Authentication and authorisation in entrusted unions

This paper reports on the status of a project whose aim is to implement and demonstrate in a real-life environment an integrated eAuthentication and eAuthorisation framework to enable trusted collaborations and delivery of services across different organisational/governmental jurisdictions. This aim will be achieved by designing a framework with assurance of claims, trust indicators, policy enforcement mechanisms and processing under encryption to address the security and confidentiality requirements of large distributed infrastructures. The framework supports collaborative secure distributed storage, secure data processing and management in both the cloud and offline scenarios and is intended to be deployed and tested in two pilot studies in two different domains, viz, Bio-security incident management and Ambient Assisted Living (eHealth). Interim results in terms of security requirements, privacy preserving authentication, and authorisation are reported

Interoperability of Cross-Border European Egovernment Services: Some Design Issues

The authors analyse some of the research outcomes achieved during the implementation of the EC GUIDE research project “Creating an European Identity Management Architecture for eGovernment”, as well as their personal experience. The project goals and achievements are however considered in a broader context. The key role of Identity in the Information Society was emphasised, that the research and development in this field is in its initial phase. The scope of research related to Identity, including the one related to Identity Management and Interoperability of Identity Management Systems, is expected to be further extended. The authors analyse the abovementioned issues in the context established by the EC European Interoperability Framework (EIF) as a reference document on interoperability for the Interoperable Delivery of European eGovernment Services to Public Administrations, Business and Citizens (IDABC) Work Programme. This programme aims at supporting the pan-European delivery of electronic government services

De-perimeterisation as a cycle: tearing down and rebuilding security perimeters

If an organisation wants to secure its IT assets, where should the security mechanisms be placed? The traditional view is the hard-shell model, where an organisation secures all its assets using a fixed security border: What is inside the security perimeter is more or less trusted, what is outside is not. Due to changes in technologies, business processes and their legal environments this approach is not adequate anymore.\ud This paper examines this process, which was coined de-perimeterisation by the Jericho Forum.\ud In this paper we analyse and define the concepts of perimeter and de-perimeterisation, and show that there is a long term trend in which de-perimeterisation is iteratively accelerated and decelerated. In times of accelerated de-perimeterisation, technical and organisational changes take place by which connectivity between organisations and their environment scales up significantly. In times of deceleration, technical and organisational security measures are taken to decrease the security risks that come with de-perimeterisation, a movement that we call re-perimeterisation. We identify the technical and organisational mechanisms that facilitate de-perimeterisation and re-perimeterisation, and discuss the forces that cause organisations to alternate between these two movements

FedCohesion: Federated Identity Management in the Marche Region

Federated identity management is a set of technologies and processes supporting dynamically distribute identity information. Its adoption in Public Administrations maintains organizations autonomy giving at the same time citizens support to access the services that are distributed across security domains. In this paper, we propose the Marche Region experience for what concern federate identity management focusing on the regional authentication framework, named FedCohesion. It is bases on Security Assertion Markup Language standard and it results from Cohesion re-engineering. It is the old style legacy authentication framework. We first present resulting architecture showing supported identification process and pilot applications. Lessons learned and opportunities have been also presented

