We had a meeting with our project supervisor Dr.Chandana Gamage today from 1.30pm to 2.15pm.
After yesterday’s meeting we had a brainstorming session with all group members and discussed about the options we have for the system architecture of the eID system. So we arrange today’s meeting to discuss further on this and finalize the design. Today’s discussions lead us to a redesign of our architecture. We found that there were some flaws in our earlier architecture, in which the eID WS was sitting on the middle, which could easily lead to problems in terms of load as well as attack prone.
Changes in Design
Some points that were highlighted at the meetings.
- Moving load away from central eID WS server
- One time signed polycies for the relying parties
- Complex functionalities implemented at the WS end
- Mostly all network enabled application are now on web, so better to have a browser plugin
So we decided to make the end-user to be at the end and include one more application to our deliverables list that would be a browser plugin. This plugin will now at as the center point which will handle the message flow from relying party, web service and the eID card.
Read-only memory eID
Also we decided to add one more deliverable to our project in the form of an alternative eID card to smart card based one, using a read-only memory stick. Though this would miss some security advantages, this could give some advantage interms of cost of the device. We will have to explore into this further to get more possible implementation options. We will have to try and find ways to make a normal USB memory stick to a secure one, or else we should find some other alternative that could work for our needs.
Offline Authentication Application
We also discussed about the Offline Authentication Application and how it would work in a practical situation. We discussed to have the following two in this application and to discuss further on this to add any other as needed.
- Signed Photo Verification (Signed by Issuing Authority, updated regularly)
- PoI (Persons of Interest) Checking System
We also finalized our list of final project deliverables with our supervisor as follows.
- eID card
- Smart card based
- Read-only memory based
- Online Authentication Web Service
- Browser Plugin for online authentication
- Offline Authentication Application
- Card Issuing/Updating Application
- 2 Research Papers (3rd one if time permits)