Una herramienta para la gestin de identidad el

Una herramienta para la gestión de identidad, el control de acceso y uso compatible con la regulación de identidad europea e. IDAS

Main objective Integration of e. ID DSI in the FIWARE platform to grant access to FIWARE services ecosystem by e. ID 2

FIWARE Ecosystem Deployment tools Context Processing, Analysis, Visualization Core Context Management (Context Broker) Interface to Io. T, Robotics and third party systems 3 Data/API Management Publication Monetization A framework of open source platform components which can be assembled together and with other third-party components to accelerate the development of Smart Solutions.

FIWARE Ecosystem Access Control 4

FIWARE Security Generic Enablers • Keyrock – Identity Management – Web Interface and Rest API for managing Identity – OAuth 2. 0 single sign on – Application - scoped roles and permissions management • Wilma – PEP Proxy for securing service backends – OAuth 2. 0 Access Tokens support • Auth. ZForce – Authorization PDP – PAP and PDP Server for managing complex AC policies – XACML-3. 0 standard-compliant 5

OAuth 2. 0 FIWARE services 6

OAuth 2. 0 FIWARE services 7

e. IDAS (electronic IDentification, Authentication and trust Services) is an EU regulation to enable secure and seamless electronic interactions between businesses, citizens and public authorities. e. IDAS country 2 e. IDAS country 1 Service User country 2 e. IDAS country 3 8

e. IDAS-FIWARE Integration • Deploy Id. M Keyrock as gateway between: – FIWARE OAuth 2. 0 -based services – e. IDAS SAML 2. 0 -based node • Attribute mapping on Keyrock • Validation of use cases 9

e. IDAS-FIWARE Integration Authentication IAM Infrastructure SAML flow OAuth 2. 0 requests Service Application e. IDAS Network e. IDAS node 1 Id. P Access-token e. IDAS node 2 User info request Id. P 2 … 10

e. IDAS-FIWARE Integration Id. P Service e. IDAS node 1 e. IDAS node 2 Authentication request Redirect to Id. P Redirect to e. IDAS SAML request Login Delegation if needed SAML response (user attributes) OAuth 2. 0 authorization code - USER CREATION - ATTRIBUTES MAPPING Create token OAuth 2. 0 access token 11

e. IDAS Service registration Keyrock 12

Use cases validation • Mashme. TV videoconferencing system – Private service – Business, e-Learning, e. Health, etc – e. ID link for logging in and personalizing profile (language, billing, etc) • Santander Smart City – Public service – Tourism, traffic, parking, etc. – Enabled adaptation to citizen’s age or nationality 13

Results • Users from 7 different countries have tested the deployed services • And given us their feedback about the experience – Answering a survey 14

Results - Survey answers 15

Conclusions • Ease the connection of FIWARE services with e. IDAS Node • FIWARE services can authenticate real entities • Personal information from e. IDAS for ad-hoc services • Future research integration with self-sovereign identities 16

Una herramienta para la gestión de identidad, el control de acceso y uso compatible con la regulación de identidad europea e. IDAS