Sans objet
Fri Aug 15 23:49:43 UTC 2008
=20
1. I will be present at 22 october at the conference
2. I will give a presentation during the morning workshop: =
Building Trustworthy Architectures Workshop. Topics to adres are:
a. User Centric Authentication Service (Pro=E2=80=99s and Cons)
b. Different alternatives within market (OpenID, SAML, CardSpace)
c. How we are realizing a trustworthy service using A-select.
3. I will be present during the afternoon session focusing on:
a. User centric authentication vs machine to machine =
authentication
b. Attribute sharing and the need for a persistent unique =
identifier
=20
For each presentation I will take about 20 minutes.
=20
Please let me know if this is a correct interpretation
=20
Please let me know so I can prepair on this.
=20
(Just jumping in)
The slot I have open can accommodate an A-Select talk, especially if it =
can be bent slightly towards using open extensions and not just the user =
ID provider function. I am well aware that most organisations see =
A-Select as a single sign-on feature only, but you are totally right =
that it can be much more than that. In TAS3, A-Select is one of the =
potential identity providers.
If there would be any possibility to link it to activities in the =
Liberty Alliance, that would be a certain plus.
Jeroen
2008/10/6 Kick Willemse <K.Willemse at diginotar.nl>
Within our authentication service platform PASS we make use of =
http://a-select.surfnet.nl/
Within this authentication platform there is SAML support, but we still =
use the dedicated aselect protocol.
Within this protocol there are several options to provide additional =
attributes. At the moment most of our customers are only interested in =
getting one attribute (The unique identifier as how the user is =
authenticated within their system)
So this is how it works:
1. Accountant portal makes it possible for their customers to login =
securely using our authentication service
2. The customers clicks on login and is redirected to our pass service
3. The customer authenticates within our service using password, SMS, =
OTP or PKI
4. Our service returns an authenticated OK or Not OK to the account =
portal and also some additional attributes, like the unique =
customernumber
5. The account portal uses the additional attributes to welcome the user =
(Username) and uses the unique customernumber to map to his =
authorization DB.
I could show this process including the way how the customer gets =
registered for our service.
Kick
--=20
dr. ir. Jeroen Hoppenbrouwers
Synergetics NV/SA
Katwilgweg 2 | 2050 Antwerp | Belgium
T(+32)3/210.30.88 | F(+32)3/210.30.86 | M .nl (+31)610089272
M .be (+32)487924895 | VAT BE 0455.690.261
www.synergetics.be | jeroen at synergetics.be
---------------------------------------------
Disclaimer: This email and any files transmitted with it are =
confidential and intended solely for the use of the individual or entity =
to whom they are addressed. If you have received this email in error =
please notify the system manager. Please note that any views or opinions =
presented in this email are solely those of the author and do not =
necessarily represent those of the company. The integrity and security =
of this message cannot be guaranteed without special precautions. GnuPG =
public key http://www.hoppie.nl/pki/f48b3320.asc
------=_NextPart_000_00C0_01C92AEE.C6A847B0
Content-Type: text/html;
charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<html xmlns:v=3D"urn:schemas-microsoft-com:vml" =
xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:x=3D"urn:schemas-microsoft-com:office:excel" =
xmlns:p=3D"urn:schemas-microsoft-com:office:powerpoint" =
xmlns:a=3D"urn:schemas-microsoft-com:office:access" =
xmlns:dt=3D"uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" =
xmlns:s=3D"uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882" =
xmlns:rs=3D"urn:schemas-microsoft-com:rowset" xmlns:z=3D"#RowsetSchema" =
