Robert,
The contact point required:
Ref person: Mail de Volker Reible (T-Systems International GmbH, Systems Integration, Large Scale Project Management, Darmstadt).
eMail: Volker.Reible at t-systems.com
T-systems is the firm that has developed the "Service - BW" STORK test Web page.
Additionally STORK code has recently published. Check this URL:
https://joinup.ec.europa.eu/software/stork/release/all <https://joinup.ec.europa.eu/software/stork/release/all>
V-IDP for MW code is located at the bottom of the page.
Best Regards
************************************
* Antonio García-Vázquez *
* (+34) 91 214 9384 *
* antonio.garcia at atosresearch.eu *
************************************
From: Seidl, Robert (NSN - DE/Munich) [mailto:robert.seidl at nsn.com]
Sent: miércoles, 18 de enero de 2012 18:08
To: Antonio Garcia Vazquez; Pedro Soria Rodriguez; Alberto Crespo Garcia
Cc: fiware-security at lists.fi-ware.eu; Goetze, Norbert (NSN - DE/Munich); Kirchschlager, Werner (NSN - DE/Munich)
Subject: RE: STORK integration
Hi Antonio,
Please find our answer in your email (in green colour).
In addition one question:
Are there any specific reasons for Germany not joining STORK2 (e.g. technical, administrative, political)?
To summarize:
The only thing which is required from ATOS is some technical and legal information or at least some contacts outside of ATOS who can answer our questions.
No need for any development from your side.
Greetings
Robert
_____________________________________________________________________________________
From: ext Antonio Garcia Vazquez [mailto:antonio.garcia at atosresearch.eu]
Sent: Wednesday, January 18, 2012 3:21 PM
To: Seidl, Robert (NSN - DE/Munich); Goetze, Norbert (NSN - DE/Munich); Kirchschlager, Werner (NSN - DE/Munich)
Cc: fiware-security at lists.fi-ware.eu; pedro.soria at atosresearch.eu; Alberto Crespo Garcia
Subject: RE: STORK integration
Robert,
In order of summarize the conference we had last Friday regarding the set of mails below (please correct any statement if we have misunderstood):
You'd like to integrate Stork access into your IDM system and to achieve this you are looking for a contact point for "Service - BW" (Stork pilot in Germany) that can be provided by Atos.
è Yes please provide us a contact point
The scenario you'd like to work in is:
- Nokia's IDM will provide an STORK authentication access point by implementing a MiddleWare service (Member State distributed server implementation)
- You'll ask your government for a test license
- The End-User (Service Provider) that will instantiate FI-WARE G.E. (or buy Nokia's IDM) will get its own license to the government country where the final service will be deployed
à yes this is correct
In addition to the possible problems you'll find due to the fact that German government is not a partner Member State in STORK 2.0 (and we don't have information about the feasibility of Germany allowing access to their test platform or providing technical support, we do know that there is a specific and somewhat complex administrative process for Service Providers to obtain Access Certificates from Germany and that private sector Service Providers will in fact be charged for these Access Certificates); we've found some other issues.
1) What about if an End-User belongs to a PEPS (Member State centralized server implementation)? Which is the status of the majority member states in STORK. Then, it is not clear that those end-users will prefer to use FI-WARE G.E. rather than directly follow the available STORK procedure to request access to their local PEPS (except for other added value in the G.E.).
à End users (i. e. Web Services) using the FI-WARE G.E. may reside in either a PEPS country or a MW country. They are supported by the IDM system (of NSN). The IDM will enable authentication with European eIDs by using STORK. IDM also might be located either in PEPS country or MW country and supports both STORK scenarios (PEPS or MW country). The IDM system provides additional functionality (as only using STORK).
The End-User (according to NSNs terminology this is the service) would instantiate an 'Identity Management Security Enabler', which is more than STORK.
So STORK will just be used by the IDM to receive a certified username and other certified attributes (e.g. birth date).
This just replaces the procedure the citizen (according to NSNs terminology this is the end-user) takes when entering username and password required to login and take advantage of the single-sign-on of the IDM. This it cannot be replaced by simply accessing the PEPS.
So, our intention is to add additional value for FI-WARE in order to improve the usage of eID cards.
This also could help increasing service usage for eID cards.
