SlideShare une entreprise Scribd logo

Digital Signatures for use by IDA Relying Parties v102

Phil Wolff
Phil Wolff

Presented at the September 2012 Personal Data Ecosystem Catalyst Workshop in London on OIX

1  sur  13
Télécharger pour lire hors ligne
Digitally signing forms at IDA Relying Parties Jon Shamah EJ Consultants 04/09/2012 1 Commercial in Confidence E J Consultants
IDA limitations and suggested resolution • IDA scheme as currently envisaged does not include any digital signing capability for on-line forms. – Provides authentication to a relying party only • Potential resolution is to create an appliance-based PKI at the relying party with authorisation linked to customer’s mobile. – The Relying Party in effect acts as the Registration Authority for its IDA authenticated customers • The advantage is that this simple approach to on-line form signing helps agencies justify inclusion in IDA with no impact on current procurements and existing scheme architecture 2 Commercial in Confidence E J Consultants
IdSP Hub Authenticate Portal Login Customer starts sign in to his account on the portal He is redirected to his IdSP for authentication 3 Commercial in Confidence E J Consultants
2 SAML2 Session IdSP Hub Manager Match customer Authenticate Portal Customer Data Login IdSP issues SAML2 assertion Hub communicates with Session Manager who matches credential to internal customer data to establish identity 4 Commercial in Confidence E J Consultants
2 SAML2 Session IdSP Hub Manager Match customer Authenticate Portal Establish Session Customer 3 Data Login Session Manager establishes session 5 Commercial in Confidence E J Consultants
2 SAML2 Session IdSP Hub Manager Match customer Authenticate Portal Establish Session Customer 3 Data Login Unique customer certificate is created in appliance and its key can only be used via delegated release using an OTP 6 Commercial in Confidence E J Consultants
2 SAML2 Session IdSP Hub Manager Match customer Authenticate Portal Establish Session Customer 3 Data Login Form fetch & prefill View/fill Customer selects form to fill and views / completes a pre-filled form 7 Commercial in Confidence E J Consultants
2 SAML2 Session IdSP Hub Manager Match customer Authenticate Portal Establish Session Customer 3 Data Login Form fetch & prefill View/fill 4 Press submit to agree to sign with OTP Signing Page Customer agrees to sign form with OTP Transfers to signing page 8 Commercial in Confidence E J Consultants
2 SAML2 Session IdSP Hub Manager Match customer Authenticate Portal Establish Session Customer 3 Data Login Form fetch & prefill View/fill 4 Press submit to agree to sign with OTP Signing Page OTP /SMS Authenticator OTP releases data key to 5 sign (PKI Stored in Co- Sign) OTP is sent to registered mobile Customer enters code into signing page 9 Commercial in Confidence E J Consultants
2 SAML2 Session IdSP Hub Manager Match customer Authenticate Portal Establish Session Customer 3 Data Login Form fetch & prefill View/fill 4 Press submit to Signed form agree to sign with OTP Signing Page Hash 6 signed and Download and print returned OTP /SMS Authenticator OTP releases data key to 5 sign (PKI Stored in Co- Sign) Document hash is signed using customers certificate stored in co- sign and then embedded in document for distribution 10 Commercial in Confidence E J Consultants
2 SAML2 Session IdSP Hub Manager Match customer Authenticate Portal Establish Session Customer 3 Data Login Form fetch & prefill View/fill 4 Press submit to Signed form agree to sign with OTP Signing Page Hash 6 signed and Download and print returned OTP /SMS Authenticator OTP releases data key to 5 sign (PKI Stored in Co- Sign) Note: Customer certificates in appliance are continuously synchronised/validated together with Customer data 11 Commercial in Confidence E J Consultants
Discussion • The IDA does not currently support digital signatures for signing on-line forms as part of the core architecture • Are agencies willing to move to on-line signing of forms? • Do/will we need digital signatures to do this? • Can this form an ROI case to encourage joining IDA? 12 Commercial in Confidence E J Consultants
Thank you JON SHAMAH – EJ CONSULTANTS jshamah@ejconsultants.co.uk +44 7813-111290 13 Commercial in Confidence E J Consultants

Recommandé

IDM & IAM 2012
IDM & IAM 2012IDM & IAM 2012
IDM & IAM 2012Ariel Evans
 
TH e-GIF on SOA Using Open Enterprise Architecture
TH e-GIF on SOA Using Open Enterprise ArchitectureTH e-GIF on SOA Using Open Enterprise Architecture
TH e-GIF on SOA Using Open Enterprise ArchitectureThanachart Numnonda
 
Financial services created by rutuja chudnaik (wro0400209)
Financial services created by rutuja chudnaik (wro0400209)Financial services created by rutuja chudnaik (wro0400209)
Financial services created by rutuja chudnaik (wro0400209)Rutuja Chudnaik
 