xmlns:b=3D"urn:schemas-microsoft-com:office:publisher" =
xmlns:ss=3D"urn:schemas-microsoft-com:office:spreadsheet" =
xmlns:c=3D"urn:schemas-microsoft-com:office:component:spreadsheet" =
xmlns:odc=3D"urn:schemas-microsoft-com:office:odc" =
xmlns:oa=3D"urn:schemas-microsoft-com:office:activation" =
xmlns:html=3D"http://www.w3.org/TR/REC-html40" =
xmlns:q=3D"http://schemas.xmlsoap.org/soap/envelope/" xmlns:D=3D"DAV:" =
xmlns:x2=3D"http://schemas.microsoft.com/office/excel/2003/xml" =
xmlns:ois=3D"http://schemas.microsoft.com/sharepoint/soap/ois/" =
xmlns:dir=3D"http://schemas.microsoft.com/sharepoint/soap/directory/" =
xmlns:ds=3D"http://www.w3.org/2000/09/xmldsig#" =
xmlns:dsp=3D"http://schemas.microsoft.com/sharepoint/dsp" =
xmlns:udc=3D"http://schemas.microsoft.com/data/udc" =
xmlns:xsd=3D"http://www.w3.org/2001/XMLSchema" =
xmlns:sub=3D"http://schemas.microsoft.com/sharepoint/soap/2002/1/alerts/"=
xmlns:ec=3D"http://www.w3.org/2001/04/xmlenc#" =
xmlns:sp=3D"http://schemas.microsoft.com/sharepoint/" =
xmlns:sps=3D"http://schemas.microsoft.com/sharepoint/soap/" =
xmlns:xsi=3D"http://www.w3.org/2001/XMLSchema-instance" =
xmlns:udcxf=3D"http://schemas.microsoft.com/data/udc/xmlfile" =
xmlns:wf=3D"http://schemas.microsoft.com/sharepoint/soap/workflow/" =
xmlns:mver=3D"http://schemas.openxmlformats.org/markup-compatibility/2006=
" xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" =
xmlns:mrels=3D"http://schemas.openxmlformats.org/package/2006/relationshi=
ps" =
xmlns:ex12t=3D"http://schemas.microsoft.com/exchange/services/2006/types"=
=
xmlns:ex12m=3D"http://schemas.microsoft.com/exchange/services/2006/messag=
es" xmlns:Z=3D"urn:schemas-microsoft-com:" xmlns:st=3D"" =
xmlns=3D"http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=3DContent-Type content=3D"text/html; charset=3Dutf-8">
<meta name=3DGenerator content=3D"Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:36.0pt;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.EmailStyle18
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page Section1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 70.85pt 70.85pt;}
div.Section1
{page:Section1;}
/* List Definitions */
@list l0
{mso-list-id:2053533160;
mso-list-type:hybrid;
mso-list-template-ids:1585203498 68354063 68354073 68354075 68354063 =
68354073 68354075 68354063 68354073 68354075;}
@list l0:level1
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level2
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level3
{mso-level-tab-stop:108.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level4
{mso-level-tab-stop:144.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level5
{mso-level-tab-stop:180.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level6
{mso-level-tab-stop:216.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level7
{mso-level-tab-stop:252.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level8
{mso-level-tab-stop:288.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level9
{mso-level-tab-stop:324.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=3DFR link=3Dblue vlink=3Dpurple>
<div class=3DSection1>
<p class=3DMsoNormal><span lang=3DEN-US =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>All,<o:p></o:p></span></p>
<p class=3DMsoNormal><span lang=3DEN-US =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=3DMsoNormal><span lang=3DEN-US =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>From the different mail conversations I summarize the =
following:<o:p></o:p></span></p>
<p class=3DMsoNormal><span lang=3DEN-US =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=3DMsoListParagraph style=3D'text-indent:-18.0pt;mso-list:l0 =
level1 lfo2'><![if !supportLists]><span
lang=3DEN-US =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><span style=3D'mso-list:Ignore'>1.<span =
style=3D'font:7.0pt "Times New =
Roman"'>
</span></span></span><![endif]><span lang=3DEN-US =
style=3D'font-size:11.0pt;
