Professional Documents
Culture Documents
D4.15
Commercially Packaged Software
Final
PU
September 30th, 2015
Work Package :
Organization name of lead contractor for
this deliverable :
Author(s):
Partner(s) contributing :
WP4
MINHAP
WP4 core team
ALL
Abstract: This document presents an overview of STORK 2.0 for new MS, in order to allow them to get
acquainted quickly with the history of STORK, the reasons for connecting, its architecture and
procedures. It ends with a cookbook which explains the steps to establish yourself as a STORK 2.0
enabled MS and a readers suggestion for full information.
Project co-funded by the European Community under the ICT Policy Support Programme
Copyright by the STORK 2.0 Consortium
History
Version
Date
Modification reason
15/07/2011
0.1
28/08/2015
John Heppe
0.2
10/10/2015
Quality check
ATOS
0.3
15/10/2015
0.4
15/10/2015
Final
21/10/2015
Final deliverable
0.0
Modified by
ATOS
2|Page
Table of contents
History............................................................................................................................. 2
Table of contents ............................................................................................................. 3
List of figures ................................................................................................................... 5
List of tables .................................................................................................................... 6
List of abbreviations ......................................................................................................... 7
1
Introduction ............................................................................................................. 8
History ..................................................................................................................... 9
2.1 Cross border use of eID .................................................................................................. 9
2.2 STORK architectures ....................................................................................................... 9
2.3 Variety of eIDs and their quality................................................................................... 10
4.10
4.11
Governance ............................................................................................................ 21
5.1 Billing and pricing ......................................................................................................... 21
5.2 Support ......................................................................................................................... 21
5.3 Change control ............................................................................................................. 22
5.4 Version control ............................................................................................................. 22
5.5 Relationship with your national service providers ....................................................... 23
5.6 Testing and Going Live.................................................................................................. 24
6.1.2
6.1.3
6.2.2
6.2.3
6.2.4
Anonymity ................................................................................................................ 27
References ............................................................................................................. 33
4|Page
List of figures
Figure 1 PEPS and its interfaces ..................................................................................... 14
Figure 2 Two PEPSes communicating ............................................................................. 14
Figure 3 PEPS interfaces which may be personalised....................................................... 15
Figure 4 V-IDP internal structure .................................................................................... 15
Figure 5 V-IDP Communicates with a PEPS ..................................................................... 15
Figure 6 PEPSes and V-IDPs in Europe............................................................................. 17
Figure 7 PEPS-PEPS communication structure ................................................................ 18
Figure 8 PEPS-V-IDP communication structure ............................................................... 18
Figure 9 Estimated Gantt chart ...................................................................................... 28
5|Page
List of tables
Table 1 : STORK vs eIDAS evaluation ................................................................................. 13
Table 2: PEPS vs MW evaluation ....................................................................................... 17
Table 3: Documents to read .............................................................................................. 32
6|Page
List of abbreviations
AP
Attribute Provider
A-PEPS
AQAA
AUB
Authentication on behalf of
C-PEPS
Citizen PEPS
CRL
CSR
eID
Electronic Identity
EU
European Union
IDP
Identity Provider
LSP
MS
MW
MiddleWare
OASIS DSS
OCSP
PAdES
PEPPOL
PEPS
PKI
QAA
SAML
SP
Service Provider
S-PEPS
STORK 2.0
VCF
V-IDP
XAdES
7|Page
Introduction
This document presents an overview of STORK 2.0 for new Member States which consider or
have decided to connect to the STORK 2.0 platform. Its objective is presenting a quick view of
what STORK 2.0 is and how it works, thus those countries may avoid reading the complete
documentation. For complete information, these documents are still relevant and valid, but a
quick overview is considered a welcome complement.
The STORK 2.0 overview is meant for new Member States, therefore it focuses on what
STORK 2.0 is, its internal structure, integration of national specific functionalities, etc., as well
as agreed procedures for governance, update and maintenance.
