©2013 Nokia Solutions and Networks. All rights reserved.

Restrictive download of documents Robert Seidl, Nokia Solutions and Networks

10/04/14 TDL / v.0.5 / Nokia Solutions and Networks / Robert Seidl

2 ©2013 Nokia Solutions and Networks. All rights reserved.

Introduction to the FI-WARE project

FI-WARE security chapter: combined demonstrator

Anonymous access to file store service

Policy based access to resources

Use of zero knowledge proof technology (Idemix)

10/04/14

Content

TDL / v.0.5 / Nokia Solutions and Networks / Robert Seidl

3 ©2013 Nokia Solutions and Networks. All rights reserved. 10/04/14

Our Objective FI-WARE

TDL / v.0.5 / Nokia Solutions and Networks / Robert Seidl

4 ©2013 Nokia Solutions and Networks. All rights reserved. 10/04/14

Use-Case Areas FI-WARE

TDL / v.0.5 / Nokia Solutions and Networks / Robert Seidl

5 ©2013 Nokia Solutions and Networks. All rights reserved. 10/04/14

Core Platform Architecture FI-WARE

TDL / v.0.5 / Nokia Solutions and Networks / Robert Seidl

6 ©2013 Nokia Solutions and Networks. All rights reserved.

Privacy

FI-WARE Security Chapter A collection of Generic Enablers (GE) for Security Functionality

TDL / v.0.5 / Nokia Solutions and Networks / Robert Seidl 10/04/14

7 ©2013 Nokia Solutions and Networks. All rights reserved. 10/04/14

Data Handling GE FI-WARE Security Chapter

Ø  Focuses on revealing specific attributes or other data according to defined privacy and security conditions

Ø Deploys PPL language based on XACML to describe preferences and policies

Ø Attaches these preferences and policies to the data

Ø Allows definition of a specific retention period

TDL / v.0.5 / Nokia Solutions and Networks / Robert Seidl

8 ©2013 Nokia Solutions and Networks. All rights reserved. 10/04/14

Privacy-Preserving Authentication GE FI-WARE Security Chapter

Ø Provides building blocks to implement all roles of a privacy-preserving authentication system

Ø Based on Idemix crypto engine

Ø  In particular, it allows ü  identity providers to setup an online service for issuing privacy-

preserving attribute-based credentials (aka anonymous credentials)

ü  end users to generate privacy-preserving tokens to anonymously authenticate to service providers

ü  service providers to verify the user-generated tokens with respect to a given access policy

TDL / v.0.5 / Nokia Solutions and Networks / Robert Seidl

9 ©2013 Nokia Solutions and Networks. All rights reserved. 10/04/14

Identity Management – DigitalSelf GE FI-WARE Security Chapter

Ø Encompasses a number of aspects involved with users' access to networks, services and applications, including

ü  Secure and private authentication

ü  ‘Authorisation & Trust’ management

ü  ‘User Profile’ management

ü  Self management of personal data

ü  ‘Single Sign-On’ (SSO) to service domains

ü  ‘Identity Federation’ towards applications

TDL / v.0.5 / Nokia Solutions and Networks / Robert Seidl

10 ©2013 Nokia Solutions and Networks. All rights reserved. 10/04/14

Combined Demonstrator FI-WARE Security Chapter

WP8 Combined Demonstrator on Ø  Identity Management GE (NSN) Ø  Data Handling GE (SAP) Ø  Privacy GE (IBM)

>> Taking privacy work from ABC4Trust project Making it work in the FI-WARE Platform <<

TDL / v.0.5 / Nokia Solutions and Networks / Robert Seidl

11 ©2013 Nokia Solutions and Networks. All rights reserved. 10/04/14

Description of Use-Case FI-WARE WP8 Combined Demonstrator

TDL / v.0.5 / Nokia Solutions and Networks / Robert Seidl

Demonstrator illustrates: Ø Anonymous access to file store service Ø Policy based access to resources Ø Use of zero knowledge proof technology (Idemix)

By use of the Generic Enablers: Ø Data Handling GE: An enhanced file store service allows access to resources based on “sticky” policies Ø Privacy GE: Provides building blocks for ‘User in the Cloud’, ‘Verifier as a Service’ and ‘Issuer Service’ Ø Identity GE: An enhanced IDM system provides attributes (PII) needed for issuing credentials

Result: Ø While respecting privacy of the user, selective attribute sharing will be supported

restricted to the ‘need to know’ principle.

12 ©2013 Nokia Solutions and Networks. All rights reserved. 10/04/14

High Level Architecture: Enrolment FI-WARE WP8 Combined Demonstrator

TDL / v.0.5 / Nokia Solutions and Networks / Robert Seidl

Iden%ty  Agent  /  user  in  the  cloud  

Web  Service          

Privacy  GE  User  

Iden%ty  Mgnt.  System  /  Issuer  

Auth  Server  

DS  Portal  

Data  Gateway  

User login credentials for accessing Issuer Verified User attributes

Web  Service        

Privacy  GE  

Issuer  

Privacy GE (IBM)

IdM GE (NSN)

Data Handling GE (SAP)

User Privacy GE credentials

13 ©2013 Nokia Solutions and Networks. All rights reserved. 10/04/14

High Level Architecture: Use-Case FI-WARE WP8 Combined Demonstrator

TDL / v.0.5 / Nokia Solutions and Networks / Robert Seidl

Iden%ty  Agent  /  user  in  the  cloud  

Verifier  

                     File  Store  

Web  GUI  Privacy GE (IBM)

IdM GE (NSN)

Data Handling GE (SAP)

Map storing verification policies based on policy ID File Store login credential for accessing Verifier

Web  Service        

Privacy  GE  

Verifier  

Web  Service          

Privacy  GE  User  

Map storing verification policy, verifier URL and resource URL based on nonce Map storing policy IDs based on resources File Store login credential for accessing Verifier

14 ©2013 Nokia Solutions and Networks. All rights reserved. 10/04/14

Snapshots of the Demo FI-WARE WP8 Combined Demonstrator

TDL / v.0.5 / Nokia Solutions and Networks / Robert Seidl

15 ©2013 Nokia Solutions and Networks. All rights reserved. 10/04/14 TDL / v.0.5 / Nokia Solutions and Networks / Robert Seidl

Questions and Answers FI-WARE WP8 Combined Demonstrator

? ?

? ? …

robert.seidl@nsn.com https://abc4trust.eu http://www.fi-ware.org http://catalogue.fi-ware.org

©2013 Nokia Solutions and Networks. All rights reserved.

Thank you robert.seidl@nsn.com