SWEBSWEBSWEB Security and Privacy Technologies –

Implementation Aspects

Venue: SWEB Day in APV, Novi Sad

Author(s): Dr. Milan Marković

Organisations: MISANU Belgrade

Date: 26/03/2009

SWEBSWEBSWEB user types

JAVA mobile client

.NET mobile client

SELIS client

Civil Servant client

SWEBSWEBSecurity of communications between the client and SWEB platform

XML signature

Time Stamping

SAML token

WS-Security (WS-Encryption and/or WS-Signature)

SWEBSWEBUser authentication and authorization

Username/password to access the client application and

asymmetric private key

User’s digital certificate to be authenticated by the STS server

SAML token issued to the user for authentication to the particular

service

User profile (digital certificate) for user authorization to the platform

SWEBSWEBSecure communication between two SWEB platforms

Digital certificate for authentication to the STS server

SAML token for authentication to the service

User’s profile (digital certificate) for user authorization

SWEBSWEBIdentities of users

Digital certificates

PKI hierarchy

XKMS for certificate locating (LocateRequest) and

validating (ValidateRequest)

SWEBSWEB

SWEBSWEB

SWEBSWEB

The Residence Certification Service Cross-Border request scenario

SWEBSWEBSWEB Security Aspects Summary

X.509 certificate XML Digital Signatures and Encryption WS-security Time stamping Federation Identity - Security Token (SAML) XKMS Smart cards for Civil Servants Future upgrade include PKI SIM cards

SWEBSWEBFuture research directions

Implementing JAVA mobile application into the JAVA CDC 1.1 enabled mobile devices

Full implementation of advanced electronic signature formats (e.g. XAdeS)

Integration of PKI SIM technology in the Mobile Client application

Using SWEB-like system for other PKI based e/m-governmental services (strong user authentication to other e-gov web portals, signing documents prepared through some other communication channels, qualified signatures, etc.)

SWEBSWEB

Thank You!!