Real estate manager
Real estate managerReal estate manager
Real estate managerMukul Bhartiya
 
Masrtjack eXchange
Masrtjack eXchangeMasrtjack eXchange
Masrtjack eXchangeSrimanta Kumar Sahu
 
Error Message Severity
Error Message SeverityError Message Severity
Error Message Severitymschwirzke
 
How To Develop A Business Case For FSCM
How To Develop A Business Case For FSCMHow To Develop A Business Case For FSCM
How To Develop A Business Case For FSCMHighRadius
 
Preparing for Office 365
Preparing for Office 365Preparing for Office 365
Preparing for Office 365Jan Egil Ring
 

Recommandé

IDM & IAM 2012
IDM & IAM 2012IDM & IAM 2012
IDM & IAM 2012Ariel Evans
 
TH e-GIF on SOA Using Open Enterprise Architecture
TH e-GIF on SOA Using Open Enterprise ArchitectureTH e-GIF on SOA Using Open Enterprise Architecture
TH e-GIF on SOA Using Open Enterprise ArchitectureThanachart Numnonda
 
Financial services created by rutuja chudnaik (wro0400209)
Financial services created by rutuja chudnaik (wro0400209)Financial services created by rutuja chudnaik (wro0400209)
Financial services created by rutuja chudnaik (wro0400209)Rutuja Chudnaik
 
Real estate manager
Real estate managerReal estate manager
Real estate managerMukul Bhartiya
 
Masrtjack eXchange
Masrtjack eXchangeMasrtjack eXchange
Masrtjack eXchangeSrimanta Kumar Sahu
 
Error Message Severity
Error Message SeverityError Message Severity
Error Message Severitymschwirzke
 
How To Develop A Business Case For FSCM
How To Develop A Business Case For FSCMHow To Develop A Business Case For FSCM
How To Develop A Business Case For FSCMHighRadius
 
Preparing for Office 365
Preparing for Office 365Preparing for Office 365
Preparing for Office 365Jan Egil Ring
 
Boi internet banking corporate form
Boi internet banking corporate formBoi internet banking corporate form
Boi internet banking corporate formhbkavate
 
HGS Presentation / General Overview
HGS Presentation / General OverviewHGS Presentation / General Overview
HGS Presentation / General OverviewAmy_Anderson
 
Instant Agility in Oracle Fusion Middleware through Design Time @ Run Time (O...
Instant Agility in Oracle Fusion Middleware through Design Time @ Run Time (O...Instant Agility in Oracle Fusion Middleware through Design Time @ Run Time (O...
Instant Agility in Oracle Fusion Middleware through Design Time @ Run Time (O...Lucas Jellema
 
Manage Agility through Manage-ability – Introducing Design Time at Run Time ...
Manage Agility through Manage-ability – Introducing Design Time at Run Time ...Manage Agility through Manage-ability – Introducing Design Time at Run Time ...
Manage Agility through Manage-ability – Introducing Design Time at Run Time ...Lucas Jellema
 
Customer Experience: Data-Driven Customer Satisfaction at TD Ameritrade
Customer Experience: Data-Driven Customer Satisfaction at TD AmeritradeCustomer Experience: Data-Driven Customer Satisfaction at TD Ameritrade
Customer Experience: Data-Driven Customer Satisfaction at TD AmeritradeJaime Fitzgerald
 
Sage 100 road map caribbean conference
Sage 100 road map caribbean conferenceSage 100 road map caribbean conference
Sage 100 road map caribbean conferenceSuzanne Spear
 
Evaluation of green act in small scale foundry
Evaluation of green act in small scale foundryEvaluation of green act in small scale foundry
Evaluation of green act in small scale foundryeSAT Publishing House
 
Call For papers Entornos digitales y ayuda educativa
Call For papers Entornos digitales y ayuda educativaCall For papers Entornos digitales y ayuda educativa
Call For papers Entornos digitales y ayuda educativaeraser Juan José Calderón
 
Call for Papers Journal of Educational Technology & Society
Call for Papers Journal of Educational Technology & Society Call for Papers Journal of Educational Technology & Society
Call for Papers Journal of Educational Technology & Society eraser Juan José Calderón
 
Characterization and Performance Evaluation of HSS Cutting Tools under deep C...
Characterization and Performance Evaluation of HSS Cutting Tools under deep C...Characterization and Performance Evaluation of HSS Cutting Tools under deep C...
Characterization and Performance Evaluation of HSS Cutting Tools under deep C...inventy
 
Learning in a virtual world!
Learning in a virtual world!Learning in a virtual world!
Learning in a virtual world!Jo Kay
 
