Innovative Business Solutions November 2015 I Dario Belić I director of IT Development Service, ICT...
-
Upload
debra-doyle -
Category
Documents
-
view
222 -
download
0
Transcript of Innovative Business Solutions November 2015 I Dario Belić I director of IT Development Service, ICT...
Innovative Business Solutions
November 2015 I Dario Belić I director of IT Development Service, ICT Division, FINA, Croatia
National Identification and Authentication SystemINFuture2015
Innovative Business Solutions 2
FINA Company profile
• State-owned, but functions on commercial principles• 3100 employees• Wide network: branches in all larger towns and cities
in Croatia• Total income in 2014: €110 mil.
• Leading Croatian company in the area of financial intermediation and application of information technologies
• The Government’s main partner in the most challenging projects of national importance
• Constant focus and determination to fulfill the clients’ needs• 50-year business tradition in payment transactions processing• Held the exclusive right to execute domestic payment transactions in former
Yugoslavia as the Social Bookkeeping Service until 2002
Innovative Business Solutions 3
Products and Services
All phrases can be replaced with your
own text.
Public administrationiCityICT networks for public administration
BanksPayment services
National Clearing SystemPKI
e-Invoice e-Business
Accounting serviceArchiving
Business information
CitizensBill payment Exchange offices
GovernmentREGOS – Central Registry
of Insured PersonsNational Treasury System
One Stop ShopPublic Sector Employees
RegistryBlue Diesel System
Funds Enforcement System
e-Company ServiceMinistry of Justice – ICMS
hosting
Bank & Corporate clientsand citizens
Public sector
Innovative Business Solutions 4
2015 Open Government Awards
e-Citizen - the best project in Europe for the theme„Improving Public Services through Open Government"
Innovative Business Solutions 5
NIAS as a concept and platform
The authorization process(adding rights to resources)
Register of rights on individual resources for each user
Resource "A"
Resource "B"
Resource "C"
Resource "D"
Service "X"
The authorization process(adding rights to resources)
Register of rights on individual resources for each user
Resource "A"
Resource "B"
Resource "C"
Resource "D"
Service "Y"
The process of authentication(identification and verification of identity)
Register of users andissued credentials
Credential Issuer "A"
The authorization process(adding rights to resources)
Register of rights on individual resources for each user
Resource "A"
Resource "B"
Resource "C"
Resource "D"
Service "Z"
The process of authentication(identification and verification of identity)
Register of users andissued credentials
Credential Issuer "B"
The process of authentication(identification and verification of identity)
Register of users andissued credentials
Credential Issuer "C"
NIAS
SAML
SAML
Innovative Business Solutions 6
NIAS in numbers
• pilot project was carried out in 2012 (duration
2.5 months)• go live on 10 June 2014
• Number of e-Services in production: 26
• Number of integrated credentials: 9 (3 level 2 + 5 level 3 + 1 level 4)• In preparation: 1 (level 3)
• Number of unique users of the NIAS (according to OIB – personal identification number): approx. 190.000
• Total number of active credentials: approx. 270.000• Total number of log-ins to services: approx. 3,2 mil.
Innovative Business Solutions 7
How NIAS works?
e-Service provider
(web application)
User
(web browser)
1. An unauthenticated user wants to be authenticated for the e-Service [http request]
5. NIAS sends the response to e-service [http redirection + SAML Response message # 1] and returns to the step 1
12. e-Service enables access to the authenticated user [http response]
NIAS
(web application)
2. e-Service sends a request for authentication to NIAS SAML [http redirection + SAMLRequest message #1]
3. NIAS displays the message to the User: Do you approve the login to the e-service? [http request]
4. User "allow / not allow" the login [http response]
5. Depending on the response, NIAS begins the action
YES
NO
YES/NO5. NIAS shows the user a list of credentials that can be used for authentication [http request]
6. The user selects the type of credentials with which the authentication is to be carried out [http response]
7. NIAS sends a request for authentication to the authentication server [http redirection + SAML Request message # 2]
The authentication
server
(web application)
8. authentication server displays the interface for entering credentials [http response]
9. the user enters his credentials [http request]
10. the authentication server sends a response to NIAS [http redirection + SAML Response message # 2]
11. NIAS verifies the account of the authenticated user and sends a response to e-Service [http redirection + SAMLResponse message # 1]
Innovative Business Solutions 9
How Single Sign-Out works?
e-Service provider
(web application)
User
(web browser)
NIAS
(web application)
Other e-Service providers
(web applications)
1. An authenticated user logs in to the service and clicks on "Sign out"
2. e-Service sends a request for user logout to NIAS SAML [http redirection + LogoutRequest message #1]
3. NIAS shows the message to the User: Do you approve the unique logout from e-services [http request]
4. User "allow / not allow" the unique logout [http response]
5. Depending on the response, NIAS starts the
actionYES/NO
NO
5. NIAS sends the response to e-Service [http redirection + LogoutResponse message #2]
6. NIAS sends a message to each e-Service to which the user is logged in [SOAP +
LogoutRequest)
7. e-Service records which user must log out and responses to a request [SOAP +
LogoutResponse]
8. NIAS informs the user about e-Services from which they are logged off [http request]
9. user clicks on the "continue" button [http response]10. NIAS redirects the user back to the service provider [http redirection + LogoutResponse message #2]
11. e-Service informs the user that they are logged off
Innovative Business Solutions 10
NIAS e-Business
NIAS e-BusinessSAML
SAML
FINARDC CA
RDC-TDU CA
Registry of Concessions
eRegos Central Registry of Insured Persons
WEB BON Creditworthiness
RGFI Register of Annual Financial Statements
eBlokade Account blocking
ID provider
n..
Business User