Potential Impacts in Citizens’ Privacy of using Federated Identity Management to Offer e-Government Services

Jorge Navas, Marta Beltrán

Abstract

The ability to verify citizens’ identity and to authenticate and to authorize them when accessing to e-Government services (such as on-line voting, licence renewal or tax payment) is crucial for the digital transformation of public administrations. Governments need identity management mechanisms valid across different services, platforms, devices, technologies and even physical borders. Federated Identity Management (FIM) can help in ensuring secure identity management, in improving citizens’ experience and in increasing services’ accessibility. But this comes with a price since relying on Identity Providers, whether public or private, poses new privacy threats that has to be faced. This paper presents a threat model of the most promising and extended FIM specifications, OpenID Connect and Mobile Connect, when used as federated identity management solutions for e-Government services. A set of three improvements is proposed to avoid these threats or to mitigate their impacts, taking into account both, specification and implementation aspects. Furthermore, guidelines and recommendations in order to improve future versions of the specifications and/or their implementations are provided for developers, providers and policy makers.

Download


Paper Citation


in Harvard Style

Navas J. and Beltrán M. (2019). Potential Impacts in Citizens’ Privacy of using Federated Identity Management to Offer e-Government Services.In Proceedings of the 16th International Joint Conference on e-Business and Telecommunications - Volume 2: SECRYPT, ISBN 978-989-758-378-0, pages 350-355. DOI: 10.5220/0007797703500355


in Bibtex Style

@conference{secrypt19,
author={Jorge Navas and Marta Beltrán},
title={Potential Impacts in Citizens’ Privacy of using Federated Identity Management to Offer e-Government Services},
booktitle={Proceedings of the 16th International Joint Conference on e-Business and Telecommunications - Volume 2: SECRYPT,},
year={2019},
pages={350-355},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0007797703500355},
isbn={978-989-758-378-0},
}


in EndNote Style

TY - CONF

JO - Proceedings of the 16th International Joint Conference on e-Business and Telecommunications - Volume 2: SECRYPT,
TI - Potential Impacts in Citizens’ Privacy of using Federated Identity Management to Offer e-Government Services
SN - 978-989-758-378-0
AU - Navas J.
AU - Beltrán M.
PY - 2019
SP - 350
EP - 355
DO - 10.5220/0007797703500355