Exploring the Metaverse - Education in Virtual Worlds and Games
Exploring the Metaverse - Education in Virtual Worlds and GamesExploring the Metaverse - Education in Virtual Worlds and Games
Exploring the Metaverse - Education in Virtual Worlds and GamesJo Kay
 
International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)IJERD Editor
 
Los usos educativos de las narrativas transmedia
Los usos educativos de las narrativas transmediaLos usos educativos de las narrativas transmedia
Los usos educativos de las narrativas transmediaeraser Juan José Calderón
 
Comodo Overview Presentation Read Only
Comodo Overview Presentation Read OnlyComodo Overview Presentation Read Only
Comodo Overview Presentation Read OnlyJayHicks
 
Single Sign-On Best Practices
Single Sign-On Best PracticesSingle Sign-On Best Practices
Single Sign-On Best PracticesSalesforce Developers
 
Hitachi ID Identity Manager: Self-service and automated user provisioning
Hitachi ID Identity Manager: Self-service and automated user provisioningHitachi ID Identity Manager: Self-service and automated user provisioning
Hitachi ID Identity Manager: Self-service and automated user provisioningHitachi ID Systems, Inc.
 
Direct Insite First Data An Integrated B2 B B2 C E Commerce Serpayments.P...
Direct Insite First Data An Integrated B2 B B2 C E Commerce Serpayments.P...Direct Insite First Data An Integrated B2 B B2 C E Commerce Serpayments.P...
Direct Insite First Data An Integrated B2 B B2 C E Commerce Serpayments.P...Oberan
 
Protecting Online Identities - MIX09
Protecting Online Identities - MIX09Protecting Online Identities - MIX09
Protecting Online Identities - MIX09Jorgen Thelin
 
Taking a Pragmatic Look at the Salesforce Security Model
Taking a Pragmatic Look at the Salesforce Security ModelTaking a Pragmatic Look at the Salesforce Security Model
Taking a Pragmatic Look at the Salesforce Security ModelSalesforce Developers
 
Protecting Online Identities
Protecting Online IdentitiesProtecting Online Identities
Protecting Online Identitiesgoodfriday
 
Protecting Online Identities
Protecting Online IdentitiesProtecting Online Identities
Protecting Online Identitiesgoodfriday
 

Contenu connexe

Tendances

Boi internet banking corporate form
Boi internet banking corporate formBoi internet banking corporate form
Boi internet banking corporate formhbkavate
 
HGS Presentation / General Overview
HGS Presentation / General OverviewHGS Presentation / General Overview
HGS Presentation / General OverviewAmy_Anderson
 
Instant Agility in Oracle Fusion Middleware through Design Time @ Run Time (O...
Instant Agility in Oracle Fusion Middleware through Design Time @ Run Time (O...Instant Agility in Oracle Fusion Middleware through Design Time @ Run Time (O...
Instant Agility in Oracle Fusion Middleware through Design Time @ Run Time (O...Lucas Jellema
 
Manage Agility through Manage-ability – Introducing Design Time at Run Time ...
Manage Agility through Manage-ability – Introducing Design Time at Run Time ...Manage Agility through Manage-ability – Introducing Design Time at Run Time ...
Manage Agility through Manage-ability – Introducing Design Time at Run Time ...Lucas Jellema
 
Customer Experience: Data-Driven Customer Satisfaction at TD Ameritrade
Customer Experience: Data-Driven Customer Satisfaction at TD AmeritradeCustomer Experience: Data-Driven Customer Satisfaction at TD Ameritrade
Customer Experience: Data-Driven Customer Satisfaction at TD AmeritradeJaime Fitzgerald
 
Sage 100 road map caribbean conference
Sage 100 road map caribbean conferenceSage 100 road map caribbean conference
Sage 100 road map caribbean conferenceSuzanne Spear
 

Tendances (6)

Boi internet banking corporate form
Boi internet banking corporate formBoi internet banking corporate form
Boi internet banking corporate form
 
HGS Presentation / General Overview
HGS Presentation / General OverviewHGS Presentation / General Overview
HGS Presentation / General Overview
 
Instant Agility in Oracle Fusion Middleware through Design Time @ Run Time (O...
Instant Agility in Oracle Fusion Middleware through Design Time @ Run Time (O...Instant Agility in Oracle Fusion Middleware through Design Time @ Run Time (O...
Instant Agility in Oracle Fusion Middleware through Design Time @ Run Time (O...
 
Manage Agility through Manage-ability – Introducing Design Time at Run Time ...
Manage Agility through Manage-ability – Introducing Design Time at Run Time ...Manage Agility through Manage-ability – Introducing Design Time at Run Time ...
Manage Agility through Manage-ability – Introducing Design Time at Run Time ...
 
