Insu Eid 20111018
-
Upload
bart-hanssens -
Category
Documents
-
view
1.154 -
download
2
Transcript of Insu Eid 20111018
![Page 1: Insu Eid 20111018](https://reader033.fdocuments.us/reader033/viewer/2022042522/55a0288f1a28abec618b475d/html5/thumbnails/1.jpg)
© Fedict 2011. All rights reserved
EID in BelgiumINSU - Stockholm – 24/Oct/2011
Bart Hanssens
![Page 2: Insu Eid 20111018](https://reader033.fdocuments.us/reader033/viewer/2022042522/55a0288f1a28abec618b475d/html5/thumbnails/2.jpg)
© Fedict 2011. All rights reserved
Introduction
![Page 3: Insu Eid 20111018](https://reader033.fdocuments.us/reader033/viewer/2022042522/55a0288f1a28abec618b475d/html5/thumbnails/3.jpg)
© Fedict 2011. All rights reserved | p. 3
Electronic ID Card (front)
![Page 4: Insu Eid 20111018](https://reader033.fdocuments.us/reader033/viewer/2022042522/55a0288f1a28abec618b475d/html5/thumbnails/4.jpg)
© Fedict 2011. All rights reserved | p. 4
Electronic ID Card (back)
![Page 5: Insu Eid 20111018](https://reader033.fdocuments.us/reader033/viewer/2022042522/55a0288f1a28abec618b475d/html5/thumbnails/5.jpg)
© Fedict 2011. All rights reserved | p. 5
Electronic ID Card
Compulsory8 million cards
Contact card
Basic infoName, address, gender, unique national numberLow-res photo (no advanced biometrics)
2 Key-pairsSigning and authentication (same PIN code)No PIN-code caching for signing
![Page 6: Insu Eid 20111018](https://reader033.fdocuments.us/reader033/viewer/2022042522/55a0288f1a28abec618b475d/html5/thumbnails/6.jpg)
© Fedict 2011. All rights reserved | p. 6
Some applications
Tax on WebMost “popular”
Police on WebReport shoplifting, vandalism, bike theft
National e-Lottery
Loyalty card
Library card
![Page 7: Insu Eid 20111018](https://reader033.fdocuments.us/reader033/viewer/2022042522/55a0288f1a28abec618b475d/html5/thumbnails/7.jpg)
© Fedict 2011. All rights reserved | p. 7
Community
Almost all components are open sourceLGPL, not EUPL
Multi-channel supportHelpdesk for middlewareGoogle group / mailing list, twitter, ...
Demo site, documentation, videos, ...
![Page 8: Insu Eid 20111018](https://reader033.fdocuments.us/reader033/viewer/2022042522/55a0288f1a28abec618b475d/html5/thumbnails/8.jpg)
© Fedict 2011. All rights reserved
Components
![Page 9: Insu Eid 20111018](https://reader033.fdocuments.us/reader033/viewer/2022042522/55a0288f1a28abec618b475d/html5/thumbnails/9.jpg)
© Fedict 2011. All rights reserved | p. 9
Classic middleware
Open sourceLGPL, not EUPL
Windows, MacOS, Linux 32/64-bitUser-friendly “quick install” available
Small SDKV3: own APIV4: PKCS#11 v1.2
Issue: user still has to install it manually
![Page 10: Insu Eid 20111018](https://reader033.fdocuments.us/reader033/viewer/2022042522/55a0288f1a28abec618b475d/html5/thumbnails/10.jpg)
© Fedict 2011. All rights reserved | p. 10
Federal Authentication Service
SAML 2
eID card and token
SupportedFederal, Regional, Municipalities
![Page 11: Insu Eid 20111018](https://reader033.fdocuments.us/reader033/viewer/2022042522/55a0288f1a28abec618b475d/html5/thumbnails/11.jpg)
© Fedict 2011. All rights reserved | p. 11
BrowserJBOSS
New architecture: IDP example
EID Card
IDP Trust Service
Applet
Website
jtrustOCSPBelgiu
m
Module
![Page 12: Insu Eid 20111018](https://reader033.fdocuments.us/reader033/viewer/2022042522/55a0288f1a28abec618b475d/html5/thumbnails/12.jpg)
© Fedict 2011. All rights reserved | p. 12
Applet
Java SE 6
Communicates directly with the cardNo middleware required !
