Upload
emirates-identity-authority
View
344
Download
1
Embed Size (px)
DESCRIPTION
Presented at: World e-ID Congress: Identity Services for Government Mobility & Enterprise Conference | Sept 25-27, 2013 | Nice, French Rivera, France.
Citation preview
www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
Partners in Building UAE's Security & Economy
Our Vision: To be a role model and reference point in proofing individual identity and build wealth informatics that guarantees innovative and sophisticated services for the benefit of UAE
World e-ID Congress: Identity Services for Government Mobility & Enterprise Conference | Sept 25-27, 2013 | Nice, French Rivera, France.
Federated e-Identity Management across GCC Countries
P a r t n e r s i n B u i l d i n g U A E ' s S e c u r i t y & E c o n o m y
Our Vision: Provide an integrated and advanced personal identity management system that contribute to the transformation of the government and the economy and promotes security and global competitiveness of the UAE.
Presented by: Dr. Ali M. Al-Khouri
www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
Introduction: Scattered Practices
• Silos of identity management systems!
• Interoperability and mutual trust?
• Need to establish a trusted IDENTITY for an individual that can be used across domains, by service providers.
• The advantages and benefits of such mutual trust systems have been cited at numerous forums and have been well established.
www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
Introduction: Identity Federation
• Global initiatives on Identity Federations since last 20 years
www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
Identity Federation: Still a Developing Field!
• Identity Federation is still a developing science..
• Implementations vary and trust mechanisms differ.
• Different frameworks are put forth.
www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
Frameworks: Concepts vs. Practices
The basics and concepts of Identity Federation are rather
old and well understood ..
• Different frameworks and initiatives leading to trust establishment between different service providers (relying parties) based on the Identity Verification/ Authentication.
• All of these are based on Open Standards and use SAML Assertion.
www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
Identity Federation Considerations
Identity Provider
Service Provider
Service Seeker
Digital Identity
Identifiers
Credentials
Application Domain
Identity Assertion
Circle of Trust
Single Sign On
www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
Identity Federation: Identity Provider Role
Pivotal & key role in the Identity
Management
www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
Cross Border Identity Management
In the context of multi-organization
identity management systems, the ID provider’s role then becomes crucial in the
authentication of users.
www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
Mutual Trust
The service providers need to trust the identity
provider with respect to the
authentication of users.
www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
Decentralising Identity Management
Each Service Provider manages their own identity
management system that determines eligibility,
privileges, etc. to authenticated service seekers,
while the identity itself is
managed by the Identity Provider.
www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
Examining Identity Federation & Management
www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
Building Trust
• There are well established models that have prompted Governments to move up the value chain in the Identity Systems.
• Governments for long have been the de-facto identity providers to their citizens and residents, e.g., passports, ID cards, driving licenses, election cards and so on.
• With Trust and Identity Assertion becoming the need of the hour (with the advancement of the internet and remote service delivery), the Government Identity systems have evolved into the current Smart Identities complete with Digital Identity, various electronic identifiers, and credentials.
www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
Identity Federation in GCC Countries
GCC Government ID
Programs fit these requirements fully
& are compliant to all the design
requirements of an interoperable and federated identity in GCC.
www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
International Case Studies and Benchmarks
• Examine the design aspects of Identity Federation to make a case for an International Cooperation and interoperability across the GCC- especially in the light of the success reported by the STORK Project and the current STORK 2.0 initiative.
Stork > Stork 2.0 >>> GCC???
Single European e-Identification and Authentication
www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
serves as a perfect platform for establishing trust between different entities cutting across borders
National ID Card as enabler for Digital Transactions
www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
Digital ID Issuance, Services & Magmt – GCC Context
www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
Digital Identity – GCC Context
Key to the Digital Identity is the
ownership of the Government ..
www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
Digital Identity – GCC Context
Identity Assurance from the Government need
to be backed by a Legal System and a
National ID Authentication
Framework consisting an Authentication
Gateway delivering ID Verification and
Validation Services with an effective ID
Lifecycle Management.
www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
All this needs now is to ensure that IDs are interoperable and “digitally”
recognized across borders
All GCC countries have their individual Digital ID Systems
GCC Identity Federation: the Missing Piece?
Interoperable ID?
www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
Digital Identity- the GCC Context
National Identity Providers in GCC bloc should extend their services to ACT as a PROXY for each other. This will BRIDGE Identity Providers in a seamless bind for individual digital ID holders across the Identity Providers.
www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
Digital Identity- the GCC Context
Authentication carried out by the Home ID Provider can be passed on as a “token” to another ID provider.
www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
National ID Card & Federated Identity
www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
GCC & Federated Identity
www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
Conclusion: If we really want to get there!
A Federated Identity Service Beneficiaries: 1. User with Digital Identity
2. Service Provider (SP)
Customers of the
Federated Identity
Services!
www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
Understanding Customers Mindsets
A Federated Identity Service Beneficiaries:
Need to define service specifications and reach the delight levels of both ends of the customer spectrum.
www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
The Challenge ..
www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
Conclusion
1. A single PAN GCC Digital Identification and Authentication area
2. GCC e-ID Interoperability Platform that will allow citizens to establish and conduct e-transactions across borders, just by presenting their national e-ID
3. Cross-border user authentication enabling access to education resources, commercial transactions, banking transactions etc.
The benefits from such an Identity Federation scheme are enormous and will take the current economic cooperation of GCC to higher levels.
www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
What could Federated Identity bring to GCC?
1. Knowledge Management Access to Education material for students
across universities
2. Healthcare Management Access to healthcare services and insurance
with a single identification and authentication
3. Government Services
4. IT Transformation Cloud Services Access
www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
Conclusion: Interoperability
• Interoperability will certainly become a precondition backbone for future development efforts, whether its social, economical, political, etc.
• Sustainability will become more associated with interoperability.
• As the world gets more ubiquitously connected, countries, and governments in particular would need to act as such..
• This would be a spinning riddle; conundrum for some(LONG)time until it gets resolved!
www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
Thank you Dr. Ali M. Al-Khouri
Director General | Emirates Identity Authority | UAE www.emiratesid.ae | [email protected] |
Read our recent research from: http://www.emiratesid.gov.ae/ar/media-center/publications.aspx
@DrAliAlKhouri