1 / 14

Enabling Altinn for foreign users – the long-term scenario

Enabling Altinn for foreign users – the long-term scenario. Jon Ølnes, jon.olnes@difi.no Difi – Agency for Public Management and eGovernment, Norway Workshop, Altinn, Oslo 13 th October 2011. Authenticating (with attributes) foreign user – step 1, initiating STORK.

laban
Download Presentation

Enabling Altinn for foreign users – the long-term scenario

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Enabling Altinn for foreign users – the long-term scenario Jon Ølnes, jon.olnes@difi.no Difi – Agency for Public Management and eGovernment, Norway Workshop, Altinn, Oslo 13th October 2011

  2. Authenticating (with attributes) foreign user – step 1, initiating STORK Public agency, service owner Service in Altinn Altinn service platform Altinn portal Request authentication with selected attributes ID-porten authentication portal Norwegian PEPS, STORK system New user, must register Foreign user, which country? Foreign user Foreign user To home country

  3. STORK authentication and attributes process flow PEPS approach Middleware approach not described here ID-porten not shown • User (from Belgium) – Altinn (in Norway) • User –> (via ID-porten to) Norwegian PEPS, asks “where are you from” –> Belgian PEPS –> Authentication Portal in Belgium • User authenticates in Belgium using “local” eID • Belgian PEPS (or Authentication Portal) may add attributes (from Attribute Providers) • SAML token with ID and attributes from Belgian PEPS –> Norwegian PEPS, to ID-porten, transforms to Norwegian SAML –> Service Provider • User authenticated to service, attributes delivered

  4. STORK attributes • eIdentifier • Given Name • Surname • Inherited Family Name • Adopted Family Name • Gender • Date of Birth • Country of birth • Residence Permit • Nationality • Marital Status • Residence Address • Text • Canonical • eMail Address • Title • Pseudonym • Age • IsAgedOver

  5. Authenticating (with attributes) foreign user – step 2, STORK response Public agency, service owner Service in Altinn Altinn service platform Altinn portal ID-porten authentication portal Norwegian PEPS, STORK system User registration, pre-filled form from attributes Modified ID-porten SAML with foreign identifier and attributes Foreign user From home country PEPS

  6. Mapping foreign identifier to D-number Public agency, service owner Service in Altinn Altinn service platform Register of Business Enterprises Population Register Altinn portal ID-porten authentication portal SAML with D-number and possibly attributes New user: Request D-number and establish mapping from foreign identifier – attributes may be used Existing user: Map foreign identifier to D-number Update based on D-number Authenticated foreign user, possibly with attributes Foreign user From home country PEPS

  7. Handling documents signed by foreign users Public agency, service owner WS interface Service in Altinn Altinn service platform Altinn portal Process signature in Altinn Assess eID validity and quality Upload signed document(s) for service Foreign user

  8. Validation Service from PEPPOL specs. Official EU system –in place but with some deficiencies … Qualified CAs … Other CAs OCSP (or CRL) XKMS XKMS Web Service, eID validation Response signed by ”local” VS Signer’s CA Trust status list service Validation Service Signer Validation Service Country 1 Altinn Norway

  9. Sending document to foreign user in Altinn Public agency, service owner WS interface User’s message box in Altinn Altinn service platform Authenticated user, foreign identifier Altinn portal Request authentication (no attributes) ID-porten authentication portal Norwegian PEPS, STORK system eSignature verification Foreign user Agency signs response and uploads to Altinn User logs on to retrieve message Foreign user, which country? Foreign user To home country

  10. Sending to foreign user via transport infrastructure Public agency, service owner WS interface User’s message box in Altinn Altinn service platform Service Metadata Publisher Service Metadata Locator Altinn portal Altinn Access Point PEPPOL Transport Infrastructure (BusDoX) Country B User’s message box in home country Log on in home country to retrieve eSignature verification Message routing Agency signs response and uploads to Altinn User’s profile set to forwarding Access Point, secure delivery, user’s home country Foreign user

  11. Receive signed document from user via infrastructure Public agency, service owner Public agency’s message box in Altinn WS interface Altinn service platform Service Metadata Publisher Service Metadata Locator Altinn portal Altinn Access Point PEPPOL Transport Infrastructure (BusDoX) Country B User’s message box in home country Message routing eSignature verification Signed document from user (e.g. receipt confirmation) Access Point, secure delivery, user’s home country Foreign user

  12. Authenticating (with attributes) Norwegian user to foreign service Register of Business Enterprises Other attribute sources Population Register ID-porten authentication portal Norwegian PEPS, STORK system Authenticate using Norwegian eID STORK Attribute Providers Authenticated user with attributes Norwegian user from service (via PEPS) in other country Norwegian user

  13. Authenticating (with attributes) Norwegian user to Altinn Public agency, service owner Service in Altinn Altinn service platform Register of Business Enterprises Population Register Altinn portal ID-porten authentication portal New user, must register User registration, pre-filled form from attributes Authenticate using Norwegian eID Attribute Providers Request authentication with selected attributes Return SAML token with selected attributes Norwegian user

More Related