johannes schm lz
play

Johannes Schmlz } Tobias Wich Dr. Detlef Hhnlein Moritz Horsch - PowerPoint PPT Presentation

Mar 26, 2024 •171 likes •532 views

Trusted identities for the cloud using open source technologies where Open eCard App meets SkIDentity Johannes Schmlz } Tobias Wich Dr. Detlef Hhnlein Moritz Horsch Berlin, 23.5.2012 Agenda Introduction Identity Management

  1. Trusted identities for the cloud using open source technologies where Open eCard App meets SkIDentity Johannes Schmölz } Tobias Wich Dr. Detlef Hühnlein Moritz Horsch Berlin, 23.5.2012

  2. Agenda  Introduction  Identity Management  eCard-API-Framework  SkIDentity  Open eCard App  Summary

  3. Identities ● A „complete identity“ is the sum of all attributes of any entity ● A „digital identity“ ⊂ „complete identity“ ● Or „partial identity“ ● An Identity Management is a system responsible for the attributes of identities ● It creates assertions for partial identities

  4. (Site-)Local IdM Systems ● IdP (Identity Provider) and SP (Service Provider) belong to the same realm ● Not possible to use identity outside realm ● Examples ● /etc/shadow ● Database (SQL/LDAP) ● ...

  5. Federated IdM Systems ● IdP and SP have a trust relationship ● IdP creates assertion of a users identity ● SP can validate and use an assertion ● Examples ● Kerberos ● SAML ● OpenID ● OAuth ● ...

  6. Federated Architecture Identity Provider Client Service Provider

  7. Status Quo Identity Management ● Passwords are (still) standard ● When passwords are simple, then they are ● easy to use ● easy to carry around (knowledge) ● cheap ● Therefore : Identity theft is serious threat ● Phishing, XSS, Sony, … ● In fact even worse with SSO

  8. Authentication T okens to the rescue ● One-Time-Password (OTP) T oken ● Yubikey, Smartphone, ... ● Biometry ● can be strong, but must not be ● X509 is the poor mans smart-card ● Can be seen as hybrid (Possession of knowledge/data) ● But fights XSS, phishing (not all) and Sony ● smart-card + PIN (+ Certificates) ● Cards vary greatly with regard to security

  9. So why is nobody using it? ● Hardware-T okens often use different Protocols ● Few client applications are ready for use with Smart-Card X ● Locked out when token is lost/defect ● Hardware has a price ● High security too

  10. Agenda  Introduction  Identity Management  eCard-API-Framework  SkIDentity  Open eCard App  Summary

  11. eCard-API-Framework „The objective of the eCard-API-Framework is the provision of a simple and homogeneous interface to enable standardised use of the various smart cards (eCards) for different applications.“ In other Words: Network transparent abstractions of smart- cards with XML and SOAP .

  12. eCard-API Architecture

  13. Agenda  Introduction  Identity Management  eCard-API-Framework  SkIDentity  Open eCard App  Summary

  14. Identity + Cloud = SkIDentity

  15. Who is SkIDentity?

  16. Goals of SkIDentity ● Create infrastructure with all components ● Cloud Connector ● Multi Protocol IdP ● eID-Server backends ● Client Application for arbitrary HW-T okens ● Make infrastructure easy to use (for SP) ● Combine multiple identities/providers ● Make it easy enough for users to use and accept HW-T okens

  17. Architecture eID-Server OTP-Server eID-Broker eID-Client Browser CC Service Provider

  18. How could it look like?

  19. What happens next? ● T oken selection ● T o be continued ...

  20. Benefits ● Supports multiple protocols → When e.g. OAuth is integrated, the SP can switch the IdP, or support multiple IdPs ● More tokens supported by enabling the appropriate backend and add a CardInfo file ● Much easier to integrate than n eID-Servers ● Anonymous identities with Site-specific Pseudonyms

  21. Agenda  Introduction  Identity Management  eCard-API-Framework  SkIDentity  Open eCard App  Summary

  22. Existing eCard Clients

  23. What is the problem? ● None has publicly available source ● All free (beer) clients are limited to nPA ● No client has real CardInfo support ● eCard-API is still changing, new features get adopted quite slowly ● Clients in general not non-Web-SSO ready ● Ports to other platforms ● Clients only support Auth and Sign ● ...