Customer Experience: Data-Driven Customer Satisfaction at TD Ameritrade
Customer Experience: Data-Driven Customer Satisfaction at TD AmeritradeCustomer Experience: Data-Driven Customer Satisfaction at TD Ameritrade
Customer Experience: Data-Driven Customer Satisfaction at TD Ameritrade
 
Sage 100 road map caribbean conference
Sage 100 road map caribbean conferenceSage 100 road map caribbean conference
Sage 100 road map caribbean conference
 

En vedette

Evaluation of green act in small scale foundry
Evaluation of green act in small scale foundryEvaluation of green act in small scale foundry
Evaluation of green act in small scale foundryeSAT Publishing House
 
Call For papers Entornos digitales y ayuda educativa
Call For papers Entornos digitales y ayuda educativaCall For papers Entornos digitales y ayuda educativa
Call For papers Entornos digitales y ayuda educativaeraser Juan José Calderón
 
Call for Papers Journal of Educational Technology & Society
Call for Papers Journal of Educational Technology & Society Call for Papers Journal of Educational Technology & Society
Call for Papers Journal of Educational Technology & Society eraser Juan José Calderón
 
Characterization and Performance Evaluation of HSS Cutting Tools under deep C...
Characterization and Performance Evaluation of HSS Cutting Tools under deep C...Characterization and Performance Evaluation of HSS Cutting Tools under deep C...
Characterization and Performance Evaluation of HSS Cutting Tools under deep C...inventy
 
Learning in a virtual world!
Learning in a virtual world!Learning in a virtual world!
Learning in a virtual world!Jo Kay
 
Exploring the Metaverse - Education in Virtual Worlds and Games
Exploring the Metaverse - Education in Virtual Worlds and GamesExploring the Metaverse - Education in Virtual Worlds and Games
Exploring the Metaverse - Education in Virtual Worlds and GamesJo Kay
 
International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)IJERD Editor
 
Los usos educativos de las narrativas transmedia
Los usos educativos de las narrativas transmediaLos usos educativos de las narrativas transmedia
Los usos educativos de las narrativas transmediaeraser Juan José Calderón
 

En vedette (8)

Evaluation of green act in small scale foundry
Evaluation of green act in small scale foundryEvaluation of green act in small scale foundry
Evaluation of green act in small scale foundry
 
Call For papers Entornos digitales y ayuda educativa
Call For papers Entornos digitales y ayuda educativaCall For papers Entornos digitales y ayuda educativa
Call For papers Entornos digitales y ayuda educativa
 
Call for Papers Journal of Educational Technology & Society
Call for Papers Journal of Educational Technology & Society Call for Papers Journal of Educational Technology & Society
Call for Papers Journal of Educational Technology & Society
 
Characterization and Performance Evaluation of HSS Cutting Tools under deep C...
Characterization and Performance Evaluation of HSS Cutting Tools under deep C...Characterization and Performance Evaluation of HSS Cutting Tools under deep C...
Characterization and Performance Evaluation of HSS Cutting Tools under deep C...
 
Learning in a virtual world!
Learning in a virtual world!Learning in a virtual world!
Learning in a virtual world!
 
Exploring the Metaverse - Education in Virtual Worlds and Games
Exploring the Metaverse - Education in Virtual Worlds and GamesExploring the Metaverse - Education in Virtual Worlds and Games
Exploring the Metaverse - Education in Virtual Worlds and Games
 
International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)
 
Los usos educativos de las narrativas transmedia
Los usos educativos de las narrativas transmediaLos usos educativos de las narrativas transmedia
Los usos educativos de las narrativas transmedia
 

Similaire à Digital Signatures for use by IDA Relying Parties v102

Comodo Overview Presentation Read Only
Comodo Overview Presentation Read OnlyComodo Overview Presentation Read Only
Comodo Overview Presentation Read OnlyJayHicks
 
Hitachi ID Identity Manager: Self-service and automated user provisioning
Hitachi ID Identity Manager: Self-service and automated user provisioningHitachi ID Identity Manager: Self-service and automated user provisioning
Hitachi ID Identity Manager: Self-service and automated user provisioningHitachi ID Systems, Inc.
 
