CESP-ID is a flexible authentication solution that provides secure authentica-tion of users and enables Single Sign On between applications and organi-zations. It is based on the Security Assertion Markup Language (SAML) 2.0, which is an XML-based standard for exchanging authentication data between security domains. CESP-ID supports several different authentication mecha-nisms and is integrated with Trusted Security Server for providing verifica-tion of electronic ID (EID). CESP-ID is compliant with the Swedish healthcare standard “Bastjänster för Informationsförsörjning“, BIF and also conforms to SAML V2.0 IdP LITE profile.

CESP-ID Cybercom Enhanced Security Platform

Page 2

Cybercom

#2-12-2009

CESP-ID CESP-ID is built up by two services, CESP-ID Authenti-cation Service and CESP-ID Validation Service, which together form a flexible authentication solution. It is possible to add new custom authentication provid-ers as well as integration modules according to your organization’s needs, thanks to CESP-ID’s extensible design and use of web services interface.

The organization benefits of using CESP-ID is a moresecure authentication and effective administration ofuser accounts at one place for all applications, andthe possibility to provide Single Sign On for enhanceduser experience.

CESP-ID Authentication ServiceCESP-ID Authentication Service is the Identity Provider(IdP) that authenticates the user and issues a SAMLassertion that verifies the user’s identity. It ships withthe following features:

Secure authentication with support for several •different authentication methods through CESP-ID Authentication Providers

Issuing of SAML 2.0 Assertions •

Signing of assertions by the XML Digital Signa-•ture standard

Support for Single Sign On through the SAML •Web Browser SSO Profile standard

Support for Single Log Out (IdP- and SP-initiate•

Support for automatic registration of users •

Integration with legacy systems that use custom •stores for user credentials

Logging of authentication events with customiz-•able detail level

CESP-ID

Page 3

Cybercom

CESP-ID

CESP-ID Authentication ProvidersCESP-ID’s Authentication Providers delivers a flexible solution for integrating different authenticationmethods with CESP-ID. The following AuthenticationProviders are currently available:

Username & Password in custom database •

Integrated Windows Authentication through •Active Directory (NTLM / Kerberos)

Verification of X.509-certificates including revo-•cation control (CRL and OCSP)*

Verification of EID (electronic ID)*•

Novell eDirectory using LDAP (SSL/TLS)•

*All certificate verifications are done through Trusted Security Server, which is certified by “Bankernas ID-tjänst”

New authentication methods can be added by implementing a custom Authentication Provider for CESP-ID.

CESP-ID Attribute Providers CESP-ID ’s Attribute Providers makes it possible to useseveral different attribute sources. It is also possible to configure which Service Providers that require certain attributes, so that each SAML Assertion is customized for the specific Service where it will be consumed.

The attributes can be retrieved from the followingsources:

Database•

LDAP catalog•

X.509 Certificate•

CESP-ID Validation ServiceCESP-ID Validation Service is responsible for verifying an issued SAML assertion and is used by the Service Provider when validating a user’s identity. It performs the following checks on each SAML assertion:

XML Validation against schema definitions en-•sures that the SAML assertion is well formed

Valid Time Checking ensures that the assertion •is not expired and that the current time is within the valid time window

Valid Signature Checking ensures that the asser-•tion has not been tampered or forged

Signing Certificate Checking ensures that the •signing certificate was valid at the time of sign-ing and that it is issued by a trusted Certificate Authority

Proof of Possession Checking ensures that the •user presenting the SAML assertion is in fact the user it was issued to

CESP-ID Integration ModulesCESP-ID Integration Modules ensures smooth integra-tion with existing applications and systems. These integration modules enable other systems to take advantage of the authentication functions that CESP-ID provides and can be used to achieve SSO between applications.

CESP-ID comes with a ready-made integration mod-ule for use together with Forms Authentication in ASP.NET. This integration module is built on Microsoft’s Provider Model and can be used to provide a SAML based authentication in applications, for example SharePoint and EPiServer. The Forms Authentication integration module includes the following:

Specialized login page which performs authen-•tication through CESP-ID Authentication Service according to SAML Web Browser SSO Profile.

SamlMembershipProvider, SamlRoleProvider and •SamlMembershipUser, which are used to create the user’s identity and role based on his/her SAML assertion

Page 4

Cybercom

Cybercom Group Europe AB (publ.)P.O. Box 7574 · SE-103 93 Stockholm · SwedenPhone: +46 8 578 646 00 · www.cybercom.com

CESP-ID

About CybercomThe Cybercom Group is a high-tech consultancy that offers global sourcing for end-to-end solutions. The Group established itself as a world-class supplier in these segments: security, portal solutions, mobile services, and embedded systems.

Thanks to its extensive industry and operations ex-perience, Cybercom can offer strategic and techno-logical expertise to these markets: telecom, industry, media, public sector, retail, and banking and financial services.

The Group employs 2,000 persons and runs projects worldwide. Cybercom has 28 offices in 11 countries. Since 1999, Cybercom’s share has been quoted on the NASDAQ OMX Nordic Exchange. The company was launched in 1995.

Contact DetailsFor further information, please contact:

Henrik Johansson, Business Unit Managerhenrik.johansson@cybercomgroup.com+46 70 825 00 80

or vistit our website www.cybercom.com