Supported on recent (desktop) browsersIE 7+, Firefox 3+, Chrome 9+, SafariAuto-installs correct JRE
![Page 13: Insu Eid 20111018](https://reader033.fdocuments.us/reader033/viewer/2022042522/55a0288f1a28abec618b475d/html5/thumbnails/13.jpg)
© Fedict 2011. All rights reserved | p. 13
Identity Provider
Uses Applet and Trust Service
JBoss 6 package
Communicates with Relying Parties (sites)
Multi-protocolSAML 2, OpenID 2, WS-FederationIntegrators don't have to be eID experts !
Not available as service (yet)Best effort support
![Page 14: Insu Eid 20111018](https://reader033.fdocuments.us/reader033/viewer/2022042522/55a0288f1a28abec618b475d/html5/thumbnails/14.jpg)
© Fedict 2011. All rights reserved | p. 14
Trust
Trust ServiceChecks validityOCSP or (cached) CRL
jTrust libraryCRLValidation of X509 certificatesAlternative to Java Certification Path Validator API
![Page 15: Insu Eid 20111018](https://reader033.fdocuments.us/reader033/viewer/2022042522/55a0288f1a28abec618b475d/html5/thumbnails/15.jpg)
© Fedict 2011. All rights reserved | p. 15
Drupal eID – IDP module
Will be released as open sourceNOT the Coworks module on Drupal.org
Reuses Drupal's openid codeBut “core” openid module must be disabled
User-friendly:Log in button: no need to remember URLSelf-registration with eID
Mapping of eID info to Profile module fieldsOpenID AX Schema
![Page 16: Insu Eid 20111018](https://reader033.fdocuments.us/reader033/viewer/2022042522/55a0288f1a28abec618b475d/html5/thumbnails/16.jpg)
© Fedict 2011. All rights reserved | p. 16
Digital Signature Service
Uses Applet, Trust and Timestamp Service
XAdES-X-L
Sign any XML “document”ETSI ASiC (ZIP)ODF / OOXMLDefine your own format
VisualisationAdmin can register trusted XSLTsOptionally: embed eID photo“green mark” in OpenOffice / MS-Office
![Page 17: Insu Eid 20111018](https://reader033.fdocuments.us/reader033/viewer/2022042522/55a0288f1a28abec618b475d/html5/thumbnails/17.jpg)
© Fedict 2011. All rights reserved
Demo: Drupal and eID
![Page 18: Insu Eid 20111018](https://reader033.fdocuments.us/reader033/viewer/2022042522/55a0288f1a28abec618b475d/html5/thumbnails/18.jpg)
© Fedict 2011. All rights reserved | p. 18
Step 1: push beID button
![Page 19: Insu Eid 20111018](https://reader033.fdocuments.us/reader033/viewer/2022042522/55a0288f1a28abec618b475d/html5/thumbnails/19.jpg)
© Fedict 2011. All rights reserved | p. 19
Step 2: insert eID card
![Page 20: Insu Eid 20111018](https://reader033.fdocuments.us/reader033/viewer/2022042522/55a0288f1a28abec618b475d/html5/thumbnails/20.jpg)
© Fedict 2011. All rights reserved | p. 20
Step 3: enter PIN code
![Page 21: Insu Eid 20111018](https://reader033.fdocuments.us/reader033/viewer/2022042522/55a0288f1a28abec618b475d/html5/thumbnails/21.jpg)
© Fedict 2011. All rights reserved | p. 21
Step 4: enter email address
![Page 22: Insu Eid 20111018](https://reader033.fdocuments.us/reader033/viewer/2022042522/55a0288f1a28abec618b475d/html5/thumbnails/22.jpg)
© Fedict 2011. All rights reserved
More info
![Page 23: Insu Eid 20111018](https://reader033.fdocuments.us/reader033/viewer/2022042522/55a0288f1a28abec618b475d/html5/thumbnails/23.jpg)
© Fedict 2011. All rights reserved | p. 23
References
http://eid.belgium.be
http://code.google.com/p/eid-applet/
http://code.google.com/p/eid-idp/
http://code.google.com/p/eid-dss/
http://code.google.com/p/jtrust/
https://www.e-contract.be
![Page 24: Insu Eid 20111018](https://reader033.fdocuments.us/reader033/viewer/2022042522/55a0288f1a28abec618b475d/html5/thumbnails/24.jpg)
© Fedict 2011. All rights reserved
Questions ?
![Page 25: Insu Eid 20111018](https://reader033.fdocuments.us/reader033/viewer/2022042522/55a0288f1a28abec618b475d/html5/thumbnails/25.jpg)
© Fedict 2011. All rights reserved
Thanks !Fedict – Federal Public Service ICTMaria-Theresiastraat 1/31000 Brussels (Belgium)www.fedict.be
bart.hanssens[at]fedict.be | @BartHanssens