Direct Insite First Data An Integrated B2 B B2 C E Commerce Serpayments.P...
Direct Insite First Data An Integrated B2 B B2 C E Commerce Serpayments.P...Direct Insite First Data An Integrated B2 B B2 C E Commerce Serpayments.P...
Direct Insite First Data An Integrated B2 B B2 C E Commerce Serpayments.P...Oberan
 
Protecting Online Identities - MIX09
Protecting Online Identities - MIX09Protecting Online Identities - MIX09
Protecting Online Identities - MIX09Jorgen Thelin
 
Taking a Pragmatic Look at the Salesforce Security Model
Taking a Pragmatic Look at the Salesforce Security ModelTaking a Pragmatic Look at the Salesforce Security Model
Taking a Pragmatic Look at the Salesforce Security ModelSalesforce Developers
 
Protecting Online Identities
Protecting Online IdentitiesProtecting Online Identities
Protecting Online Identitiesgoodfriday
 
Protecting Online Identities
Protecting Online IdentitiesProtecting Online Identities
Protecting Online Identitiesgoodfriday
 
SharePoint as digital service platform
SharePoint as digital service platformSharePoint as digital service platform
SharePoint as digital service platformNir Levy
 
Jeff Pascoe - Managing Financial Client On-boarding with BPM
Jeff Pascoe - Managing Financial Client On-boarding with BPMJeff Pascoe - Managing Financial Client On-boarding with BPM
Jeff Pascoe - Managing Financial Client On-boarding with BPMOpenText_ContentDayUK2012
 
BlueRidge eInvoice Service
BlueRidge eInvoice ServiceBlueRidge eInvoice Service
BlueRidge eInvoice ServiceFriso de Jong
 
TrustBearer - CTST 2009 - OpenID & Strong Authentication
TrustBearer - CTST 2009 - OpenID & Strong AuthenticationTrustBearer - CTST 2009 - OpenID & Strong Authentication
TrustBearer - CTST 2009 - OpenID & Strong AuthenticationTrustBearer
 
ClickPoint Software buy vs. build
ClickPoint Software buy vs. buildClickPoint Software buy vs. build
ClickPoint Software buy vs. buildClickPoint Software
 
Vera Bradley Chooses Paymetric to Automate Their Payment Processing Needs
Vera Bradley Chooses Paymetric to Automate Their Payment Processing NeedsVera Bradley Chooses Paymetric to Automate Their Payment Processing Needs
Vera Bradley Chooses Paymetric to Automate Their Payment Processing NeedsPaymetric, Inc.
 
Building a business case for SAP FSCM
Building a business case for SAP FSCM Building a business case for SAP FSCM
Building a business case for SAP FSCM HighRadius
 

Similaire à Digital Signatures for use by IDA Relying Parties v102 (20)

Comodo Overview Presentation Read Only
Comodo Overview Presentation Read OnlyComodo Overview Presentation Read Only
Comodo Overview Presentation Read Only
 
Single Sign-On Best Practices
Single Sign-On Best PracticesSingle Sign-On Best Practices
Single Sign-On Best Practices
 
Hitachi ID Identity Manager: Self-service and automated user provisioning
Hitachi ID Identity Manager: Self-service and automated user provisioningHitachi ID Identity Manager: Self-service and automated user provisioning
Hitachi ID Identity Manager: Self-service and automated user provisioning
 
Direct Insite First Data An Integrated B2 B B2 C E Commerce Serpayments.P...
Direct Insite First Data An Integrated B2 B B2 C E Commerce Serpayments.P...Direct Insite First Data An Integrated B2 B B2 C E Commerce Serpayments.P...
Direct Insite First Data An Integrated B2 B B2 C E Commerce Serpayments.P...
 
Protecting Online Identities - MIX09
Protecting Online Identities - MIX09Protecting Online Identities - MIX09
Protecting Online Identities - MIX09
 
Taking a Pragmatic Look at the Salesforce Security Model
Taking a Pragmatic Look at the Salesforce Security ModelTaking a Pragmatic Look at the Salesforce Security Model
Taking a Pragmatic Look at the Salesforce Security Model
 
Protecting Online Identities
Protecting Online IdentitiesProtecting Online Identities
Protecting Online Identities
 
Protecting Online Identities
Protecting Online IdentitiesProtecting Online Identities
Protecting Online Identities
 
SharePoint as digital service platform
SharePoint as digital service platformSharePoint as digital service platform
SharePoint as digital service platform
 
Jeff Pascoe - Managing Financial Client On-boarding with BPM
Jeff Pascoe - Managing Financial Client On-boarding with BPMJeff Pascoe - Managing Financial Client On-boarding with BPM
Jeff Pascoe - Managing Financial Client On-boarding with BPM
 
BlueRidge eInvoice Service
BlueRidge eInvoice ServiceBlueRidge eInvoice Service
BlueRidge eInvoice Service
 
Microsoft Dynamics GP 2013 - Mejoras
Microsoft Dynamics GP 2013 - MejorasMicrosoft Dynamics GP 2013 - Mejoras
Microsoft Dynamics GP 2013 - Mejoras
 
TrustBearer - CTST 2009 - OpenID & Strong Authentication
TrustBearer - CTST 2009 - OpenID & Strong AuthenticationTrustBearer - CTST 2009 - OpenID & Strong Authentication
TrustBearer - CTST 2009 - OpenID & Strong Authentication
 
