A Modular and Flexible Identity Management Architecture for National eID Solutions

Thomas Lenz, Bernd Zwattendorfer

Abstract

Identification and authentication are essential processes in various areas of application where access to sensitive data needs to be protected and regulated. To achieve this, usually identity-management systems are put into place, where an identity provider manages digital identities and handles the identification and authentication process for a service provider, which hosts the protected data. Identity management is no new topic and hence several identity management systems have evolved over time. However, new rising requirements also demand modifications and improvements in the field of identity management. In particular, the need for exchanging or federating identities across domains or even borders requires new interoperable solutions and flexible identity management architectures. In this paper we present a flexible and modular identity management architecture which focuses on federation and interoperability capabilities based on plug-able components. Due to that, new arising requirements such as the support of different authentication protocols can be easily fulfilled by implementing appropriate plug-ins. Hence, our proposed architecture is especially applicable for high qualified identification systems such as national eIDs and their federation across borders. We further illustrate the applicability of our architecture by implementing it to be used as an identity provider for Austrian eGovernment applications, on the one side being applicable for national authentications and, on the other side, in a cross-border context.

References

  1. Bauer, M., Meints, M., and Hansen, M. (2005). D3.1: Structured overview on prototypes and concepts of identity management systems.
  2. Cantor, S., Moreh, J., Philpott, R., and Maler, E. (2005). Metadata for the OASIS Security Assertion Markup Language (SAML) V2.0. Technical report.
  3. European Union (2005). Ministerial declaration, Manchester, United Kingdom, on 24 november 2005. European Union.
  4. European Union (2006). Directive 2006/123/ec of the european parliament and of the council of 12 december 2006 on services in the internal market. European Union.
  5. European Union (2014). Regulation (eu) no 910/2014 of the european parliament and of the council of 23 july 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing directive 1999/93/ec. European Union.
  6. Ferdous, M. S. and Poet, R. (2012). A comparative analysis of identity management systems. In Smari, W. W. and Zeljkovic, V., editors, HPCS, pages 454-461. IEEE.
  7. Hughes, J., Cantor, S., Hodges, J., Hirsch, F., Mishra, P., Philpott, R., and Maler, E. (2005). Profiles for the OASIS Security Assertion Markup Language (SAML) V2.0. Technical report.
  8. Kaler, C. and McIntosh, M. (2009). Web Services Federation Language (WS-Federation) Version 1.2.
  9. Kölsch, T., Zibuschka, J., and Rannenberg, K. (2011). Privacy and identity management requirements: An application prototype perspective. In Camenisch, J., Leenes, R., and Sommer, D., editors, Digital Privacy, volume 6545 of Lecture Notes in Computer Science, pages 735-749. Springer Berlin Heidelberg.
  10. Leitold, H., Hollosi, A., and Posch, R. (2002). Security architecture of the austrian citizen card concept. In Computer Security Applications Conference, 2002. Proceedings. 18th Annual, pages 391-400.
  11. Leitold, H., Lioy, A., and Ribeiro, C. (2014). Stork 2.0: Breaking new grounds on eid and mandates. In GmbH, M. M. F., editor, Proceedings of ID World International Congress, pages 1 - 8.
  12. Lockhart, H. and Campbell, B. (2008). Security Assertion Markup Language (SAML) V2.0 Technical Overview. Technical report.
  13. Maler, E., Mishra, P., and Philpott, R. (2003). Assertions and Protocol for the OASIS Security Assertion Markup Language (SAML) V1.1. Technical report.
  14. Nadalin, A., Kaler, C., Monzillo, R., and Hallam-Baker, P. (2006). Web Services Security: SOAP Message Security 1.1. Technical report.
  15. Neuman, C., Yu, T., and Hartman, S und Raeburn, K. (2005). The Kerberos Network Authentication Service (V5).
  16. Orthacker, C. and Zefferer, T. (2011). Accessibility challenges in e-government: an austrian experience. In Stuart Cunningham, Vic Grout, N. H. D. O. R. P., editor, Proceedings of the Forth International Conference on Internet Technologies and Applications (ITA 11), pages 221 - 228.
  17. Rainer, H., Pfläging, P., Zwattendorfer, B., and Pichler, P. (2014). Portalverbundprotokoll Version 2 S-Profil.
  18. Rössler, T., Hollosi, A., Liehmann, M., and Schamberger, R. (2006). Elektronische Vollmachten Spezifikation 1.0.0.
  19. Sakimura, N., Bradley, J., Jones, M., de Medeiros, B., and Mortimore, C. (2014). OpenID Connect Core 1.0.
  20. Stranacher, K. (2010). Foreign identities in the austrian egovernment - an interoperable eid solution. In Center, T. N. C., editor, IDMAN 2010 - 2nd IFIP WG11.6 International Conference on Identity Management, pages 31 - 40.
  21. Zwattendorfer, B., Sumelong, I., and Leitold, H. (2013). Middleware architecture for cross-border identification and authentication. Journal of information assurance and security, 8:107 - 118.
Download


Paper Citation


in Harvard Style

Lenz T. and Zwattendorfer B. (2015). A Modular and Flexible Identity Management Architecture for National eID Solutions . In Proceedings of the 11th International Conference on Web Information Systems and Technologies - Volume 1: WEBIST, ISBN 978-989-758-106-9, pages 321-331. DOI: 10.5220/0005443103210331


in Bibtex Style

@conference{webist15,
author={Thomas Lenz and Bernd Zwattendorfer},
title={A Modular and Flexible Identity Management Architecture for National eID Solutions},
booktitle={Proceedings of the 11th International Conference on Web Information Systems and Technologies - Volume 1: WEBIST,},
year={2015},
pages={321-331},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005443103210331},
isbn={978-989-758-106-9},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 11th International Conference on Web Information Systems and Technologies - Volume 1: WEBIST,
TI - A Modular and Flexible Identity Management Architecture for National eID Solutions
SN - 978-989-758-106-9
AU - Lenz T.
AU - Zwattendorfer B.
PY - 2015
SP - 321
EP - 331
DO - 10.5220/0005443103210331