2) We in Atos have an interest in incorporating STORK in the FI-WARE G.E., but we are not interested in working on an IDM product of another vendor (Atos has its own IDM platform).
è There is no need for Atos to work on NSN's IDM, the only thing we would need is information from your side with regard to STORK. I think this should be doable.
We believe that the best option will be to discuss this situation next week in the WP8 internal session and invite some of my STORK colleagues from Atos
è Unfortunately no one from NSN will participate during the general meeting in Madrid for WP8.
@Pascal, Could be possible to include this in our G.A. agenda
è No need for that since NSN is not present.
Best Regards
From: Antonio Garcia Vazquez
Sent: jueves, 12 de enero de 2012 11:05
To: 'Goetze, Norbert (NSN - DE/Munich)'
Cc: Kirchschlager, Werner (NSN - DE/Munich); Seidl, Robert (NSN - DE/Munich)
Subject: RE: STORK integration
Robert,
1: We don't know German government intentions about current test environment or giving some new licenses
3a & 3b: The proposed scenarios assumes that:
- The GE provided by FI-WARE will be registered on STORK although it isn't a final service provider.
- A third part will use our GE to build its own service.
- End-Users give their consent to STORK to share their personal data with FI-WARE
- Then our GE will send the data to the final service the End-Users are trying to access
The problem is on the last step of the scenario, because we will be sharing protected information without the acknowledge of its owner.
On the other hand each STORK country gives licenses to PEP's that will provide services within their own country and we are going to give a Word Wide service.
Anyway; Could you pone me (+34 91 214 93 84) or Is there any phone number where I can call you?
Best Regards
************************************
* Antonio García-Vázquez *
* (+34) 91 214 9384 *
* antonio.garcia at atosresearch.eu *
************************************
From: Goetze, Norbert (NSN - DE/Munich) [mailto:norbert.goetze at nsn.com]
Sent: jueves, 12 de enero de 2012 10:06
To: Antonio Garcia Vazquez
Cc: Kirchschlager, Werner (NSN - DE/Munich); Goetze, Norbert (NSN - DE/Munich); Seidl, Robert (NSN - DE/Munich)
Subject: RE: STORK integration
Hi Antonio,
I am not sure that I understood your arguments.
Let me post some questions to you.
to 1) Even if Germany is not involved in STORK2 and the first STORK project has been completed, can't we (NSNs IDM) just use the saem environment for the FiWare project? Or has the environment been shut down?
to 3a) Please explain in more detail what you mean here. Which single country do you mean?
to 3b) If NSNs IDM is the service provider itself, would there be a legal problem too? The idea is just to use STORK to e.g. receive certified names of the citizens. The names received by STORK would be checked against an IDM database. Example: John Doe is an authorized user of the IDM System. If STORK certifies that the real John Doe is requesting access to the IDM, he will be allowed to use this service. In this case, instead of requesting John Doe to enter his username and password, he just uses his eID in combination with STORK.
Checking the email thread below, we asked for a contact person for "Service - BW" (www.service-bw.de <http://www.service-bw.de> ).
Do you think it would still make sense to contact them?
If yes, do you know someone?
BR,
Norbert
From: ext Antonio Garcia Vazquez [mailto:antonio.garcia at atosresearch.eu]
Sent: Wednesday, January 11, 2012 8:57 PM
To: Seidl, Robert (NSN - DE/Munich)
Cc: Goetze, Norbert (NSN - DE/Munich); Kirchschlager, Werner (NSN - DE/Munich)
Subject: RE: STORK integration
Robert,
Regarding to this; the issues we've detected are:
1) Germany won't bet involve in STORK any more once the first STORK project has been completed. They've deployed the planned pilot environments public oriented, but won't be part as planed of STORK 2 where private services will be specified
2) Moreover STORK 2 project should have been started by the beginning of this year, but at this moment, has no starting date.
My colleagues are expecting the Kick-off meeting on February first week but nothing is scheduled yet.
3) About legal issues our experts has detected two main problems:
a. They are not sure if it will be possible a cloud deployment with a license provided by a single country.
b. STORK legal agreements are designed to identify a user who is in a session with a service provider, and to send his data to this service but not to a third one.
Taking these into account I believe that finally won't be a good idea to integrate STORK in your asset.
