You are on page 1of 14

SIEMENS

DigIDentity
Innovation in Dutch e-ID Landscape

Elisabeth de Leeuw
Business Consultant Security & Identity Management
Siemens IT Solutions & Services

e-mail elisabeth.de.leeuw@siemens.com
skype elisabeth.de.leeuw
scribd www.scribd.com/people/view/3513920-elisabeth-de-leeuw
Confidential / Copyright © Siemens AG 2010. All right reserved.
Page 1 December 2010 Siemens IT Solutions and Services
DigIDentity
Innovation in Dutch e-ID Landscape

Context: Framework e-Herkenning


• Federated identity & access management (SSO)

• Public & private sector

• Multiple providers, multiple credentials

• Both new and existing providers

• Primary use G2B; also G2G, G2C

• Compatible with international infrastructure

Confidential / Copyright © Siemens AG 2010. All right reserved.


Page 2 de Leeuw
Elisabeth March 4, 2011 March
Page2, 22011 Siemens ITSiemens
SolutionsITand
Solutions and
Services Services
B.V., B.V., Zoetermeer
Zoetermeer
Page 2 December 2010 Siemens IT Solutions and Services
DigIDentity
Innovation in Dutch e-ID Landscape

Partnership
Between Digidentity and Siemens IT Solutions & Services

• Common market approach


• Digidentity: software & services
• Siemens IT Solutions & Services: infrastructure

Confidential / Copyright © Siemens AG 2010. All right reserved.


Page 3 de Leeuw
Elisabeth March 4, 2011 March
Page2, 32011 Siemens ITSiemens
SolutionsITand
Solutions and
Services Services
B.V., B.V., Zoetermeer
Zoetermeer
Page 3 December 2010 Siemens IT Solutions and Services
DigIDentity
Innovation in Dutch e-ID Landscape

DigIDentity Roles and Processes


Roles
• NP Natural Person
• PR PRivateparty (companies, NGO's)
• PU PUblicparty: government organizations offering e-services
• IB Identity Broker: connection between PR, PU and EB
• EB Entitlement Broker: management and judgment of entitlements
• CI Credential Issuer: issuing, management and verification of credentials
•R Router: routing of requests from PR via EB to CI

Process sequence
• NP –> PR –> PU –> IB –> EB –> CI–> PU –> PR -> NP
R
Confidential / Copyright © Siemens AG 2010. All right reserved.
Page 4 de Leeuw
Elisabeth March 4, 2011 March
Page2, 42011 Siemens ITSiemens
SolutionsITand
Solutions and
Services Services
B.V., B.V., Zoetermeer
Zoetermeer
Page 4 December 2010 Siemens IT Solutions and Services
DigIDentity
Innovation in Dutch e-ID Landscape

Siemens versus DigIDentity


( )

Confidential / Copyright © Siemens AG 2010. All right reserved.


Page 5 de Leeuw
Elisabeth March 4, 2011 March
Page2, 52011 Siemens ITSiemens
SolutionsITand
Solutions and
Services Services
B.V., B.V., Zoetermeer
Zoetermeer
Page 5 December 2010 Siemens IT Solutions and Services
DigIDentity
Innovation in Dutch e-ID Landscape

DigIDentity

From piles of cards & wallets to a single virtual smart card


Confidential / Copyright © Siemens AG 2010. All right reserved.
Page 6 de Leeuw
Elisabeth March 4, 2011 March
Page2, 62011 Siemens ITSiemens
SolutionsITand
Solutions and
Services Services
B.V., B.V., Zoetermeer
Zoetermeer
Page 6 December 2010 Siemens IT Solutions and Services
DigIDentity
Innovation in Dutch e-ID Landscape

DigIDentity
Passport, vault, visa

Confidential / Copyright © Siemens AG 2010. All right reserved.


Page 7 de Leeuw
Elisabeth March 4, 2011 March
Page2, 72011 Siemens ITSiemens
SolutionsITand
Solutions and
Services Services
B.V., B.V., Zoetermeer
Zoetermeer
Page 7 December 2010 Siemens IT Solutions and Services
DigIDentity
Innovation in Dutch e-ID Landscape