  24. Open eCard App - The Facts! ● Dual license (GPLv3 or proprietary) ● Heavily modularized to support pluggable architecture ● Multiple application bundles ● Leightweight design ● Extensible ● Protocols ● Frontend interface (binding) ● Builtin protocol endpoints ● User Consent GUI

  25. T echnical Basis ● Libraries ● Clients in the first release ● Java integrated ● Rich Client for – JAXB, SmartcardIO, Desktops Android NFC, ... ● Bouncycastle ● Applet ● slf4j ● Android

  26. High-Level Design

  27. User Consent Screenshots

  28. User Consent Screenshots

  29. User Consent Screenshots

  30. PIN-entry from IFD

  31. Current Status and Roadmap ● Complete Features ● Dispatcher, Recognition and Event Engine, GUI ● Almost Complete Features ● IFD, SAL, CardInfo support ● Milestone 1.0.0-pre1 ● Feature development of EAC and TLS protocols ● Milestone 1.0.0-pre2 ● Documentation and T esting ● Release 1.0.0 ● Finish Rich Client, Applet and Android app

  32. Participate ● Source will be on GitHub ● What can you do? ● Explore the code and find bugs ● Activation Request Dispatcher ● PKCS12 module ● Nice Qt/GTK GUI ● smart-card Inspector ● … or become part of our team and work on the beefy stuff

  33. Agenda  Introduction  Identity Management  eCard-API-Framework  SkIDentity  Open eCard App  Summary

  34. Summary ● Using Hardware-T okens ● prevents most common attacks ● increases privacy ● With a free OSS App, anybody can ● find and report bugs ● create custom applications ● SkIDentity + Open eCard App ● makes strong identities usable

  35. Thank you for your kind attention!

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Incentive Plans for Startups PwC Kellerhals Carrard R em o Schm id , Partner K arim M aizar ,

Incentive Plans for Startups PwC Kellerhals Carrard R em o Schm id , Partner K arim M aizar ,

9/14/18 Swiss Startup Day 25 Septem ber 2018 - Bern Incentive Plans for Startups PwC Kellerhals Carrard R em o Schm id , Partner K arim M aizar , Partner remo.schmid@ch.pwc.com karim.maizar@kellerhals-carrrard.ch +41 58 792 46 08 +41 58 200

520 views • 36 slides
BTRG Offerings Doug Schm idt Solutions Architect The Business & Technology Resource Group

BTRG Offerings Doug Schm idt Solutions Architect The Business & Technology Resource Group

BTRG Offerings Doug Schm idt Solutions Architect The Business & Technology Resource Group (BTRG) Proprietary & Confidential A com prehensive 1 w eek pre-upgrade assessm ent for organizations considering the latest version of PeopleSoft.

696 views • 30 slides
Optimizing Long-Lived CloudNets with Migrations Gregor Schaffrath, St Stefa fan n Sc Schm

Optimizing Long-Lived CloudNets with Migrations Gregor Schaffrath, St Stefa fan n Sc Schm

Optimizing Long-Lived CloudNets with Migrations Gregor Schaffrath, St Stefa fan n Sc Schm hmid id, Anja Feldmann November, 2012 Optimizing Long-Lived CloudNets with Migrations Gregor Schaffrath, St Stefa fan n Sc Schm hmid id, Anja

426 views • 30 slides
Creating accessible fixed layout EPUB3 for schools and colleges Dr Gerald Schm idt Pearson

Creating accessible fixed layout EPUB3 for schools and colleges Dr Gerald Schm idt Pearson

Creating accessible fixed layout EPUB3 for schools and colleges Dr Gerald Schm idt Pearson Schools and Colleges, UK Com plexity cancels accessibility as w ell as ubiquity Over the past year and a half, we have dropped a range of

483 views • 20 slides
CIS 330: Applied Database Systems Lecture 8: SQL Johannes Gehrke johannes@cs.cornell.edu

CIS 330: Applied Database Systems Lecture 8: SQL Johannes Gehrke johannes@cs.cornell.edu

CIS 330: Applied Database Systems Lecture 8: SQL Johannes Gehrke johannes@cs.cornell.edu http://www.cs.cornell.edu/johannes Logistics Get a CD while you can DeZign for Databases The SQL Query Language Developed by IBM (system

898 views • 26 slides
PHP 5.3 Johannes Schlter PHP Roadmap Johannes Schlter 2 PHP 4 Photo: Patricia Hecht