font-family:"Calibri","sans-serif";color:#1F497D'>I will be present at =
22
october at the conference<o:p></o:p></span></p>
<p class=3DMsoListParagraph style=3D'text-indent:-18.0pt;mso-list:l0 =
level1 lfo2'><![if !supportLists]><span
lang=3DEN-US =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><span style=3D'mso-list:Ignore'>2.<span =
style=3D'font:7.0pt "Times New =
Roman"'>
</span></span></span><![endif]><span lang=3DEN-US =
style=3D'font-size:11.0pt;
font-family:"Calibri","sans-serif";color:#1F497D'>I will give a =
presentation
during the morning workshop: </span><span lang=3DEN-US>Building =
Trustworthy
Architectures Workshop.</span><span lang=3DEN-US =
style=3D'font-size:11.0pt;
font-family:"Calibri","sans-serif";color:#1F497D'> Topics to adres =
are:<o:p></o:p></span></p>
<p class=3DMsoListParagraph =
style=3D'margin-left:72.0pt;text-indent:-18.0pt;
mso-list:l0 level2 lfo2'><![if !supportLists]><span lang=3DEN-US
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497=
D'><span
style=3D'mso-list:Ignore'>a.<span style=3D'font:7.0pt "Times New =
Roman"'>
</span></span></span><![endif]><span lang=3DEN-US =
style=3D'font-size:11.0pt;
font-family:"Calibri","sans-serif";color:#1F497D'>User Centric =
Authentication
Service (Pro=E2=80=99s and Cons)<o:p></o:p></span></p>
<p class=3DMsoListParagraph =
style=3D'margin-left:72.0pt;text-indent:-18.0pt;
mso-list:l0 level2 lfo2'><![if !supportLists]><span lang=3DEN-US
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497=
D'><span
style=3D'mso-list:Ignore'>b.<span style=3D'font:7.0pt "Times New =
Roman"'>
</span></span></span><![endif]><span lang=3DEN-US =
style=3D'font-size:11.0pt;
font-family:"Calibri","sans-serif";color:#1F497D'>Different alternatives =
within
market (OpenID, SAML, CardSpace)<o:p></o:p></span></p>
<p class=3DMsoListParagraph =
style=3D'margin-left:72.0pt;text-indent:-18.0pt;
mso-list:l0 level2 lfo2'><![if !supportLists]><span lang=3DEN-US
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497=
D'><span
style=3D'mso-list:Ignore'>c.<span style=3D'font:7.0pt "Times New =
Roman"'>
</span></span></span><![endif]><span lang=3DEN-US =
style=3D'font-size:11.0pt;
font-family:"Calibri","sans-serif";color:#1F497D'>How we are realizing a
trustworthy service using A-select.<o:p></o:p></span></p>
<p class=3DMsoListParagraph style=3D'text-indent:-18.0pt;mso-list:l0 =
level1 lfo2'><![if !supportLists]><span
lang=3DEN-US =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><span style=3D'mso-list:Ignore'>3.<span =
style=3D'font:7.0pt "Times New =
Roman"'>
</span></span></span><![endif]><span lang=3DEN-US =
style=3D'font-size:11.0pt;
font-family:"Calibri","sans-serif";color:#1F497D'>I will be present =
during the
afternoon session focusing on:<o:p></o:p></span></p>
<p class=3DMsoListParagraph =
style=3D'margin-left:72.0pt;text-indent:-18.0pt;
mso-list:l0 level2 lfo2'><![if !supportLists]><span lang=3DEN-US
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497=
D'><span
style=3D'mso-list:Ignore'>a.<span style=3D'font:7.0pt "Times New =
Roman"'>
</span></span></span><![endif]><span lang=3DEN-US =
style=3D'font-size:11.0pt;
font-family:"Calibri","sans-serif";color:#1F497D'>User centric =
authentication
vs machine to machine authentication<o:p></o:p></span></p>
<p class=3DMsoListParagraph =
style=3D'margin-left:72.0pt;text-indent:-18.0pt;
mso-list:l0 level2 lfo2'><![if !supportLists]><span lang=3DEN-US
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497=
D'><span
style=3D'mso-list:Ignore'>b.<span style=3D'font:7.0pt "Times New =
Roman"'>
</span></span></span><![endif]><span lang=3DEN-US =
style=3D'font-size:11.0pt;
font-family:"Calibri","sans-serif";color:#1F497D'>Attribute sharing and =
the
need for a persistent unique identifier<o:p></o:p></span></p>
<p class=3DMsoNormal><span lang=3DEN-US =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=3DMsoNormal><span lang=3DEN-US =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>For each presentation I will take about 20 =