It does not contain technical or very detailed information; it is not meant as a reference
manual.
This document presents a brief history of STORK, the structure of the platform and
collaboration and communication mechanisms. Finally it includes the cookbook with the
recipes to establish yourself as a STORK connected MS and a recommendation of most
important documents.
8|Page
History
Since decades, the different EU Member States have invested large amounts of money in
building their own identity systems, often including citizen cards. Modernisation of those
physical credentials led to the inclusion of electronic identity in those tokens.
In some other Member States also businesses, especially banks, have also invested in building
electronic identification system based on strong authentication means, especially PKI.
Such electronic identity systems were frequently of little use: there were few applications
which allowed people to use their credentials to access their own information. But, as time
passed by, the number of applications increased constantly, especially since the EU published
its services directive and its implementations in the different Member States.
9|Page
Some countries saw serious problems in such a gateway, legal, liability and security problems,
as well as compatibility problems with their decentralised national Middleware 2 architecture.
Basically this decentralised architecture implies that each Service Provider has a software
installed (sometimes referred to as SPware), which interacts with the users credential
through some middleware installed at the users PC.
A direct communication between SP and the user directly using MS-specific SPwares is for
several reasons not scalable and a problem for trust in a cross border scenario: first of all, you
cant expect all European service providers to support an increasing number of interfaces to
SPwares from each country, with all corresponding maintenance consequences. In the second
place, you can not really expect thousands of Service Providers to update their trusted
(ID)servers list every time a new ID provider is recognised in any of these MW countries, and
including them in the ways to verify the validity of the presented credentials.
So an abstraction layer was put above the SPwares enabling the SP to support any number of
SPwares using a unified interface and put into a single component, which is called a Virtual
IDP, or V-IDP. This V-IDP has the same objectives as a PEPS: to hide the national problems for
the other Member States, and to be an anchor of trust which allows to leverage the national
circle of trust to the Europe. The main difference is the location: it is supposed to be located
as close as possible to the SP, thus enabling true end-to-end communication between SP and
user, but also enabling usage of or location beside national gateways, depending on each
countrys decision.
As far as architectures are concerned the conceptual interoperability model is explained in
D5.1. This model explains how these 2 models can interoperate.
Please note that this is the name given to this approach. Client middleware is also required for e.g.
the access to crypto cards in PEPS countries.
10 | P a g e
Thus the STORK project has defined a QAA, Quality of Authentication Assurance, which on a
scale from 1-4 expresses this quality. This number takes all 7 underlying factors into account
in both the registration and issuing procedure as well as the quality of the credential itself.
In the STORK 2.0 project these QAA categories were found to be insufficient to cover
additional attributes, so this model has been extended with an Attribute-QAA, or AQAA.
11 | P a g e
The trend in Europe is to have more Europe, more citizens having cross-border business,
work, holidays, etc. Along with this trend, governments should support cross-border
interactions with foreign European governments, to facilitate the management of required
procedures by the user from his home.
Another reason is to give more value to your credentials. The design and deployment of the
citizen card has been a big investment, and the more usage you can offer, the better the
return of the investment.
eIDAS
Also
alerts
to
systems
administrators are supported.
Legal
person Legal person information and Only direct mandates supported.
information
corresponding mandates are Retrieval of such information is not
implemented. The common code common code.
offers one standard solution for
the retrieval of such information.
Cross-border retrieval of this
information is supported.
Multiple cross Attributes can be retrieved from Only the citizens home country is
different countries.
border support
supported
Cross
border Cross border signatures on XML,
signatures
pdf and any other data (XadES,
PadES and CadES) is supported.
12 | P a g e
Maintenance
After the project finishes, the The code is being maintained by the
maintenance will be taken over EC General Directorate for IT (DIGIT)
by the eSENS project
Table 1 : STORK vs eIDAS evaluation
Please note that the communication protocol is very similar, but not compatible.
