eIDAS based Applications at University Management - the ... · eCampus Integration Architecture...
Transcript of eIDAS based Applications at University Management - the ... · eCampus Integration Architecture...
![Page 1: eIDAS based Applications at University Management - the ... · eCampus Integration Architecture (GeID,…) • Integration of eGovernment-Standards @ University Campus Management](https://reader033.fdocuments.net/reader033/viewer/2022050522/5fa56a3b3a71876d7e13f538/html5/thumbnails/1.jpg)
eIDAS based Applications at UniversityManagement - the cross-boarder way (EU)
H. Strack, A. Schmidt, F. Schmidsberger, S. Wefel
6.6.2018, EUNIS 2018
Sorbonne University, Paris(Foliensatz angepasst)
Seite 1
Netlab/Hochschule Harz
H. Strack, A. Schmidt, F. Schmidsberger, S. Wefel
6.6.2018, EUNIS 2018
Sorbonne University, Paris(Foliensatz angepasst)
H. Strack
Connecting Europe FacilityTREATS (TRans-European AuThentication Services)Action-No: 2015-DE-IA-0065StudIES+ (Student‘s Identification and Electronic Signature Services)Action No. 2017-DE-IA-0022
![Page 2: eIDAS based Applications at University Management - the ... · eCampus Integration Architecture (GeID,…) • Integration of eGovernment-Standards @ University Campus Management](https://reader033.fdocuments.net/reader033/viewer/2022050522/5fa56a3b3a71876d7e13f538/html5/thumbnails/2.jpg)
Agenda
WAYF
Projects: Campus/Scampii: Security- & E-Gov.-Standards @ University (GeID) GeID at Universities – cross domain eIDAS at Universities – cross boarder: TREATS/StudIES+ (EU CEF)
Conclusions/Outlook
Seite 2
Netlab/Hochschule Harz
H.Strack
WAYF
Projects: Campus/Scampii: Security- & E-Gov.-Standards @ University (GeID) GeID at Universities – cross domain eIDAS at Universities – cross boarder: TREATS/StudIES+ (EU CEF)
Conclusions/Outlook
![Page 3: eIDAS based Applications at University Management - the ... · eCampus Integration Architecture (GeID,…) • Integration of eGovernment-Standards @ University Campus Management](https://reader033.fdocuments.net/reader033/viewer/2022050522/5fa56a3b3a71876d7e13f538/html5/thumbnails/3.jpg)
HZU & MLU & OVGU- Faculties/Institutes/Research Groups:
• Automation and Computer Science (HZU)
• Institute for Computer Science (MLU)
• Arbeitsgruppe Multimedia and Security (AMSL)
- Research Cooperation at IT-Security• IT-Security (Saxony-Anhalt) research and cooperation
• Federal State & Local State (Saxony-Anhalt) Funding
Seite 3
Netlab/Hochschule Harz
Halle/ Wittenberg
![Page 4: eIDAS based Applications at University Management - the ... · eCampus Integration Architecture (GeID,…) • Integration of eGovernment-Standards @ University Campus Management](https://reader033.fdocuments.net/reader033/viewer/2022050522/5fa56a3b3a71876d7e13f538/html5/thumbnails/4.jpg)
ServiceproviderCitizen
(G)eID at University ManagementGeID skeleton, Motivation, national projects
- 2-Fact.-Authent. & 2x-end2end- nontracable eID / privacy- Bercert mandates eID fields 4 SP- decentralized eID services/server- Form access by GeIDC at public
SP will meet QES Sign. Level- 8/2017: eIDAS notification „high“
Browser
Ausweis-App2
Webserver
eID-Server
German electronic Identity Card (GeIDC),>= 55 Mill. Rollout 2018
12
3 BerCert[BSI/BMI]
Seite 4
Netlab/Hochschule Harz
- 2-Fact.-Authent. & 2x-end2end- nontracable eID / privacy- Bercert mandates eID fields 4 SP- decentralized eID services/server- Form access by GeIDC at public
SP will meet QES Sign. Level- 8/2017: eIDAS notification „high“
Ausweis-App2
eID-Server
GeID Uni. integration - what's about:- Existing legacy Uni. ID/credentials ?- Uni.cross domain extension ?- eIDAS cross boarder extension ?