PHP 5.3 Johannes Schlter PHP Roadmap Johannes Schlter 2 PHP 4 Photo: Patricia Hecht

PHP 5.3 Johannes Schlter PHP Roadmap Johannes Schlter 2 PHP 4 Photo: Patricia Hecht Johannes Schlter 3 PHP 5.2 Photo: Gabriele Kantel Johannes Schlter 4 PHP 5.3 Photo: Jamie Sanford Johannes Schlter 5 PHP 6 Photo: G4Glenno

1.11k views • 70 slides
CS330 September 14 and 16, 2005 Enterprise Architectures Johannes Gehrke

CS330 September 14 and 16, 2005 Enterprise Architectures Johannes Gehrke

CS330 September 14 and 16, 2005 Enterprise Architectures Johannes Gehrke johannes@cs.cornell.edu http://www.cs.cornell.edu/johannes (Some of the slides are courtesy of Gustavo Alonso, Fabio Casati, Harumi Kuno, Vijay Machiraju and Ethan

597 views • 26 slides
Three subject asymmetries in Limbum Johannes Hein johannes.hein@uni-potsdam.de ACAL 50

Three subject asymmetries in Limbum Johannes Hein johannes.hein@uni-potsdam.de ACAL 50

Three subject asymmetries in Limbum Johannes Hein johannes.hein@uni-potsdam.de ACAL 50 Vancouver, 2225 May 2019 Funded by the Deutsche Forschungsgemeinschaf (DFG), Collaborative Research Centre SFB 1287, Project C05. J. Hein Subject

540 views • 52 slides
Enterprise Data Analysis and Design Lecture 2: Enterprise Architectures Johannes Gehrke

Enterprise Data Analysis and Design Lecture 2: Enterprise Architectures Johannes Gehrke

Enterprise Data Analysis and Design Lecture 2: Enterprise Architectures Johannes Gehrke johannes@cs.cornell.edu http://www.cs.cornell.edu/johannes (Some of the slides are courtesy of Gustavo Alonso, Fabio Casati, Harumi Kuno, and Vijay

549 views • 23 slides
Urgency Based Scheduler IEEE802.1 Motion Preparation Johannes Specht johannes.specht AT

Urgency Based Scheduler IEEE802.1 Motion Preparation Johannes Specht johannes.specht AT

Urgency Based Scheduler IEEE802.1 Motion Preparation Johannes Specht johannes.specht AT uni-due.de Univ. of Duisburg-Essen Soheil Samii soheil.samii AT gm.com General Motors IEEE 802 November 2015 Plenary, Dallas 1 Purpose of this Slide Set

346 views • 6 slides
Problems and VPNs Johannes Weber Webernetz.net Network Security Consulting #whoami: Johannes

Problems and VPNs Johannes Weber Webernetz.net Network Security Consulting #whoami: Johannes

Dynamic IPv6 Prefix Problems and VPNs Johannes Weber Webernetz.net Network Security Consulting #whoami: Johannes Weber Network Security Consultant @ TV Rheinland i-sec GmbH Firewall VPN/Crypto Routing/Switching Mail

453 views • 30 slides
Relational Algebra and SQL Johannes Gehrke johannes@cs.cornell.edu

Relational Algebra and SQL Johannes Gehrke johannes@cs.cornell.edu

Relational Algebra and SQL Johannes Gehrke johannes@cs.cornell.edu http://www.cs.cornell.edu/johannes Slides from Database Management Systems, 3 rd Edition, Ramakrishnan and Gehrke. Database Management Systems, R. Ramakrishnan and J. Gehrke 1

835 views • 57 slides
CIS 330: Applied Database Systems Lecture 25: XML Schema and XQuery Johannes Gehrke

CIS 330: Applied Database Systems Lecture 25: XML Schema and XQuery Johannes Gehrke

CIS 330: Applied Database Systems Lecture 25: XML Schema and XQuery Johannes Gehrke johannes@cs.cornell.edu http://www.cs.cornell.edu/johannes Some slides courtesy of Dan Suciu. Lecture Overview Two topics today: XML Schema

377 views • 17 slides
Enterprise Data Analysis and Design Lecture 1: Introduction to Database Technology Johannes

Enterprise Data Analysis and Design Lecture 1: Introduction to Database Technology Johannes

Enterprise Data Analysis and Design Lecture 1: Introduction to Database Technology Johannes Gehrke johannes@cs.cornell.edu http://www.cs.cornell.edu/johannes Course Goals Architectures of modern enterprise information systems

416 views • 23 slides
Q Questions to an expert ti t t Problems related to drying of hardwood Johannes Welling

Q Questions to an expert ti t t Problems related to drying of hardwood Johannes Welling

Q Questions to an expert ti t t Problems related to drying of hardwood Johannes Welling Johannes Welling EDG Seminar in Bled 2009 Johannes Welling Table of content Introduction Why is drying of hardwood so difficult?

