Presentation is loading. Please wait.

Presentation is loading. Please wait.

PRIME and MoodlePKI José Luis Villarig García Webmaster www.lefis.org University of Zaragoza.

Published byArlene Carr Modified over 8 years ago

Similar presentations

Presentation on theme: "PRIME and MoodlePKI José Luis Villarig García Webmaster www.lefis.org University of Zaragoza."— Presentation transcript:

1 PRIME and MoodlePKI José Luis Villarig García Webmaster www.lefis.org University of Zaragoza

2 Presentation PRIME: European project to create an Identity Management System and provide guides for developers to follow its philosophy. Moodle: CMS, documents management and online courses management.Moodle MoodlePKI: Moodle extension developed for www.lefis.org which joins Moodle with PKI tecnologies. www.lefis.org –Objective: to make MoodlePKI follow PRIME philosophy and directives.

3 PRIME: Index PRIME –The Information Society –Risks in the IS –Can technologies help?: PRIME –PRIME The user The services provider The project Current state

4 The Information Society IT is improving services: –space, time ↓ => cost, energy, waste ↓ Technology has a huge potential to offer personalized and contextual services, which can bring more benefits in terms of convenience, effectiveness and efficiency. This depends on quality and availability of personal information to service providers –Importance of the right to privacy.

5 Risks in the IS Cost is no longer a major barrier to the collection of personal information => commonplace practice. –In the real world, we decide what information to give and when. Personal data are analysed to profile people and offer more personalized offers to gain a competitive edge. Risks: –Loss in privacy –SPAM –“Bad clients” lists. –SCAMs, frauds, phishing –Respect laws: Data protection, E-Commerce Directive...

6 Can technologies help?: PRIME There are lots of solutions for the problems or their consequences: –PKI systems. –Firewalls –Antivirus –… However, very few of them show users which data they are sending: that is PRIME’s principal focus.

7 PRIME: the user User-controlled identity management system where all the players concerned act together, mediated by technology to enforce the rules set by law and the contracting partners. The user has control of personal information and negotiates its disclosure in return for access to a service  agreement between the user and the service provider whereby the provider collects personal data for a stated purpose (which may include transmission of these data to other actors). All act within the bounds of law and the agreed terms between them. The PRIME project wants to create a prototype where the preceeding is made in every context. –Middleware.

8 PRIME: The service providers The service providers are fitted with appropiate counterparts of the user’s digital assistant integrated with their infrastructure: applications, databases, privacy policies, etc. Ensuring fulfillment of the agreement: –Gives users access to their disclosed data. –Facilitates dispute resolution. –Enables transfer of personal data on behalf of the individuals, with their consent, to other providers. –Enables the providers to negotiate agreements between themselves in strict compliance with the original agreement made with the user.

9 THE PRIME project The PRIME Consortium consists of 20 member organisations from industry (IBM, HP, Swisscom), universities (Milano, Kastadst), research centres and data protection. It receives a research funding of about 13M euros from the European Union's Sixth Framework Programme and the Swiss Federal Office for Education and Science. Its main purpose is developing the PRIME software mentioned before. Partial prototypes in some scenarios: E-Learning Pharmacy Finder Airport Security –Its developing is private. Only public videos can be found on PRIME webpage. –They are only small “aproximations” to PRIME final objective.

10 PRIME: actual state There aren’t PRIME prototypes Only partial and “close” developings in initial fase. PRIME has stated the basics and philosophy for the developing of the prototype => what requisites a IMS should comply, according to PRIME. A lot of tutorials and documents constating the importance of security and privacy and how to ensure it. More information: http://www.prime-project.euhttp://www.prime-project.eu

11 Moodle and MoodlePKI: Index What is Moodle? Why Moodle on www.lefis.orgwww.lefis.org What MoodlePKI is System Design –Presentation modifications –Redirection –Authentification component –User accounts Future tasks

12 Moodle Moodle is: –A CMS, Content Management System –Online curses creation –Documentation Management System. Moodle web: http://moodle.orghttp://moodle.org

13 Why Moodle on www.lefis.org Main requisites observed on 2003 for www.lefis.org:www.lefis.org –Public part, which offers on Internet information about the project. –Needed a private workspace and a private contents part. –The private workspace should allow the project members to make their tasks, provide access to information and to project results. –Accesibility: Only a web browser should be needed. –Security requeriments. This requisites are only concrete cases of using CMS, groupware, process management…

14 MoodlePKI MoodlePKI is a project about security in information systems based on PKI which allows Moodle to respect the most exigent security standards. Initial application in www.lefis.orgwww.lefis.org In a place like Moodle, garanties can be needed about users identification, privacy, document vality, etc.  Providing Moodle with PKI techniques like: –Users identification and access control using digital certificates. –Electronic firm operations for sending documents. –Ensure security on communications –Using a encriptation system. –Electronic firm to ensure validation of the system objects (ie. documents, messages and forum posts). It can be made using PKI infraestructures and free software.

15 System Design Presentation modifications Design criteriums about aspect and posibilities of structure and organization of the graphical aspect of Moodle. These modifications (most of them about organization) changes the use and aspect of Moodle blocks and add other components. Redirection The user connects to www.lefis.org. In some moment, when the user attempts to access a protected content (for example, adding posts on news), Moodle calls to /login/index.php using HTTPwww.lefis.org /login/index.php has been modified to call an specific component for authentification tasks, making this authentification by https.

