Innovative Business Solutions November 2015 I Dario Belić I director of IT Development Service, ICT Division, FINA, Croatia National Identification and

Innovative Business Solutions

November 2015 I Dario Belić I director of IT Development Service, ICT Division, FINA, Croatia

National Identification and Authentication SystemINFuture2015

Innovative Business Solutions 2

FINA Company profile

• State-owned, but functions on commercial principles• 3100 employees• Wide network: branches in all larger towns and cities

in Croatia• Total income in 2014: €110 mil.

• Leading Croatian company in the area of financial intermediation and application of information technologies

• The Government’s main partner in the most challenging projects of national importance

• Constant focus and determination to fulfill the clients’ needs• 50-year business tradition in payment transactions processing• Held the exclusive right to execute domestic payment transactions in former

Yugoslavia as the Social Bookkeeping Service until 2002


Products and Services

All phrases can be replaced with your

own text.

Public administrationiCityICT networks for public administration

BanksPayment services

National Clearing SystemPKI

e-Invoice e-Business

Accounting serviceArchiving

Business information

CitizensBill payment Exchange offices

GovernmentREGOS – Central Registry

of Insured PersonsNational Treasury System

One Stop ShopPublic Sector Employees

RegistryBlue Diesel System

Funds Enforcement System

e-Company ServiceMinistry of Justice – ICMS

hosting

Bank & Corporate clientsand citizens

Public sector


2015 Open Government Awards

e-Citizen - the best project in Europe for the theme„Improving Public Services through Open Government"


NIAS as a concept and platform

The authorization process(adding rights to resources)

Register of rights on individual resources for each user

Resource "A"

Resource "B"

Resource "C"

Resource "D"

Service "X"



Resource "A"

Resource "B"

Resource "C"

Resource "D"

Service "Y"

The process of authentication(identification and verification of identity)

Register of users andissued credentials

Credential Issuer "A"



Resource "A"

Resource "B"

Resource "C"

Resource "D"

Service "Z"



Credential Issuer "B"



Credential Issuer "C"

NIAS

SAML

SAML


NIAS in numbers

• pilot project was carried out in 2012 (duration

2.5 months)• go live on 10 June 2014

• Number of e-Services in production: 26

• Number of integrated credentials: 9 (3 level 2 + 5 level 3 + 1 level 4)• In preparation: 1 (level 3)

• Number of unique users of the NIAS (according to OIB – personal identification number): approx. 190.000

• Total number of active credentials: approx. 270.000• Total number of log-ins to services: approx. 3,2 mil.


How NIAS works?

e-Service provider

(web application)

User

(web browser)

1. An unauthenticated user wants to be authenticated for the e-Service [http request]

5. NIAS sends the response to e-service [http redirection + SAML Response message # 1] and returns to the step 1

12. e-Service enables access to the authenticated user [http response]

NIAS

(web application)

2. e-Service sends a request for authentication to NIAS SAML [http redirection + SAMLRequest message #1]

3. NIAS displays the message to the User: Do you approve the login to the e-service? [http request]

4. User "allow / not allow" the login [http response]

5. Depending on the response, NIAS begins the action

YES

NO

YES/NO5. NIAS shows the user a list of credentials that can be used for authentication [http request]

6. The user selects the type of credentials with which the authentication is to be carried out [http response]

7. NIAS sends a request for authentication to the authentication server [http redirection + SAML Request message # 2]

The authentication

server

(web application)

8. authentication server displays the interface for entering credentials [http response]

9. the user enters his credentials [http request]

10. the authentication server sends a response to NIAS [http redirection + SAML Response message # 2]

11. NIAS verifies the account of the authenticated user and sends a response to e-Service [http redirection + SAMLResponse message # 1]


NIAS and Single Sign-Out


How Single Sign-Out works?

e-Service provider

(web application)

User

(web browser)

NIAS

(web application)

Other e-Service providers

(web applications)

1. An authenticated user logs in to the service and clicks on "Sign out"

2. e-Service sends a request for user logout to NIAS SAML [http redirection + LogoutRequest message #1]

3. NIAS shows the message to the User: Do you approve the unique logout from e-services [http request]

4. User "allow / not allow" the unique logout [http response]

5. Depending on the response, NIAS starts the

actionYES/NO

NO

5. NIAS sends the response to e-Service [http redirection + LogoutResponse message #2]

6. NIAS sends a message to each e-Service to which the user is logged in [SOAP +

LogoutRequest)

7. e-Service records which user must log out and responses to a request [SOAP +

LogoutResponse]

8. NIAS informs the user about e-Services from which they are logged off [http request]

9. user clicks on the "continue" button [http response]10. NIAS redirects the user back to the service provider [http redirection + LogoutResponse message #2]

11. e-Service informs the user that they are logged off


NIAS e-Business

NIAS e-BusinessSAML

SAML

FINARDC CA

RDC-TDU CA

Registry of Concessions

eRegos Central Registry of Insured Persons

WEB BON Creditworthiness

RGFI Register of Annual Financial Statements

eBlokade Account blocking

ID provider

n..

Business User


NIAS Cross-border Integration

https://www.eid-stork2.eu/


NIAS Cross-border Integration

https://www.eid-stork2.eu/


Documents

Innovative Business Solutions November 2015 I Dario Belić I director of IT Development Service, ICT Division, FINA, Croatia National Identification and