Presentation is loading. Please wait.

Presentation is loading. Please wait.

Olli Jussila Adaptive R&D TeliaSonera. TERENA EuroCAMP 2007 Helsinki 23/02/07 Page 2 Agenda TeliaSonera at a glance Project presentation Technical results.

Similar presentations


Presentation on theme: "Olli Jussila Adaptive R&D TeliaSonera. TERENA EuroCAMP 2007 Helsinki 23/02/07 Page 2 Agenda TeliaSonera at a glance Project presentation Technical results."— Presentation transcript:

1 Olli Jussila Adaptive R&D TeliaSonera

2 TERENA EuroCAMP 2007 Helsinki 23/02/07 Page 2 Agenda TeliaSonera at a glance Project presentation Technical results Business model and actor benefits End user experience Dissemination activities Conclusion

3 The Nordic and Baltic leader in telecommunications E S T O N I A L A T V I AL I T H U A N I A F I N L A N DS W E D E ND E N M A R K N O R W A Y 23.5 million customers Number of Customers as of December, 2006 Number of employees: 28,000 Net sales 2006 EUR 9790 million Strong positions in mobile in Eurasia, Russia and Turkey through subsidiaries and associated companies Mobile services launched in Spain at the end of 2006

4 TERENA EuroCAMP 2007 Helsinki 23/02/07 Page 4 Identity Management Nightmare ! Multiple accounts, multiple credentials everywhere

5 TERENA EuroCAMP 2007 Helsinki 23/02/07 Page 5 Circle of trust WSP Attribute Provider Profiles The Liberty solution Identifiers IDP Identity Provider SP Service Provider Sign on SPs with my IDP account 1 Id-ff 3 Share My personal information Id- wsf 2 Single Sign On To other website Id-ff

6 TERENA EuroCAMP 2007 Helsinki 23/02/07 Page 6 FIDELITY –project assumptions Potential Identity Providers and Circles of Trust are numerous Users will navigate among these Circles of Trust One CoT should be able to establish trust relations with another CoT to allow Identity roaming

7 TERENA EuroCAMP 2007 Helsinki 23/02/07 Page 7 FIDELITY –project in a nutshell Set up 4 heterogeneous Circles of Trust Deploy strong authentication mechanisms Demonstrate the inter-operability of these Circles of Trust regarding: –Liberty Alliance technical specifications –Business model –EU legal constraints –User experience Provide standardisation and implementation contributions

8 TERENA EuroCAMP 2007 Helsinki 23/02/07 Page 8 FIDELITY –project members 4 telcos, setting up the CoTs : –France Telecom, Amena, Telenor, TeliaSonera 3 industrial partners, providing ID platforms and software – Ericsson, Gemalto, Italtel 3 SMEs, and 1 university, providing specific skills and software –TB-Security, Linus, Moviquity, Oslo university college

9 TERENA EuroCAMP 2007 Helsinki 23/02/07 Page 9 FIDELITY final results Technical results

10 TERENA EuroCAMP 2007 Helsinki 23/02/07 Page 10 Implementation of principal COTs/interCOT infrastructure and services The four CoTs in France, Finland, Norway and Spain have been established. Each CoT has –an Identity Provider –some Service Providers with Web service consumers WSC –and some Attribute Providers (Web service providers WSP) In each COT: –ID-FF V1.2 (Identity Federation and SSO) has been fully tested –ID-WSF V1.1(Identity Web Service Framework) has been tested Product from different vendors have been used in order to test interoperability of Liberty software implementation

11 TERENA EuroCAMP 2007 Helsinki 23/02/07 Page 11 Architecture and Information flow (simplified view) Service Provider with WSC V-IdP V-DS H-IdP H-DS H- WSP 1 V-CoT H-CoT A user access a service 2. SP re-directs user to V-IDP 3. V-IDP re-directs/proxies user to H- IDP 4. H-IDP maps the authentication context request of V-IDP and authenticates a user Auth. assertion including DS info is returned and to V-IDP and V-SP 7-8. SP (WSC) requests end point of H-WSP from H-DS SP (WSC) requests service from H-WSP 11. According privacy settings H-WSP initiates user-consent process via SP and Interaction service. WSP is also able to request stronger authentication via WSC/SP

12 TERENA EuroCAMP 2007 Helsinki 23/02/07 Page 12 The French CoT IDP Identity Provider WSP Personal Profile WSP Geolocation Profile WSP Wallet Profile SP Where Restaurant SP Student exchange SP Book a Hotel IDP Technical DS User/passord EAP/SIM + password Software PKI SP Attribute registration SP Wallet registration

13 TERENA EuroCAMP 2007 Helsinki 23/02/07 Page 13 The Finnish CoT IDP / DS Identity Provider WSP Personal Profile WSP Geoloc Profile WSP Calendar Profile WSP Wallet Profile SP Where Restaurant SP Register with a mobile SP Book A Hotel SP Privacy Manager User/passord OT sms (+ password) WPKI EAP / SIM GPRS HLR WSP Student Profile

14 TERENA EuroCAMP 2007 Helsinki 23/02/07 Page 14 InterCoT Single Sign On Authentication Contexts User Agent V-SPV-IDPH-IDP 2. PC EAP/SIM please? 8.Authenticated ok, empty context Or Requested context 7. Mobile USB-OTP 4. PC EAP/SIM please? 5. Some other from the same level? 6. Authentication with the user 1. User accesses service provider 3.