CA, PK,Restricted lists
3
4
BerCert[BSI/BMI]
BerCert), GeIDDomain & eID purpose specificcertificate (Berechtigungszertifi-kat BerCert), acc. 2 GeID Law,Control by Federal Agency BVA
![Page 5: eIDAS based Applications at University Management - the ... · eCampus Integration Architecture (GeID,…) • Integration of eGovernment-Standards @ University Campus Management](https://reader033.fdocuments.net/reader033/viewer/2022050522/5fa56a3b3a71876d7e13f538/html5/thumbnails/5.jpg)
eCampus Integration Architecture (GeID,…)
• Integration of eGovernment-Standards@ University Campus Management &electronic Processes (for Security, Trust)by eCampus Security Shell Architecture
• e.g.GeIDC for Authentication,OSCI for secure delivery,QES Signature
• Projects Funding:EU & Federal/Local State (DE)
Seite 5
Netlab/Hochschule Harz
• Integration of eGovernment-Standards@ University Campus Management &electronic Processes (for Security, Trust)by eCampus Security Shell Architecture
• e.g.GeIDC for Authentication,OSCI for secure delivery,QES Signature
• Projects Funding:EU & Federal/Local State (DE)
EFRE-Massn.11.03/41.03, FKZ: 11.03-08-03
![Page 6: eIDAS based Applications at University Management - the ... · eCampus Integration Architecture (GeID,…) • Integration of eGovernment-Standards @ University Campus Management](https://reader033.fdocuments.net/reader033/viewer/2022050522/5fa56a3b3a71876d7e13f538/html5/thumbnails/6.jpg)
eTestate - Access by GeID to Lab Exc.
• Student: auth. Access by GeID to Lab Exercises• Lecturer: marking/grading via QES/OSCI to HIS/Legacy by Sec. Gateways
Seite 6
Netlab/Hochschule Harz
![Page 7: eIDAS based Applications at University Management - the ... · eCampus Integration Architecture (GeID,…) • Integration of eGovernment-Standards @ University Campus Management](https://reader033.fdocuments.net/reader033/viewer/2022050522/5fa56a3b3a71876d7e13f538/html5/thumbnails/7.jpg)
eCollabSec – secured Collaboration PlatformAuth./Access by GeID
Seite 7
Netlab/Hochschule Harz
![Page 8: eIDAS based Applications at University Management - the ... · eCampus Integration Architecture (GeID,…) • Integration of eGovernment-Standards @ University Campus Management](https://reader033.fdocuments.net/reader033/viewer/2022050522/5fa56a3b3a71876d7e13f538/html5/thumbnails/8.jpg)
eCollabSecTelesignature for docs – by GeID Access
Seite 8
Netlab/Hochschule Harz
![Page 9: eIDAS based Applications at University Management - the ... · eCampus Integration Architecture (GeID,…) • Integration of eGovernment-Standards @ University Campus Management](https://reader033.fdocuments.net/reader033/viewer/2022050522/5fa56a3b3a71876d7e13f538/html5/thumbnails/9.jpg)
MyCredentialsMobile Req./Resp. for new Credentials (GeID)
Seite 9
Netlab/Hochschule Harz
![Page 10: eIDAS based Applications at University Management - the ... · eCampus Integration Architecture (GeID,…) • Integration of eGovernment-Standards @ University Campus Management](https://reader033.fdocuments.net/reader033/viewer/2022050522/5fa56a3b3a71876d7e13f538/html5/thumbnails/10.jpg)
GeID at UniversitiesCross domain challenges
• BerCert for each University required (University Autonomy)• Adjustments of University Law prepared (Saxony-Anhalt) – sharing eID infrastr.
