STORK 2.0 ETSI Security Week 2015 Thematic Stream eIDAS Arvid Welin (SE) Adam Cooper (UK) Stork 2.0 is an EU co‐funded project INFSO‐ICT‐PSP‐297263 June 25th 2015
STORK 2.0ETSI Security Week 2015Thematic Stream eIDAS
Arvid Welin (SE)Adam Cooper (UK)
Stork 2.0 is an EU co‐funded project INFSO‐ICT‐PSP‐297263
June 25th 2015
STORK 1 Key‐facts
Project that ran from 2008‐2011
National eID federation between:
• 100+ national eID token types
Resulted in:
• Open specifications (SAML 2 + QAA)
• Open source reference implementations
Stork 2.0 is an EU co‐funded project INFSO‐ICT‐PSP‐297263
Borders will open & National online services will improve
CITIZEN
CITIZEN CITIZENCITIZEN
CITIZEN
Stork 2.0 is an EU co‐funded project INFSO‐ICT‐PSP‐297263
Licensing
EUPL for nearly all STORK software
LGPL for Integration Package
• Lesser General Public License
• Free to use, copy (no license fee), just like
Apache
• No copyleft; your code using the STORK code can
be private, just like Apache
• If our source is modified, this modification must
be public
Stork 2.0 is an EU co‐funded project INFSO‐ICT‐PSP‐297263
The STORK 2.0 visionBusiness Processes
Authentication on behalf of:
• Allow access to an application with data of another legal/moral person.
Powers (for digital signature)
• A signature has been received (as part of a contract, commercial proposal,
etc.), and representation powers of signatory should be verified.
Business Attributes
• Attributes proceeding from a certain business sector are to be retrieved
from various Attribute providers.
Stork 2.0 is an EU co‐funded project INFSO‐ICT‐PSP‐297263
STORK attributes
Long‐term Sustainability
• In the framework of the eIDAS regulation.
• STORK infrastructure already maintained by ISA.
• Merge of STORK 2.0 code with STORK code already maintained by DIGIT.
• STORK is a planned building block of the CEF e‐ID solution.
• Adoption and promotion of standards.
With STORK and eSENS Participantswe have a foundation for uptake of CEF and eIDAS
• Austria• Belgium• The Czech Republic• Denmark• Estonia• Finland• France• Germany• Greece• Iceland• Ireland • Italy• Lithuania• Luxembourg
• The Netherlands• Norway• Poland• Portugal• Romania• Slovakia• Slovenia• Spain• Sweden• Switzerland• Turkey• The United Kingdom• European Commission
How do STORK and the eIDAS Regulation fit together?
Technical interoperability: SAML profile, QAA Levels, Minimum person identification dataset,
common terminology, security, technical governance
Stork 2.0 is an EU co‐funded project INFSO‐ICT‐PSP‐297263 9
Stork 2.0 is an EU co‐funded project INFSO‐ICT‐PSP‐297263 10
IDAS node
An agreed set of standards will provide aplatform for interoperability.
11
eIDAS interoperability framework
STORK 1.0 as a baseline: add to this privacy protecting enhancements, specific attributes for
natural and legal persons, and operational security standards
Stork 2.0 is an EU co‐funded project INFSO‐ICT‐PSP‐297263 12
Requirements for standardisation
STORK is built on established international standards: OASIS web SSO, ISO/IEC 27001,
OASIS DSS
Stork 2.0 is an EU co‐funded project INFSO‐ICT‐PSP‐297263 13
STORK 2.0 has helped to create the present day, and may now influence the future of eIDAS:AQAA, domain specific attributes, mandates.
14
Thank you for your attention!www.eid‐stork2.eu
Stork 2.0 is an EU co‐funded project INFSO‐ICT‐PSP‐297263