minutes.<o:p></o:p></span></p>
<p class=3DMsoNormal><span lang=3DEN-US =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=3DMsoNormal><span lang=3DEN-US =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Please let me know if this is a correct =
interpretation<o:p></o:p></span></p>
<p class=3DMsoNormal><span lang=3DEN-US =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=3DMsoNormal><span lang=3DEN-US =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Please let me know so I can prepair on =
this.<o:p></o:p></span></p>
<p class=3DMsoNormal><span lang=3DNL><o:p> </o:p></span></p>
<div>
<div>
<p class=3DMsoNormal><span lang=3DNL>(Just jumping in)<br>
<br>
The slot I have open can accommodate an A-Select talk, especially if it =
can be
bent slightly towards using open extensions and not just the user ID =
provider
function. I am well aware that most organisations see A-Select as a =
single
sign-on feature only, but you are totally right that it can be much more =
than
that. In TAS3, A-Select is one of the potential identity providers.<br>
<br>
If there would be any possibility to link it to activities in the =
Liberty
Alliance, that would be a certain plus.<br>
<br>
<br>
Jeroen<br>
<br>
2008/10/6 Kick Willemse <<a =
href=3D"mailto:K.Willemse at diginotar.nl">K.Willemse at diginotar.nl</a>><o=
:p></o:p></span></p>
<p class=3DMsoNormal><span lang=3DNL>Within our authentication service =
platform
PASS we make use of <a href=3D"http://a-select.surfnet.nl/" =
target=3D"_blank">http://a-select.surfnet.nl/</a><br>
<br>
Within this authentication platform there is SAML support, but we still =
use the
dedicated aselect protocol.<br>
<br>
Within this protocol there are several options to provide additional
attributes. At the moment most of our customers are only interested in =
getting
one attribute (The unique identifier as how the user is authenticated =
within
their system)<br>
<br>
So this is how it works:<br>
<br>
1. Accountant portal makes it possible for their customers to login =
securely
using our authentication service<br>
2. The customers clicks on login and is redirected to our pass =
service<br>
3. The customer authenticates within our service using password, SMS, =
OTP or
PKI<br>
4. Our service returns an authenticated OK or Not OK to the account =
portal and
also some additional attributes, like the unique customernumber<br>
5. The account portal uses the additional attributes to welcome the user
(Username) and uses the unique customernumber to map to his =
authorization DB.<br>
<br>
<br>
I could show this process including the way how the customer gets =
registered
for our service.<o:p></o:p></span></p>
<div>
<p class=3DMsoNormal><span lang=3DNL><br>
Kick<o:p></o:p></span></p>
</div>
</div>
<p class=3DMsoNormal><span lang=3DNL><br>
-- <br>
dr. ir. Jeroen Hoppenbrouwers<br>
<br>
Synergetics NV/SA<br>
Katwilgweg 2 | 2050 Antwerp | Belgium<br>
T(+32)3/210.30.88 | F(+32)3/210.30.86 | M .nl (+31)610089272<br>
M .be (+32)487924895 | VAT BE 0455.690.261<br>
<a href=3D"http://www.synergetics.be">www.synergetics.be</a> | <a
href=3D"mailto:jeroen at synergetics.be">jeroen at synergetics.be</a><br>
---------------------------------------------<br>
Disclaimer: This email and any files transmitted with it are =
confidential and
intended solely for the use of the individual or entity to whom they are
addressed. If you have received this email in error please notify the =
system
manager. Please note that any views or opinions presented in this email =
are
solely those of the author and do not necessarily represent those of the
company. The integrity and security of this message cannot be guaranteed =
without
special precautions. GnuPG public key <a
href=3D"http://www.hoppie.nl/pki/f48b3320.asc">http://www.hoppie.nl/pki/f=
48b3320.asc</a><o:p></o:p></span></p>
</div>
</div>
</body>
</html>
------=_NextPart_000_00C0_01C92AEE.C6A847B0--
More information about the eu
mailing list