Digidentity Trust Levels

R K
STO 1
Levels of Trust
Level Registration Credentials
2
1 Low No or minimal control of identity (e-mail User name +
address); check of association with company password
3
at Chamber of Commerce
2 Medium Level 1 + Check of copy of ID, bank Level 1 + one
transaction; delivery by secure (e-)mail time password
4 (SMS, token),
certificate
3 High Level 2 + Distance check of original ID Level 2 + bank
card
4 Very high Level 3 + Face to face check of original ID Level 3 +
Page 8 de Leeuw
Elisabeth
Page 8
March 4, 2011
December 2010
March
Page2, 82011 Siemens ITSiemens
SolutionsITand
Solutions
Servicesand qualified
Services
B.V., (PKI)
Confidential / Copyright © Siemens AG 2010. All right reserved.
B.V., Zoetermeer
Zoetermeer
Siemens IT Solutions and Services
certificates
DigIDentity
Innovation in Dutch e-ID Landscape

DigIDentity

E-mail = Level 1 = Level 2 = Level 3


address + + +
+ copy certificate face to face
ideal passport identification
payment

Level 1 Level 2 Level 3 Level 4

Levels of Trust
in agreement with STORK deliverable D2.3 - Chapter 1 and 2

Confidential / Copyright © Siemens AG 2010. All right reserved.


Page 9 de Leeuw
Elisabeth March 4, 2011 March
Page2, 92011 Siemens ITSiemens
SolutionsITand
Solutions and
Services Services
B.V., B.V., Zoetermeer
Zoetermeer
Page 9 December 2010 Siemens IT Solutions and Services
DigIDentity
Innovation in Dutch e-ID Landscape

DigIDentity
Verification Level 1 Level 2 Level 3 Level 4
Authentication
e-mail * * * *
and
mobile phone * * * *
verification
home address * * * *
surname * * * *
passport registry check * * *

face to face identification *

Authentication
username and password * * * *
one time password (SMS) * * *
pin code * *

Confidential / Copyright © Siemens AG 2010. All right reserved.


Page 10 de Leeuw
Elisabeth March 4, 2011 March
Page2, 10
2011 Siemens ITSiemens
SolutionsITand
Solutions and
Services Services
B.V., B.V., Zoetermeer
Zoetermeer
Page 10 December 2010 Siemens IT Solutions and Services
DigIDentity
Innovation in Dutch e-ID Landscape

Considerations
Single identity - single point of failure
Single source of truth - single point of failure

Copy of passport – tamper proof?


One identity - multiple business cases
Single card – multiple customer liabilities
Multiple administrations – synchronization and integrity
Electronic authentication – proof of free will?

Current robustness in accordance with current threat level –


future threats proportional to future utilization
Confidential / Copyright © Siemens AG 2010. All right reserved.
Page 11 de Leeuw
Elisabeth March 4, 2011 March
Page2, 11
2011 Siemens ITSiemens
SolutionsITand
Solutions and
Services Services
B.V., B.V., Zoetermeer
Zoetermeer
Page 11 December 2010 Siemens IT Solutions and Services
DigIDentity
Innovation in Dutch e-ID Landscape

Confidential / Copyright © Siemens AG 2010. All right reserved.


Elisabeth de Leeuw March 4, 2011 Page 12 Siemens IT Solutions and Services B.V., Zoetermeer
Page 12 December 2010 Siemens IT Solutions and Services
SIEMENS

DigIDentity
Thank you for listening !

Elisabeth de Leeuw
Business Consultant Security & Identity Management
Siemens IT Solutions & Services

e-mail elisabeth.de.leeuw@siemens.com
skype elisabeth.de.leeuw
scribd www.scribd.com/people/view/3513920-elisabeth-de-leeuw
Confidential / Copyright © Siemens AG 2010. All right reserved.
Page 13 December 2010 Siemens IT Solutions and Services
DigIDentity
Innovation in Dutch e-ID Landscape

Summary
DigIDentity: Innovation in Dutch e-ID Landscape

Within the Dutch eID framework a Siemens / Digidentity Consortium offers


authentication and authorization services in the cloud, compliant with
up to STORK level 4. Virtual smart cards, fit for multi-party authorization and
electronic vaults are part of the solution.

Short biography Elisabeth de Leeuw

Elisabeth has a vast experience in IT- and business consulting. She brings a
strategic and innovative approach to the disciplines of information security and
identity management, at the cutting edge of business and technology. Besides,
she is author and editor of a number of publications, among which IFIP IDMAN
Proceedings (published by Springer).

Confidential / Copyright © Siemens AG 2010. All right reserved.


Elisabeth de Leeuw March 4, 2011 Page 14 Siemens IT Solutions and Services B.V., Zoetermeer
Page 14 December 2010 Siemens IT Solutions and Services