Final review presentation
Final review presentationFinal review presentation
Final review presentation
 
eGarage 2.3
eGarage 2.3eGarage 2.3
eGarage 2.3
 
ClickPoint Software buy vs. build
ClickPoint Software buy vs. buildClickPoint Software buy vs. build
ClickPoint Software buy vs. build
 
ECM: Bridging Content Process and Compliance Divide
ECM: Bridging Content Process and Compliance DivideECM: Bridging Content Process and Compliance Divide
ECM: Bridging Content Process and Compliance Divide
 
Vera Bradley Chooses Paymetric to Automate Their Payment Processing Needs
Vera Bradley Chooses Paymetric to Automate Their Payment Processing NeedsVera Bradley Chooses Paymetric to Automate Their Payment Processing Needs
Vera Bradley Chooses Paymetric to Automate Their Payment Processing Needs
 
Building a business case for SAP FSCM
Building a business case for SAP FSCM Building a business case for SAP FSCM
Building a business case for SAP FSCM
 
Building an Enterprise MDM Strategy
Building an Enterprise MDM StrategyBuilding an Enterprise MDM Strategy
Building an Enterprise MDM Strategy
 

Plus de Phil Wolff

A Code of Ethics for Product Managers?
A Code of Ethics for Product Managers?A Code of Ethics for Product Managers?
A Code of Ethics for Product Managers?Phil Wolff
 
Seven Reasons This Epic Training Should Matter To You
Seven Reasons This Epic Training Should Matter To YouSeven Reasons This Epic Training Should Matter To You
Seven Reasons This Epic Training Should Matter To YouPhil Wolff
 
14 OpenOakland Leadership Hacks for 2015
14 OpenOakland Leadership Hacks for 201514 OpenOakland Leadership Hacks for 2015
14 OpenOakland Leadership Hacks for 2015Phil Wolff
 
OpenOakland: 3 goals for 2014
OpenOakland: 3 goals for 2014OpenOakland: 3 goals for 2014
OpenOakland: 3 goals for 2014Phil Wolff
 
DRAFT: OpenOakland Product Selection
DRAFT: OpenOakland Product SelectionDRAFT: OpenOakland Product Selection
DRAFT: OpenOakland Product SelectionPhil Wolff
 
So Your Product Is Going To Die. Here's What Happens Next.
So Your Product Is Going To Die. Here's What Happens Next. So Your Product Is Going To Die. Here's What Happens Next.
So Your Product Is Going To Die. Here's What Happens Next. Phil Wolff
 
The Things I Don't Know about Product Retirement Could Fill A Slide Deck
The Things I Don't Know about Product Retirement Could Fill A Slide DeckThe Things I Don't Know about Product Retirement Could Fill A Slide Deck
The Things I Don't Know about Product Retirement Could Fill A Slide DeckPhil Wolff
 
What’s missing from customer service live chat?
What’s missing from customer service live chat?What’s missing from customer service live chat?
What’s missing from customer service live chat?Phil Wolff
 
Proposal: A new City of Oakland Technology Commission
Proposal: A new City of Oakland Technology Commission Proposal: A new City of Oakland Technology Commission
Proposal: A new City of Oakland Technology Commission Phil Wolff
 
Personal Data Economy Action Plan - Get Smart, Get Connected, Get Proof
Personal Data Economy Action Plan - Get Smart, Get Connected, Get ProofPersonal Data Economy Action Plan - Get Smart, Get Connected, Get Proof
Personal Data Economy Action Plan - Get Smart, Get Connected, Get ProofPhil Wolff
 
The Cloud Needs An Operating System – Philip J. Windley
The Cloud Needs An Operating System – Philip J. WindleyThe Cloud Needs An Operating System – Philip J. Windley
The Cloud Needs An Operating System – Philip J. WindleyPhil Wolff
 
Johannes Ernst introduces the first Personal Clouds Community Gathering
Johannes Ernst introduces the first Personal Clouds Community GatheringJohannes Ernst introduces the first Personal Clouds Community Gathering
Johannes Ernst introduces the first Personal Clouds Community GatheringPhil Wolff
 
Why Personal Clouds Need A Network
Why Personal Clouds Need A NetworkWhy Personal Clouds Need A Network
Why Personal Clouds Need A NetworkPhil Wolff
 
What could kill NSTIC? A friendly threat assessment in 3 parts.
What could kill NSTIC? A friendly threat assessment in 3 parts.What could kill NSTIC? A friendly threat assessment in 3 parts.
What could kill NSTIC? A friendly threat assessment in 3 parts.Phil Wolff
 