Although previous table would recommend you to adopt STORK 2.0 rather than eIDAS, due to
its better adoption and improved functionalities, it is also quite clear that the future number
of countries and the legal support of eIDAS will be an important factor.
In fact, a convergence is foreseen between these two. As a summary, STORK 2.0 is
recommended if you want a quick and complete solution without legal basis. A quick and
limited solution with a legal basis is the eIDAS one, available from autumn 2015. A complete
solution with legal basis will take some time.
13 | P a g e
A PEPS connects its national eID infrastructure to foreign service providers, as well as its
national service providers to foreign eID infrastructure. To be able to use such eID
infrastructure, the user plays an important role; without her/his participation theres no way
to get data exchanged. Thus a PEPS has 4 interfaces, as made clear in the following diagram:
National eID interface
Service
Provider
Interface
PEPS
Colleague
interface
User
Interface
S-PEPS
C-PEPS
Service
Provider
Interface
Thus one of the two PEPSes has the role of S-PEPS, attending requests from Service Providers,
in the SP country, the other one has the role of C-PEPS, taking care of the interface with the
citizen, in citizens country. This last role also assumes the interface with eID provisioning and
possible additional Attribute Providers.
Please note that, even though the redirection from SP to the C-PEPS goes twice through the
users browser and through the S-PEPS, these intermediate steps are transparent for the user.
These roles, S-PEPS and C-PEPS can also be seen within the structure of the PEPS software
and the connectors to be interrogated. Normally, in one cross-border transaction, a PEPS will
only assume one of these roles; only if SP country and citizen country are the same, this PEPS
would assume both roles. But this scenario is not cross-border, so outside STORKs scope, and
in some countries would not work.
14 | P a g e
Of course, the PEPS is designed to be adapted to whatever your country may need, so for
each of these interfaces standard examples are included, which may or should be
personalised or substituted by the software of your needs. In the diagram just below this text,
the Member State where the Service Provider is located may determine the specifications for
his SP interface, the citizens Member State will personalise the user interface (at least to
national language) as well as the interface with the national eID infrastructure.
User
Interface
Colleague
interface
S-PEPS
C-PEPS
Service
Provider
Interface
STORK not only included the common software; it also included the integration and testing
tools. All these tools implement the common communication standard at national level, as a
consequence most countries have implemented this standard nationally.
DE
C-PEPS
These pieces of software allow the system to behave like a C-PEPS or S-PEPS when
communicating with the rest of Europe, but also as an AT / DE service provider or eID
provider, depending on its usage. When communicating with PEPSes, exactly the same
protocol is used as the one used between PEPSes.
C-PEPS
S-PEPS
DE
C-PEPS
15 | P a g e
MW
Scalability:
We may foresee the need for Fully Scalable.
more
users, cryptographic hardware (HSM) in
more
the PEPS
transactions
Scalability:
Mobility
16 | P a g e
high availability.
Table 2: PEPS vs MW evaluation
The MW architecture looks like easier, as you do not exploit your own hardware.
Furthermore, it has better guarantees for security: it allows you to build tunnels from the
users crypto-card to the endpoint of communication, immune to infection of the users PC.
On the other hand it has a more problematic procedure on changes of parameters and
software, as these need the collaboration of each of the involved countries. This limits in
practice the scalability of new ID providers, and new countries, and limits the flexibility with
additional attributes.
MS A
MS B
SP
IDP
IDP
SP
VIDP
PEPS
PEPS
IDP
VIDP
STORK
Layer of Trust
VIDP
DE
VIDP
SP
VIDP
SP
SP
AT
VIDP
SP
SP
17 | P a g e
In case of MW countries this scheme is of course very similar; just the national node is located
in the other country, and optionally the SP can also have a V-IDP.
