Authors:
Paul Marillonnet
1
;
Mikaël Ates
2
;
Maryline Laurent
3
and
Nesrine Kaaniche
4
Affiliations:
1
Entr’ouvert, Paris, France, SAMOVAR, Télécom SudParis, Institut Polytechnique de Paris, France
;
2
Entr’ouvert, Paris, France
;
3
SAMOVAR, Télécom SudParis, Institut Polytechnique de Paris, France
;
4
Security of Advanced Systems, Department of Computer Science, University of Sheffield, U.K.
Keyword(s):
Identity Matching, Federated-identity Architecture, Identity Management, Citizen-relationship Management, Trust Enforcement.
Abstract:
To smoothly counteract privilege escalation in federated-identity architectures, the cross-checking of asserted Personally Identifiable Information (PII) among different sources is highly recommended and advisable. Identity matching is thus a key component for supporting the automated PII cross-checking process. This paper proposes an efficient identity-matching solution, adapted to a chosen User-Relationship Management (URM) platform, relying on a French Territorial Collectivities and Public Administrations (TCPA) use case. The originality of the paper is threefold. (1) It presents an original solution to identity-matching issues raised by a concrete use case from the Territorial Collectivities and the Public Administration (TCPA), formalizing concepts such as information completeness, PII normalization and Levenshtein-distance matrix generation. (2) Implementation guidelines are given to deploy the solution on an operational Publik platform. (3) A precise security analysis is provi
ded, relying on an original attacker model.
(More)