Fiduciary clouds
Fiduciary cloudsFiduciary clouds
Fiduciary cloudsPhil Wolff
 
Hi! I'm Phil Wolff. And this is PDEC.
Hi! I'm Phil Wolff. And this is PDEC.Hi! I'm Phil Wolff. And this is PDEC.
Hi! I'm Phil Wolff. And this is PDEC.Phil Wolff
 
22 Ways Skype's Digital Identity System Sucks
22 Ways Skype's Digital Identity System Sucks22 Ways Skype's Digital Identity System Sucks
22 Ways Skype's Digital Identity System SucksPhil Wolff
 
Skype 2021: The Next 9 Years
Skype 2021: The Next 9 Years Skype 2021: The Next 9 Years
Skype 2021: The Next 9 Years Phil Wolff
 
#Portability4Trust - Personal Data Portability for Trust Frameworks
#Portability4Trust - Personal Data Portability for Trust Frameworks#Portability4Trust - Personal Data Portability for Trust Frameworks
#Portability4Trust - Personal Data Portability for Trust FrameworksPhil Wolff
 
Interop, please
Interop, pleaseInterop, please
Interop, pleasePhil Wolff
 

Plus de Phil Wolff (20)

A Code of Ethics for Product Managers?
A Code of Ethics for Product Managers?A Code of Ethics for Product Managers?
A Code of Ethics for Product Managers?
 
Seven Reasons This Epic Training Should Matter To You
Seven Reasons This Epic Training Should Matter To YouSeven Reasons This Epic Training Should Matter To You
Seven Reasons This Epic Training Should Matter To You
 
14 OpenOakland Leadership Hacks for 2015
14 OpenOakland Leadership Hacks for 201514 OpenOakland Leadership Hacks for 2015
14 OpenOakland Leadership Hacks for 2015
 
OpenOakland: 3 goals for 2014
OpenOakland: 3 goals for 2014OpenOakland: 3 goals for 2014
OpenOakland: 3 goals for 2014
 
DRAFT: OpenOakland Product Selection
DRAFT: OpenOakland Product SelectionDRAFT: OpenOakland Product Selection
DRAFT: OpenOakland Product Selection
 
So Your Product Is Going To Die. Here's What Happens Next.
So Your Product Is Going To Die. Here's What Happens Next. So Your Product Is Going To Die. Here's What Happens Next.
So Your Product Is Going To Die. Here's What Happens Next.
 
The Things I Don't Know about Product Retirement Could Fill A Slide Deck
The Things I Don't Know about Product Retirement Could Fill A Slide DeckThe Things I Don't Know about Product Retirement Could Fill A Slide Deck
The Things I Don't Know about Product Retirement Could Fill A Slide Deck
 
What’s missing from customer service live chat?
What’s missing from customer service live chat?What’s missing from customer service live chat?
What’s missing from customer service live chat?
 
Proposal: A new City of Oakland Technology Commission
Proposal: A new City of Oakland Technology Commission Proposal: A new City of Oakland Technology Commission
Proposal: A new City of Oakland Technology Commission
 
Personal Data Economy Action Plan - Get Smart, Get Connected, Get Proof
Personal Data Economy Action Plan - Get Smart, Get Connected, Get ProofPersonal Data Economy Action Plan - Get Smart, Get Connected, Get Proof
Personal Data Economy Action Plan - Get Smart, Get Connected, Get Proof
 
The Cloud Needs An Operating System – Philip J. Windley
The Cloud Needs An Operating System – Philip J. WindleyThe Cloud Needs An Operating System – Philip J. Windley
The Cloud Needs An Operating System – Philip J. Windley
 
Johannes Ernst introduces the first Personal Clouds Community Gathering
Johannes Ernst introduces the first Personal Clouds Community GatheringJohannes Ernst introduces the first Personal Clouds Community Gathering
Johannes Ernst introduces the first Personal Clouds Community Gathering
 
Why Personal Clouds Need A Network
Why Personal Clouds Need A NetworkWhy Personal Clouds Need A Network
Why Personal Clouds Need A Network
 
What could kill NSTIC? A friendly threat assessment in 3 parts.
What could kill NSTIC? A friendly threat assessment in 3 parts.What could kill NSTIC? A friendly threat assessment in 3 parts.
What could kill NSTIC? A friendly threat assessment in 3 parts.
 
Fiduciary clouds
Fiduciary cloudsFiduciary clouds
Fiduciary clouds
 
Hi! I'm Phil Wolff. And this is PDEC.
Hi! I'm Phil Wolff. And this is PDEC.Hi! I'm Phil Wolff. And this is PDEC.
Hi! I'm Phil Wolff. And this is PDEC.
 
