentialsOther authentication methods (not in portal)
include: AAA GBA German eID Identity federation in general possible
The red marked features will be not available in the project.
The FI-WARE Project – Base Platform for Future Service Infrastructures
How you can use the One-IDM
User’sHome
Example Service
Service
One-IDM System
IdM Server
IdM Portal
federation
browser based redirect
The FI-WARE Project – Base Platform for Future Service Infrastructures
The Global Customer Platform
GCP
The FI-WARE Project – Base Platform for Future Service Infrastructures
What we have and what we will offer in detail to FI-Ware UC projects.
Customer self care / Customer care tools
Product management / Subscription managementfor free products
Features for GCP-B2B-customers
Cloud-offer: Managed and hosted environment
DTAG security- and data-privacy standards Complete online administration Online management of customer care agents Complete control over your brand – white-
label platform Any functionality also exposed via APIs for full
integration Complete and comprehensive online
documentation
Product catalog management (commercial aspects such as price-plans, contractual attributes)
Payment management for subscription products
Wide range of pricing-models for subscriptions (fixed recurring, trial periods, set-up fees, usage based post paid, …)
Global payment methods
Customizable customer self care portal for customer data administration, account administration, contract management, billing management
Customer care tooling for managing user-data, customer-data, contract-data and invoicing
Customer care tooling can be integrated with existing customer care systems
Registration / Identity management / Product booking
Complete online registration Complete Login, logout, single-sign-on Registration and login using 3rd party identity
providers (facebook, google, yahoo!, …) Password change, password recovery,
management of 3rd party ID-federations OAuth 2.0-based API for apps on iOS, android,
… Complete checkout-process for product
booking Complete management of payment-
information
The red marked features will be not available in the project.
The FI-WARE Project – Base Platform for Future Service Infrastructures
How you can use GCP
WEB Shop
WEB Shop
WEB Shop
Global Customer Platform
Tenant Instance
log
inlo
gin
log
inRegistration
orLogin
Configuration
CustomerSelf-care
Management
CustomerCare
Management
Admin
The FI-WARE Project – Base Platform for Future Service Infrastructures
Outlook• During the project we will provide a common interface for both IDM systems• We will provide additional features:
• One-IDM:• switch to Digital Self• support of OAuth2.0, OpenID, eID
• GCP:• new features will be developed regarding customer needs• enhancements to the REST-API
How to access the demosGCP demohttps://logint2.idm.toon.sul.t-online.de/media-storehttps://logint2.idm.toon.sul.t-online.de/music-servicehttps://logint2.idm.toon.sul.t-online.de/video-servicePlease contact [email protected]
One-IDMhttps://85.183.197.168:8443/idmPortalhttp://85.183.197.168/shop/catalogPlease contact [email protected]
Prerequisite: add these lines to your „hosts“ file(/etc/hosts or c:\windows\system32\drivers\etc\hosts):85.183.197.168 idm.nsn.com85.183.197.168 payb.nsn.com85.183.197.168 easybuy
The FI-WARE Project – Base Platform for Future Service Infrastructures
Thanks !!
The FI-WARE Project – Base Platform for Future Service Infrastructures
Preliminary Core GEs Architecture
Identity Store
Access Policy Store
White Label IDP
Policy Enforcement
Point
Credentialand Token Handling
IdemixPrivacy Crypto
Credential Store
IdMaaS
Authentication Handling
PII Access Control
Policy Enforcement
Point
Persistence Handler
Policy Decision Point
Authentication Policy Store
Federation Handling
Stork/ EID
Policy Decision Point
Policy Administration
Point
User/ Device Authentication
Credential Management
Personal Information Access Control
Identity Federation
Log Based Privacy Scanning Engine
Privacy Scanning
External Data Stores
Attribute and
Data HandlingData Store
Monitoring
8. 1 Event Generation
Auditing
8. 3 Audit Logs
8. 4 Billing BillingServices
Data Handling
Identity
Privacy
Legend
8. 3 User Logs
Administration/ Mass
Provisioning
External Identity Store
Attribute Name Adoption
Attribute Manager