By Joerg Abendroth, Souheil Bcheri, Kasper Damgaard,Hamza Ghani, Jesus Luna, Gert Læssøe Mikkelsen, Maxim Moneta, Monika Orski,Neeraj Suri,Harald Zwingelberg

Download: PDF, Review Status: final


In this document we provide the details of the architecture and implementation of the Söderhamn school pilot system components, as well as their API mapping with the first version of the ABC4Trust reference implementation. We explain how these components interact among themselves and with the pilot users. We provide the details of their set-up, initialization, and proper operation within the servers as well as the clients installed on users' computers. We also provide an analysis of the legal aspects of the pilot, and the results of a preliminary risk analysis of the pilot system.

 Executive Summary

In this deliverable we provide the details of the implementation, set-up and operation of the system that will be employed in the Söderhamn school pilot of the ABC4Trust project: A community interaction platform with protection of the users’ privacy. The design, implementation, and testing of the pilot system was based on the use cases and pilot requirements documented in deliverables D5.1, D5.2, and 6.1 as well as the first version of the ABC4Trust reference implementation of Privacy-ABCs provided by WP4.

The architecture of the pilot system, as explained in the deliverable, is comprised of the following main components: (i) the School Registration System, which is responsible for storing data (attribute values) about the users and for issuing credentials to the students, (ii) the Restricted Areas (RA) System, which supports the community interaction functions, (iii) the ABC Systems, which provide verifications of tokens created by the User Client, (iv) the User Client, which provide controls of user credentials, (v) the Client Browser, which handles browser communication with the RA System and requests to the ABC System, and (vi) the Smart Cards and Smart Card Readers, which are distributed to the users and store users’ credentials. Additional two components in the pilot are the Revocation Authority, which is implemented as an Issuer-driven revocation and the Inspector Application.

In the sections that follow, we describe the deployment of each part, the key scenarios and corresponding API mappings, the legal aspects, and what has been done to mitigate risks during the pilot. In all chapters, the descriptions emphasise on the privacy aspects.