On the other hand I think that we should try to implement and demonstrate STORK e-ID advantages in FI-WARE without jeopardize the whole Authentication GE.
Our idea would be to deploy STORK as a an additional and optional service attached to the GE so we could deploy it in a FI-WARE private test environment with an Spanish test license, but not into a public Testbed or production environment until legal issues will be solved.
Best Regards
************************************
* Antonio García-Vázquez *
* (+34) 91 214 9384 *
* antonio.garcia at atosresearch.eu *
************************************
From: Antonio Garcia Vazquez
Sent: miércoles, 21 de diciembre de 2011 15:07
To: 'Seidl, Robert (NSN - DE/Munich)'
Cc: Goetze, Norbert (NSN - DE/Munich); Kirchschlager, Werner (NSN - DE/Munich)
Subject: RE: STORK integration
Robert,
I've recently have some meeting with my colleagues from STORK in ATOS where we've identified some issues I'd like to discuss with you
Is there any phone number I'd call you?
Best Regards
************************************
* Antonio García-Vázquez *
* (+34) 91 214 9384 *
* antonio.garcia at atosresearch.eu *
************************************
From: Seidl, Robert (NSN - DE/Munich) [mailto:robert.seidl at nsn.com]
Sent: martes, 20 de diciembre de 2011 14:21
To: Antonio Garcia Vazquez
Cc: Goetze, Norbert (NSN - DE/Munich); Kirchschlager, Werner (NSN - DE/Munich)
Subject: STORK integration
Hi Antonio,
we are looking for a contact point for "Service - BW" (www.service-bw.de <http://www.service-bw.de> ), since they have the identical setup as we will have.
For that would be nice to get in contact with them in order to discuss about the necessary steps to connect to the STORK platform.
Many thanks in advance
Robert
------------------------------------------------------------------
This e-mail and the documents attached are confidential and intended
solely for the addressee; it may also be privileged. If you receive
this e-mail in error, please notify the sender immediately and destroy it.
As its integrity cannot be secured on the Internet, the Atos
group liability cannot be triggered for the message content. Although
the sender endeavours to maintain a computer virus-free network,
the sender does not warrant that this transmission is virus-free and
will not be liable for any damages resulting from any virus transmitted.
Este mensaje y los ficheros adjuntos pueden contener informacion confidencial
destinada solamente a la(s) persona(s) mencionadas anteriormente
pueden estar protegidos por secreto profesional.
Si usted recibe este correo electronico por error, gracias por informar
inmediatamente al remitente y destruir el mensaje.
Al no estar asegurada la integridad de este mensaje sobre la red, Atos
no se hace responsable por su contenido. Su contenido no constituye ningun
compromiso para el grupo Atos, salvo ratificacion escrita por ambas partes.
Aunque se esfuerza al maximo por mantener su red libre de virus, el emisor
no puede garantizar nada al respecto y no sera responsable de cualesquiera
danos que puedan resultar de una transmision de virus.
------------------------------------------------------------------
------------------------------------------------------------------
This e-mail and the documents attached are confidential and intended
solely for the addressee; it may also be privileged. If you receive
this e-mail in error, please notify the sender immediately and destroy it.
As its integrity cannot be secured on the Internet, the Atos
group liability cannot be triggered for the message content. Although
the sender endeavours to maintain a computer virus-free network,
the sender does not warrant that this transmission is virus-free and
will not be liable for any damages resulting from any virus transmitted.
Este mensaje y los ficheros adjuntos pueden contener informacion confidencial
destinada solamente a la(s) persona(s) mencionadas anteriormente
pueden estar protegidos por secreto profesional.
Si usted recibe este correo electronico por error, gracias por informar
inmediatamente al remitente y destruir el mensaje.
Al no estar asegurada la integridad de este mensaje sobre la red, Atos
no se hace responsable por su contenido. Su contenido no constituye ningun
compromiso para el grupo Atos, salvo ratificacion escrita por ambas partes.
Aunque se esfuerza al maximo por mantener su red libre de virus, el emisor
no puede garantizar nada al respecto y no sera responsable de cualesquiera
danos que puedan resultar de una transmision de virus.
------------------------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.fiware.org/private/old-fiware-security/attachments/20120120/d5da5b5c/attachment.html>
You can get more information about our cookies and privacy policies clicking on the following links: Privacy policy Cookies policy