16 System Design 2: Authentification component After making a HTTPS connection, the user’s browser is forced to show the digital certificates stored: –It varies depending on the browser’s configuration. The authentification service obtains the certificate as a parameter of the secure connection. The web service that validates certificates and returns control information to Moodle works simultaneusly with digital certificates issued by different CA if we identify them as valid: –Spanish “Fábrica Nacional de Moneda y Timbre” certificates recognition is now on test phase.

17 System Design 3: User accounts A new user in the system meant a new PKI user, a new entry in the lefis database and a new moodle account  the information was replicated in three databases. The three databases are necesary. The key used to identify people and which allows to associate OpenCA accounts which Moodle ones is “email”. Moodle applications for changing user data will be still there. –A task for the future will be that those modifications are made to the lefis database also so that Moodle’s database will at all time have congruent data with lefis database. When a user without a moodle account but with certificate and an entry on the lefis database enters the system, a new moodle account is made automatically in a transparent way. Error cases analized and solved: –No certificate givenNo certificate given –Bad certificateBad certificate –...

18 MoodlePKI future tasks Report generation Digital library system Complete integration of lefis database with moodle Workspaces for the WG. Exporting MoodlePKI as a module: –MoodlePKI is not yet an independent module. –We plan to improve it and make a module that can be used in other situations. MoodlePKI and PRIME –Without a PRIME prototype it is almost impossible to know how MoodlePKI will integrate with the PRIME solution. –However, some of the PRIME guides are present in MoodlePKI and our objective is to continue that path (for example, informing the user with detail of the use of all their data. Final security revision. … Other tasks to be foreseen.

Download ppt "PRIME and MoodlePKI José Luis Villarig García Webmaster www.lefis.org University of Zaragoza."

Similar presentations

EzScoreboard.com A Fully Integrated Administration Service.

EzScoreboard.com A Fully Integrated Administration Service.
Using Technology to Facilitate Trade Presented by Sue Welch Chief Executive Officer CrossStreetTrade, Inc. 2 Main Street, Gloucester, MA 01930, USA.

Using Technology to Facilitate Trade Presented by Sue Welch Chief Executive Officer CrossStreetTrade, Inc. 2 Main Street, Gloucester, MA 01930, USA.
Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Table of contents 1 Manual of Operational Procedures (MOP) 2

Table of contents 1 Manual of Operational Procedures (MOP) 2
© Southampton City Council Sean Dawtry – Southampton City Council The Southampton Pathfinder for Smart Cards in public services.

© Southampton City Council Sean Dawtry – Southampton City Council The Southampton Pathfinder for Smart Cards in public services.
McGraw-Hill/Irwin © 2008 The McGraw-Hill Companies, All Rights Reserved Chapter 15 Creating Collaborative Partnerships.

McGraw-Hill/Irwin © 2008 The McGraw-Hill Companies, All Rights Reserved Chapter 15 Creating Collaborative Partnerships.
Chapters 14 & 15 Internet Databases. E-Commerce  Bringing new products, services, or ideas to market, supporting and enhancing business operations 

Chapters 14 & 15 Internet Databases. E-Commerce  Bringing new products, services, or ideas to market, supporting and enhancing business operations 
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
Monitoring and Supervision Seminar 15 June 2006, Rotterdam, The Netherlands Safe and trustworthy access in a working environment: the MoodlePKI project.

Monitoring and Supervision Seminar 15 June 2006, Rotterdam, The Netherlands Safe and trustworthy access in a working environment: the MoodlePKI project.
An Overview. BizLink BizLink is a Social Networking platform for business. It allows colleagues to come together, ask questions, share resources, form.

An Overview. BizLink BizLink is a Social Networking platform for business. It allows colleagues to come together, ask questions, share resources, form.
Chief Information Officer Branch Gestion du dirigeant principal de l’information “We will have a world class public key infrastructure in place” Prime.

Chief Information Officer Branch Gestion du dirigeant principal de l’information “We will have a world class public key infrastructure in place” Prime.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.

Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.
A New Computing Paradigm. Overview of Web Services Over 66 percent of respondents to a 2001 InfoWorld magazine poll agreed that Web services are likely.

A New Computing Paradigm. Overview of Web Services Over 66 percent of respondents to a 2001 InfoWorld magazine poll agreed that "Web services are likely.
Using Digital Credentials On The World-Wide Web M. Winslett.

Using Digital Credentials On The World-Wide Web M. Winslett.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Secure Knowledge Management: and.

Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Secure Knowledge Management: and.
» Explain the way that electronic mail (e-mail) works » Configure an e-mail client » Identify e-mail message components » Create and send e-mail messages.

» Explain the way that electronic mail ( ) works » Configure an client » Identify message components » Create and send messages.
July 25, 2005 PEP Workshop, UM 2005 1 A Single Sign-On Identity Management System Without a Trusted Third Party Brian Richardson and Jim Greer ARIES Lab.

July 25, 2005 PEP Workshop, UM A Single Sign-On Identity Management System Without a Trusted Third Party Brian Richardson and Jim Greer ARIES Lab.
Online Banking Security Magdalena Padyasek. Why Security?  Computer-based businesses  Advances in technology  Internet crimes  September 11 th attacks.

Online Banking Security Magdalena Padyasek. Why Security?  Computer-based businesses  Advances in technology  Internet crimes  September 11 th attacks.

Similar presentations

Ads by Google