Tuesday, November 9, 2010

eID

At work a colleague and me just finished the 1.0 version of a new eID security module. It's based on the open source framework of Fedict that uses an Applet to allow you to sign in using your digital id. This framework was brought to life due to a lot of problems (stability, configuration, ...) with the current eID Fedict middleware solution.

For now it's still implemented as a stand-alone war, but it will be integrated in our larger, existing security module very soon. This larger module copes with authentication, authorization and identity management and is really mature for some time now. It came to life several years ago to replace a product from Sun called Access Manager. Onces the integration with eID is finished, the entire module will be open sourced. Exiting stuff!
Posted by at
Labels: , ,

4 comments:

  1. Koen SerneelsNovember 14, 2010 at 11:26 PM

    Very interesting topic, but would you like to elaborate a bit more about why the standard middleware (which is available for windows, mac and linux) is unstable?

    The middleware itself uses the smartcard driver available to the OS. The middleware is on itself pretty stable, at least as far as my experience goes.
    Sometimes the registration of certificates is a bit pesky, but it always works.

    Second, if I understand it correctly the applet is launched on the clients computer to replace the native middleware installation?
    This is very interesting, can you point out a internet location for more information on this subject?
    The fedICT site does not mention anything about such an applet.

    I'm asking this since I'm also wondering how the applet is able to interface with the cardreader on a portable and stable manner.
    Afaik there is no standard API for accessing cardreaders in Java and you will need to fallback using the JNI which would most likely break portability...

    ReplyDelete
  2. Koen SerneelsNovember 14, 2010 at 11:45 PM

    I always say, 'in my team we use google', that said, there is documentation about the applet on the fedICT site.

    The document explains that it uses the Java Smart Card I/O API if Java 6 is available (the API is new since Java 6). If not it still requires the middleware to be installed.
    So it does seem that this might be a good alternative OS portable component for the standard middleware.

    ReplyDelete
  3. Philip NolletNovember 19, 2010 at 9:45 AM

    Oooooow, my first reaction ever. Somebody actually reads my blog :)

    Hey unknown 'error' user, aka 'de Koen seh' :)

    Indeed Java 6 is required for the Smart Card IO api but there also was another reason I think, which I can't remember but I'm gonna look it up.

    If you're interested, more info can be found here:

    All the code is open sourced at:
    http://code.google.com/p/eid-applet/

    Frank and his team also made a certificate validator called jTrust:
    http://code.google.com/p/jtrust/

    There are some online test pages here:
    https://www.e-contract.be/eid-applet-test/ (For instance test the data on your eid card via https://www.e-contract.be/eid-applet-test/identify.html)

    Thanks for the question.

    ReplyDelete
  4. Philip NolletDecember 13, 2010 at 11:35 AM

    Hey, I double checked why the existing solution was not good and it turned out that on some laptops it really was unstable. Apparently it was slow most of the times and it sometimes asked you to insert your card, while it was already inserted :) Stuff like that. I've never experienced it myself but a bunch of people confirmed these issues. And of course even the guy who made it, acknowledges these problems. That's why he came up with the Applet.

    ReplyDelete

Subscribe to: Post Comments (Atom)