314 views • 18 slides
Simulating Space Use of Animals from RSF and SSF Johannes Signer ( signer_j) Wildlife

Simulating Space Use of Animals from RSF and SSF Johannes Signer ( signer_j) Wildlife

Simulating Space Use of Animals from RSF and SSF Johannes Signer ( signer_j) Wildlife Sciences, Georg-August-Universitt Gttingen Movebank Workshop SCENE 2019-05-02 Johannes Signer ( jsigner@gwdg.de, signer_j, jmsigner) 1/18

338 views • 33 slides
Aid and Governance With a focus on Africa Verena Fritz Sr Public Sector Specialist World Bank

Aid and Governance With a focus on Africa Verena Fritz Sr Public Sector Specialist World Bank

Aid and Governance With a focus on Africa Verena Fritz Sr Public Sector Specialist World Bank Group Context Major shifts with the end of the cold war Rising attention to and emphasis on governance Adoption of the Governance and

820 views • 8 slides
Foreign Keys Local and Global Constraints Triggers A constraint is a

Foreign Keys Local and Global Constraints Triggers A constraint is a

Foreign Keys Local and Global Constraints Triggers A constraint is a relationship among data elements enforced by the DBMS. Example: key constraints. Triggers are operations that are executed when a

821 views • 46 slides
2016.06.03 /

2016.06.03 /

2016.06.03 / : - , (2008- ) - (NCsoft) (2006-2008) -

897 views • 61 slides
THE EUROPEAN COURT OF AUDITORS Procurement in European funded pre-accession projects Public

THE EUROPEAN COURT OF AUDITORS Procurement in European funded pre-accession projects Public

THE EUROPEAN COURT OF AUDITORS Procurement in European funded pre-accession projects Public procurement seminar Lisbon 14 Oct 2010 afasdfa European Court of Auditors 12, rue Alcide De Gasperi L - 1615 LUXEMBOURG Tel.: +352 4398-1 Fax: +352

299 views • 11 slides
Des petits bugs aux virus Quelques travaux et tudes au Laboratoire de Haute Scurit du Loria

Des petits bugs aux virus Quelques travaux et tudes au Laboratoire de Haute Scurit du Loria

Des petits bugs aux virus Quelques travaux et tudes au Laboratoire de Haute Scurit du Loria Jean-Yves Marion ! Advertising networks Compromised Web applications XSS SQL Injection Data User User browser Java/PHP http

579 views • 16 slides
Computable Transformations of Structures Russell Miller Queens College & CUNY Graduate

Computable Transformations of Structures Russell Miller Queens College & CUNY Graduate

Computable Transformations of Structures Russell Miller Queens College & CUNY Graduate Center Computability in Europe Turku, Finland 12 June 2017 Slides available at qcpages.qc.cuny.edu/rmiller/slides.html Russell Miller (CUNY)

542 views • 22 slides
for Our Communities Launch of 2019 Prosperity Now Scorecard Local Data July 16, 2019 Welcome

for Our Communities Launch of 2019 Prosperity Now Scorecard Local Data July 16, 2019 Welcome

Plotting a Path to Prosperity for Our Communities Launch of 2019 Prosperity Now Scorecard Local Data July 16, 2019 Welcome Kasey Wiedrich Director of Applied Research Prosperity Now Housekeeping This webinar is being recorded and will

935 views • 59 slides
CUOC SI Course 01 Feb 2016 Pre-requisites Download and install stuff You should have the

CUOC SI Course 01 Feb 2016 Pre-requisites Download and install stuff You should have the

CUOC SI Course 01 Feb 2016 Pre-requisites Download and install stuff You should have the following software installed: Purple Pen SiConfig SI USB Driver Java Geco Purple Pen Export XML file SI Hardware SI boxes SI

658 views • 40 slides

More recommend