STORK
node V-IDP
18 | P a g e
process is implemented in the following way: the data is signed by the authority, and
these signed data are given to the user. This procedure is very similar to the
authorities giving the user an official document like a passport, which the user may
present to others, like the customs office. As the data are signed, the user may not
exclude any item.
Also both consents may be requested. In some cases intermediate consent may be
advisable: if data are retrieved from external sources others then the credential, such consent
should be considered.
20 | P a g e
Governance
5.2 Support
During the lifetime of the STORK 2.0 project, a Change Control and
Support Procedure was accepted, which in the first place describes
the support organisations. Please remind that STORK 2.0 is a
platform integrating systems of many organisations, and each of
these organisations may (will) have their own support organisation;
normally even organised for information systems, and not for the
complete organisation. Thus many of such organisations need to
have a common understanding of how support of the platform is organised.
In general we may expect that, if they experience any problem, the users will contact the
service provider who has STORK integrated. So if this service provider can not solve the issue,
he(she) will have to contact his local STORK representative. If this representative cant solve
21 | P a g e
the problem, he(she) will get into contact with the representative of the country the user is
from, which on his turn could need the help from the eID provider or attribute provider.
Each representative has a list of contacts, as well the STORK national partners (Service
Providers, ID providers and Attribute Providers), as the international partners: the STORK
support colleagues.
In general, this STORK second line support has an availability of 8x5, excluding official bank
holidays. This support is in general available, also if there iss no problem of a user; you can
also count on it if you have problems installing or integrating the STORK 2.0 common
software.
After STORK1, DIGIT took up the maintenance of the common code, and later on the technical
workgroups of eIDAS have taken up the responsibility for the maintenance of the
specifications. After a transition period, the final responsibility is foreseen to be layed at DIGIT
and the technical workgroups of eIDAS.
22 | P a g e
24 | P a g e
25 | P a g e
provided)
2. Integrate the national SP protocols at the S-PEPS national interface (cf.Figure 2) 4
3. Communicate its S-PEPS parameters (addresses, SAML signers, etc.) to the partner
MS
If the MW model is chosen the country needs to
1. Implement SP-connector plug-on for the V-IDP MARS components (cf. Figure 4)
2. Deploy this connector at each V-IDP attending SPs.
Integrate the SPware into his application (part of the integration package)
Of course, a country opts for either or both cases 6.1.1 and 6.1.2/6.1.3. The combination of
the steps described needs to be carried out then. Please note that, even though the actors
are different, 6.1.2 and 6.1.3 should be done together; one does not make sense without the
other.
Integrate the V-IDP into his application (part of the integration package)
Most countries implement just the STORK protocol, without any change. This is the easiest and
existing solution if you start from scratch. If needed you may implement other protocols instead
26 | P a g e
The user electronically agrees on a contract with the service provider; this pdf document
is to be signed electronically.
The first application uses the XAdES format, the second one uses PAdES. In agreement with
the EC Decision on signature formats, also CAdES is supported.
As documents can be huge, the platform implements a Document Transport Layer, which,
contrary to the normal STORK flows through the users broswer, uses a direct server to server
communication.
In order to request and receive PAdES and CAdES signatures, this Document transport layer
must be present, at the service provider and the SPs PEPS.
In order to produce signatures, your national signature solution should be integrated with the
PEPS signature function. In case your country does not have a satisfactory signature solution,
two standard solutions are available; the first is the ECs SD-DSS solution, available at the
Joinup portal as an independent project; the second one is the Spanish signature applet, also
available at the joinup portal, as part of the STORK project.
6.2.4 Anonymity
STORK 2.0 supports an anonymity layer, which dis-correlates the
time of sending an eSurvey to a user from the repection of the
answer.
Both the SP and the PEPS need the anonymity module installed;
it automatically connects to all other nodes as required.
27 | P a g e
a business register, attribute providers; if you want to enable Version control and Anonymity.
The following planning shows an estimation for all of these, supposing that most things can
be done in parallel.