22 Ways Skype's Digital Identity System Sucks
22 Ways Skype's Digital Identity System Sucks22 Ways Skype's Digital Identity System Sucks
22 Ways Skype's Digital Identity System Sucks
 
Skype 2021: The Next 9 Years
Skype 2021: The Next 9 Years Skype 2021: The Next 9 Years
Skype 2021: The Next 9 Years
 
#Portability4Trust - Personal Data Portability for Trust Frameworks
#Portability4Trust - Personal Data Portability for Trust Frameworks#Portability4Trust - Personal Data Portability for Trust Frameworks
#Portability4Trust - Personal Data Portability for Trust Frameworks
 
Interop, please
Interop, pleaseInterop, please
Interop, please
 

Digital Signatures for use by IDA Relying Parties v102

  • 1. Digitally signing forms at IDA Relying Parties Jon Shamah EJ Consultants 04/09/2012 1 Commercial in Confidence E J Consultants
  • 2. IDA limitations and suggested resolution • IDA scheme as currently envisaged does not include any digital signing capability for on-line forms. – Provides authentication to a relying party only • Potential resolution is to create an appliance-based PKI at the relying party with authorisation linked to customer’s mobile. – The Relying Party in effect acts as the Registration Authority for its IDA authenticated customers • The advantage is that this simple approach to on-line form signing helps agencies justify inclusion in IDA with no impact on current procurements and existing scheme architecture 2 Commercial in Confidence E J Consultants
  • 3. IdSP Hub Authenticate Portal Login Customer starts sign in to his account on the portal He is redirected to his IdSP for authentication 3 Commercial in Confidence E J Consultants
  • 4. 2 SAML2 Session IdSP Hub Manager Match customer Authenticate Portal Customer Data Login IdSP issues SAML2 assertion Hub communicates with Session Manager who matches credential to internal customer data to establish identity 4 Commercial in Confidence E J Consultants
  • 5. 2 SAML2 Session IdSP Hub Manager Match customer Authenticate Portal Establish Session Customer 3 Data Login Session Manager establishes session 5 Commercial in Confidence E J Consultants
  • 6. 2 SAML2 Session IdSP Hub Manager Match customer Authenticate Portal Establish Session Customer 3 Data Login Unique customer certificate is created in appliance and its key can only be used via delegated release using an OTP 6 Commercial in Confidence E J Consultants
  • 7. 2 SAML2 Session IdSP Hub Manager Match customer Authenticate Portal Establish Session Customer 3 Data Login Form fetch & prefill View/fill Customer selects form to fill and views / completes a pre-filled form 7 Commercial in Confidence E J Consultants
  • 8. 2 SAML2 Session IdSP Hub Manager Match customer Authenticate Portal Establish Session Customer 3 Data Login Form fetch & prefill View/fill 4 Press submit to agree to sign with OTP Signing Page Customer agrees to sign form with OTP Transfers to signing page 8 Commercial in Confidence E J Consultants
  • 9. 2 SAML2 Session IdSP Hub Manager Match customer Authenticate Portal Establish Session Customer 3 Data Login Form fetch & prefill View/fill 4 Press submit to agree to sign with OTP Signing Page OTP /SMS Authenticator OTP releases data key to 5 sign (PKI Stored in Co- Sign) OTP is sent to registered mobile Customer enters code into signing page 9 Commercial in Confidence E J Consultants
  • 10. 2 SAML2 Session IdSP Hub Manager Match customer Authenticate Portal Establish Session Customer 3 Data Login Form fetch & prefill View/fill 4 Press submit to Signed form agree to sign with OTP Signing Page Hash 6 signed and Download and print returned OTP /SMS Authenticator OTP releases data key to 5 sign (PKI Stored in Co- Sign) Document hash is signed using customers certificate stored in co- sign and then embedded in document for distribution 10 Commercial in Confidence E J Consultants
  • 11. 2 SAML2 Session IdSP Hub Manager Match customer Authenticate Portal Establish Session Customer 3 Data Login Form fetch & prefill View/fill 4 Press submit to Signed form agree to sign with OTP Signing Page Hash 6 signed and Download and print returned OTP /SMS Authenticator OTP releases data key to 5 sign (PKI Stored in Co- Sign) Note: Customer certificates in appliance are continuously synchronised/validated together with Customer data 11 Commercial in Confidence E J Consultants
  • 12. Discussion • The IDA does not currently support digital signatures for signing on-line forms as part of the core architecture • Are agencies willing to move to on-line signing of forms? • Do/will we need digital signatures to do this? • Can this form an ROI case to encourage joining IDA? 12 Commercial in Confidence E J Consultants
  • 13. Thank you JON SHAMAH – EJ CONSULTANTS jshamah@ejconsultants.co.uk +44 7813-111290 13 Commercial in Confidence E J Consultants