Seite 10
Netlab/Hochschule Harz
![Page 11: eIDAS based Applications at University Management - the ... · eCampus Integration Architecture (GeID,…) • Integration of eGovernment-Standards @ University Campus Management](https://reader033.fdocuments.net/reader033/viewer/2022050522/5fa56a3b3a71876d7e13f538/html5/thumbnails/11.jpg)
GeID/eIDAS at Universities ManagementGeID proxy for cross domain university access (HSZ-MLU)
StudIP at MLU
MLU-Proxy
eID-server(Governikus)
5. redirectto eID-server
6. authenticate chip on nPA and terminal
7. encrypted data from nPA
8. transportencrypted datafrom nPABrowser
eID-client
3. starteID-client
9. endeID
10. transfer data fromnPA to StudIP
Firewall
User at MLU
HSHarz(Certificated Service)
Seite 11
Netlab/Hochschule Harz
StudIP at MLU
MLU-Proxy
eID-server(Governikus)
5. redirectto eID-server
6. authenticate chip on nPA and terminal
7. encrypted data from nPA
8. transportencrypted datafrom nPABrowser
eID-client
3. starteID-client
9. endeID
10. transfer data fromnPA to StudIP
Firewall
User at MLU
HSHarz(Certificated Service)
![Page 12: eIDAS based Applications at University Management - the ... · eCampus Integration Architecture (GeID,…) • Integration of eGovernment-Standards @ University Campus Management](https://reader033.fdocuments.net/reader033/viewer/2022050522/5fa56a3b3a71876d7e13f538/html5/thumbnails/12.jpg)
eIDAS @ University Management
Seite 12
Netlab/Hochschule Harz
eIDAS @ University Management
H.Strack
![Page 13: eIDAS based Applications at University Management - the ... · eCampus Integration Architecture (GeID,…) • Integration of eGovernment-Standards @ University Campus Management](https://reader033.fdocuments.net/reader033/viewer/2022050522/5fa56a3b3a71876d7e13f538/html5/thumbnails/13.jpg)
eIDAS @ Universities – „saving the missing donut“ ?
Extension of the eID Access Topology (D): the cross-boarder way (EU, interop.)
Uni-ID/Cred.
Seite 13
Netlab/Hochschule Harz
H.Strack
eID/PA eID/PA+eAT eID/PA+eAT+eIDAS
[BSI/BMI]
![Page 14: eIDAS based Applications at University Management - the ... · eCampus Integration Architecture (GeID,…) • Integration of eGovernment-Standards @ University Campus Management](https://reader033.fdocuments.net/reader033/viewer/2022050522/5fa56a3b3a71876d7e13f538/html5/thumbnails/14.jpg)
TREATS – TRansEuropean Authentication Service (eIDAS)
Seite 14
Netlab/Hochschule Harz
H.Strack
HS-Harz - eIDAS extended Applications (3 * APEX) :Student Mobility, Research, Local Appl.-Infrastruct.
EU „MS boarder“
[EU/eIDAS, based on STORK]
![Page 15: eIDAS based Applications at University Management - the ... · eCampus Integration Architecture (GeID,…) • Integration of eGovernment-Standards @ University Campus Management](https://reader033.fdocuments.net/reader033/viewer/2022050522/5fa56a3b3a71876d7e13f538/html5/thumbnails/15.jpg)
TREATS – eIDAS eID Server/Service extension
Seite 15
Netlab/Hochschule Harz
H.Strack
TREATS workshop @ Berlin 8.6.2017: http://netlab.hs-harz.de/TREATSWS/
![Page 16: eIDAS based Applications at University Management - the ... · eCampus Integration Architecture (GeID,…) • Integration of eGovernment-Standards @ University Campus Management](https://reader033.fdocuments.net/reader033/viewer/2022050522/5fa56a3b3a71876d7e13f538/html5/thumbnails/16.jpg)
MyResearch: eIDAS eID Extension & System/Process Integration
Connecting Europe FacilityTREATS (TRans-European AuThentication Services)Project-No: 2015-DE-IA-0065
eID/eIDAS minimal data set:
Seite 16
Netlab/Hochschule Harz
H.Strack
[BSI, Bender, 2017]
- eIDAS Uni.ID integration:shell architecture
- eIDAS-Signature:out of project scope
![Page 17: eIDAS based Applications at University Management - the ... · eCampus Integration Architecture (GeID,…) • Integration of eGovernment-Standards @ University Campus Management](https://reader033.fdocuments.net/reader033/viewer/2022050522/5fa56a3b3a71876d7e13f538/html5/thumbnails/17.jpg)
StudIES+ (EU CEF)Objectives
StudIES+ as a distributed platform
• will facilitate the mobility of students in the European Union
• build trust for secure e-services among students
• will incorporate digital services for Higher Education Institutions (HEIs) students
• services will be accessible via
– eID (including eIDAS eID) and
– derived eIDs (Erasmus Student eCard) as well as provide
– eSignature/eSeal/time stamp services that rely on DSS for eSignaturegeneration and verification.