15 TERENA EuroCAMP 2007 Helsinki 23/02/07 Page 15 InterCoT attribute sharing (ID-WSF) InterCoT Discovery Service –Direct Access. By using this method, the V-WSC requests directly the Discovery Service of the H-CoT (H-DS) –DS-proxying. By using this method, the Discovery Service of the V-CoT (V-DS) acts as a DS-proxy between the V-WSC and the H-DS. –DS-chaining. By using this method, the V-WSC requests first the V-DS which redirects it to the H-DS. If direct access is used, then we recommend the deployment of a Trust model based on PKI Tested

16 TERENA EuroCAMP 2007 Helsinki 23/02/07 Page 16 ID-WSF trust model for attribute sharing – IntraCoT vs. InterCoT In IntraCoT, every (H-)SP – (H-)WSP pair has a direct business agreement implying direct trust relationship –Technically, the trust between ID-WSF entities is established by exchanging metadatas on a bilateral basis In InterCoT, the business agreements are established only between IDPs but there is no direct business relationship between V-SP and H- WSP –Technically, exchanging metadatas between every V-SP – H-WSP pair would be far too exhaustive provisioning of metadatas would require too much effort Fidelity PKI trust model enables business model for InterCoT attribute sharing between V-SP and H-WSP –Technically, this is implemented by using hierarchical certificate path validation (RFC3280)

17 TERENA EuroCAMP 2007 Helsinki 23/02/07 Page 17 IDP 2 WSP IDP CoT CA Root InterCoT Relationship Establishment CA certificate exchange CoT CA Root SP WSP SP IDPs exchange the CA certificate chains, and delivers them to their other IntraCoT entities (SPs and WSPs)

18 TERENA EuroCAMP 2007 Helsinki 23/02/07 Page 18 WSP CoT CA cert Root CA cert InterCoT Relationship Establishment SP / WSC Visited CoT Home CoT Service request SP cert includes CoT CRL CoT CA Certification revocation status check trusts is associated with Compliant with RFC3280

19 TERENA EuroCAMP 2007 Helsinki 23/02/07 Page 19 FIDELITY final results Business Scenarios, Actors benefits

20 TERENA EuroCAMP 2007 Helsinki 23/02/07 Page 20 Business scenarios Closed Scenario: –Single Company IDP and SP Open Scenario: –Telecom as IDP for external SP Inter-CoT Scenario: –Telecom Operator alliances with internal and external SPs Inter-CoT Scenario Multi- domains –Multi domain IDP alliances with internal and external SPs ID P SP IDs SP IDs ID P SP IDs SP IDs ID P SP IDs SP IDs

21 TERENA EuroCAMP 2007 Helsinki 23/02/07 Page 21 Actors Benefits Identity Provider –Large user base –Attract new user –Enforce their trust relation with the user –Offer (sell) strong and complex authentication methods Service Providers –Attract users –Simplify local user management –Use Strong authentication –Rely on user identity attributes User –Simple and secure authentication –Ease of attribute management, control of data dissemination –Respect of his privacy More users More services The virtuous circle :

22 TERENA EuroCAMP 2007 Helsinki 23/02/07 Page 22 FIDELITY final results End User Experience

23 TERENA EuroCAMP 2007 Helsinki 23/02/07 Page 23 Concepts explanation and representation –Explain to the user what is a CoT, what is CoCoT –Represent concepts with pictures: Circle of Trust (CoT) and Circle of CoT (CoCoT) CoCoT logo/brand CoT logo/brand Key = SP credentials Master Key = IDP credentials CoT Homepage –Disclaimer –SSO description –Attribute sharing description –List of the SP belonging to the CoT –Map of the CoT and the CoT's partners (CoCoT) –Registration area –Personal area for registered users

24 TERENA EuroCAMP 2007 Helsinki 23/02/07 Page 24 FIDELITY final results Dissemination activities

25 TERENA EuroCAMP 2007 Helsinki 23/02/07 Page 25 Advisory Boards in each telco Liberty Meetings (plenary, TEG) 3GSM World Congress 2007 IST 2006 E challenge ISSE in Roma Internet Global Congress Barcelona Security and identity management event in Barcelone France Telecom R&D result event in Paris Telecom I+D, Madrid Celtic and Eureka events Website : Demo Kit : Public documents : Standardization activities (Wallet + calendar ID-WSF Serv. Interf. spec) Fidelity: Dissemination

26 TERENA EuroCAMP 2007 Helsinki 23/02/07 Page 26 Conclusion of the FIDELITY project From a technical, business, legal and ergonomic point of view, Liberty solves the IDM issue and can be extended to InterCoT. –But read our public recommendations anyway… The very good cooperation and acceptance between all partners was the basis for the success of the project. The consortium is satisfied with the results obtained and will now begin to exploit them.

27 TERENA EuroCAMP 2007 Helsinki 23/02/07 Page 27 Thank you for your attention Any questions?


Download ppt "Olli Jussila Adaptive R&D TeliaSonera. TERENA EuroCAMP 2007 Helsinki 23/02/07 Page 2 Agenda TeliaSonera at a glance Project presentation Technical results."

Similar presentations


Ads by Google