Weeks
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29
Some notes on this planning. In the first place it does not take into account that there may be
holidays. In the second place, as mentioned, the authors of this document can not really
estimate the difficulty of integrating your systems into STORK 2.0.
In the third place, in our experience testing takes quite more time than in ordinary systems.
This is due to the fact that we are not working with a system; this is a platform of many
systems, which makes it more complicated to execute all tests thoroughly.
In the fourth place, the migration to production, which should be a matter of very little time,
in practice has always resulted far more than what was expected, due to the same reason.
28 | P a g e
And, last but not least, this plans to have the core operational. Getting several add-ons, like
administration tools, statistics, version control, etc. into operational state will take several
weeks more.
As a summary, depending on the scope, half a year may be a too tight planning.
29 | P a g e
STORK 2.0 has produced a large amount of documents. All of them are necessary to better
understand STORK 2.0, its achievements, and why where things were done in specific way. In
order make it easier and faster to get into the project and to be able to connect to STORK 2.0
platform, below is a suggestion of documents to read before starting to integrate your
country in STORK 2.0. The documentation is available in the STORK 2.0 web site under the
Results section.
Name
Who
Description
STORK
2.0
Addendum
Guidelines
D3.2 Leaders
AQAA
Legal experts
D3.4 Leaders
Trust
Legal experts
Leaders is thought of as the leader of the STORK integration project, as well as the leader of the
development team.
30 | P a g e
STORK
2.0
Consolidated
Entities Report
D3.6 Leaders
Legal
Legal Experts
STORK
2.0
Consolidated
Entities Report
D3.8 Leaders
Legal
Legal Experts
31 | P a g e
In this document the specification of the crossborder communications between PEPSes and
VIDPs is presented
32 | P a g e
References
[1]
STORK1
specifications:
https://www.eidstork.eu/index.php?option=com_processes&Itemid=&act=streamDocument&did=1805
[2]
STORK1
process
flows:
https://www.eidstork.eu/index.php?option=com_processes&Itemid=&act=streamDocument&did=1465
[3]
[4]
[5]
[6]
[7]
Anonymous Pseudonyms for Cross-Border Identication, M. Barbosa and A. Pinto, Preprint, CCTC/Departamento de Informtica, Universidade do Minho, Portugal 2010
[8]
Efficient Constructions of Deterministic Encryption from Hybrid Encryption and CodeBased PKE, Yang Cui, Kirill Morozov, Kazukuni Kobara, and Hideki Imai, Research
Center for Information Security (RCIS), National Institute of Advanced Industrial Science
&
Technology
(AIST),
Japan
http://staff.aist.go.jp/kirill.morozov/docs/cmki09efficient.pdf.
[9]
[10] Policy requirements for certification authorities issuing qualified certificates, ETSI TS
101 456.
[11] Digital Signature Service Core Protocols, Elements, and Bindings Version 1.0, OASIS
Standard;
2007
http://docs.oasis-open.org/dss/v1.0/oasis-dss-core-spec-v1.0-os.html
[12] Advanced Electronic Signature Profiles of the OASIS Digital Signature Service Version
1.0,
OASIS
Standard,
2007
http://docs.oasis-open.org/dss/v1.0/oasis-dss-profiles-AdES-spec-v1.0-os.html
[13] STORK 2.0 Deliverable D4.9: Functional Design, 2013 (not available in the public section
of the STORK 2.0 web site at the time of the edition of D4.10)
[14] PEPPOL Deliverable D1.3 Demonstrator and functional Specifications for Cross-Border
Use of eSignatures in Public Procurement; Part 7: eID and eSignature Quality
Classification; Revision: 2.1
[15] STORK 2.0 Deliverable D4.11 Interface Specification, 2013 ((not available in the public
section of the STORK 2.0 web site at the time of the edition of D4.10)
[16]PEPPOL http://www.peppol.eu/
33 | P a g e