• Digital Transaction Management (DTM) platform will be connected to theStudIES+ platform in order to offer a platform for eSigned document exchangebetween students, HEI, HEI services organisations on the one hand and businesseson the other hand.
• Secure exchange of the documents will also be ensured by deploying securedocument exchange (ePROSECAL) and notarization platform/services (eNOTAR)
Seite 17
Netlab/Hochschule Harz
H.Strack
StudIES+ as a distributed platform
• will facilitate the mobility of students in the European Union
• build trust for secure e-services among students
• will incorporate digital services for Higher Education Institutions (HEIs) students
• services will be accessible via
– eID (including eIDAS eID) and
– derived eIDs (Erasmus Student eCard) as well as provide
– eSignature/eSeal/time stamp services that rely on DSS for eSignaturegeneration and verification.
• Digital Transaction Management (DTM) platform will be connected to theStudIES+ platform in order to offer a platform for eSigned document exchangebetween students, HEI, HEI services organisations on the one hand and businesseson the other hand.
• Secure exchange of the documents will also be ensured by deploying securedocument exchange (ePROSECAL) and notarization platform/services (eNOTAR)
![Page 18: eIDAS based Applications at University Management - the ... · eCampus Integration Architecture (GeID,…) • Integration of eGovernment-Standards @ University Campus Management](https://reader033.fdocuments.net/reader033/viewer/2022050522/5fa56a3b3a71876d7e13f538/html5/thumbnails/18.jpg)
StudIES+ (Student‘s Identification and Electronic Signature Services)
Consortium Project Scope:
HS Harz Part – Application Scope e.g.:- MyCredentials YourCredentials (signed)- …eNotar-platform/services (sign. integration)- …MyPracticum, MyDiploma, MyToR …
Seite 18
Netlab/Hochschule Harz
H.Strack
![Page 19: eIDAS based Applications at University Management - the ... · eCampus Integration Architecture (GeID,…) • Integration of eGovernment-Standards @ University Campus Management](https://reader033.fdocuments.net/reader033/viewer/2022050522/5fa56a3b3a71876d7e13f538/html5/thumbnails/19.jpg)
StudIESStudIES++--PartnerPartner -- News, OutlookNews, Outlook- 12/2017: Gotenborg Declaration (EU): eID-4-Students- 03/2018: Kickoff StudIES+- 03/2018: eIDAS & Student projects @ EU (1)- 05/2018: Hochschulstart.de + netlab @DUO NL- 06/2018: eIDAS & Student projects @ EU (2)
- longterm outlook:eQualication @ eID-Service-Konto
Seite 19
Netlab/Hochschule Harz
H.Strack
- 12/2017: Gotenborg Declaration (EU): eID-4-Students- 03/2018: Kickoff StudIES+- 03/2018: eIDAS & Student projects @ EU (1)- 05/2018: Hochschulstart.de + netlab @DUO NL- 06/2018: eIDAS & Student projects @ EU (2)
- longterm outlook:eQualication @ eID-Service-Konto
Lead: Francotyp-Postalia
![Page 20: eIDAS based Applications at University Management - the ... · eCampus Integration Architecture (GeID,…) • Integration of eGovernment-Standards @ University Campus Management](https://reader033.fdocuments.net/reader033/viewer/2022050522/5fa56a3b3a71876d7e13f538/html5/thumbnails/20.jpg)
Prof. Dr. H. StrackHochschule Harz, FB AI, netlabFriedrichstr. 57-5938855 Wernigerode
Tel: +49 3943 659 341Mail: [email protected]
http://netlab.hs-harz.de/research/secinfpro-geo/http://netlab.hs-harz.de/research/http://netlab.hs-harz.de/TREATSWS/
Thanks for your kind AttentionQuestions, R&D-Coop.
Seite 20
Netlab/Hochschule Harz
Prof. Dr. H. StrackHochschule Harz, FB AI, netlabFriedrichstr. 57-5938855 Wernigerode
Tel: +49 3943 659 341Mail: [email protected]
http://netlab.hs-harz.de/research/secinfpro-geo/http://netlab.hs-harz.de/research/http://netlab.hs-harz.de/TREATSWS/
H.Strack