European (energy) data exchange reference architecture 3.0

This is the third version of Data Exchange Reference Architecture – DERA 3.0. BRIDGE report on energy data exchange reference architecture aims at contributing to the discussion and practical steps towards truly interoperable and business process agnostic data exchange arrangements on European scale both inside energy domain and across different domains.DERA 3.0Recommendations related to the implementation of DERA:A. Leverage Smart Grid Architecture Model (SGAM) usage by completing it with data governance requirements, specifically from end-customer perspective, and map it to the reference architectures of other sectors (similar to the RAMI4.0 for industry – Reference Architecture Model Industrie 4.0; and CREATE-IoT 3D RAM for health – Reference Architecture Model of CREATE-IoT project), incl. for basic interoperability vocabulary with non-energy sectors.B. Facilitate European strategy, regulation (harmonisation of national regulations) and practical tools for cross-sector exchange of any type of both private data and public data, e.g. through reference models for data space, common data governance and data interoperability implementing acts.C. Ensure cooperation between appropriate associations, countries and sector representatives to work on cross-sector and cross-border data management by establishing European data cooperation agency. This involves ongoing empowering/restructuring of the Data Management WG of the BRIDGE Initiative to engage other sectors and extend cooperation with projects that are not EU-funded and with European Standardisation Organisations (CEN-CENELEC-ETSI).D. Harmonise the development, content and accessibility of data exchange business use cases for cross-sector domain through BRIDGE use case repository. Track tools that identify common features on use cases, e.g. interfaces between sectors, and enable the alignment with any potential peer repositories for other domains. Also, the use case repository must rely on the HEMRM with additional roles created by some projects or roles coming from other associations (related to another sector than the electricity/energy sector).E. Use BRIDGE use case repository for aligning the role selection. Harmonise data roles across electricity and other energy domains by developing HERM – Harmonised Energy Role Model and ensure access to model files. Look for consistency with other domains outside energy based on this HERM – cross-sectoral roles. Harmonised EnergyData EndpointsData SpaceConnectorData ProcessingStandard CommunicationProtocols& FormatsData HarmonizationData PersistanceVocabularyProviderCredentialManagerIdentityManagerMonitoring& OrchestrationData DiscoveryData IndexerLocal AI/ML ServicesDigital TwinsMarketplace BackendStandard CommunicationProtocols& FormatsMarketplace FrontendFederatedUse Cases and Business needsLocal Use Cases and Business needsEnergy RegulationEU Re-gulationActorsBusinessFunctionInformationComp.CommsNon-personal dataSecurity/ResilienceUserAcceptanceSovereigntyOpen SourceInteroperabilityLocalFederatedInteroperabilityTrustData valueGovernance9DATA MANAGEMENT WORKING GROUPEuropean (energy) data exchange reference architecture 3.0Role Model shall have clear implications and connections with data (space) roles such as data provider/consumer, service provider etc.F. Define and harmonise functional data processes for cross-sector domain, using common vocabulary, template and repository for respective use cases’ descriptions. Harmonisation of functional data processes for cross-sector data ecosystems including Vocabulary provider, Federated catalogue, Data quality, Data accounting processes, Clearing process (audit, logging, etc.) and Data tracking and provenance.G. Define and maintain a common reference semantic data model, and ensure access to its model files facilitating cross-sector data exchange, by leveraging existing data models like Common Information Model (CIM) of International Electrotechnical Commission (IEC) and ontologies like Smart Appliances Reference Ontology (SAREF).H. Develop cross-sector data models and profiles, with specific focus on private data exchange. Enable open access to model files whenever possible.I. Ensure protocol agnostic approach to cross-sector data exchange by selecting standardised and open ones.J. Ensure data format agnostic approach to cross-sector data exchange. The work done by projects like TDX-ASSIST and EU-SysFlex (using IEC CIM), and PLATOON (using SAREF) must be shared and made known to consolidate the approach in order to reach semantic interoperability. Metadata must also be taken into account.K. Promote business process agnostic DEPs (Data Exchange Platforms) and make these interoperable by developing APIs (Application Programming Interfaces) which enable for data providers and data users easy connection to any European DEP but also create the possibility whereby connecting to one DEP ensures data exchange with any other stakeholder in Europe. DEPs shall explore the integration of data space connectors towards their connectivity with other DEPs including cross-sector ones.L. Develop universal data applications which can serve any domain. Develop open data driven services that promote also cross-sector integration collectively available in application repositories.Possible next steps (“sub-actions”) for 2023/2024:➢ Release BRIDGE Federated Service Catalogue tool and associated process.➢ Release DERA interactive visualisation tool.➢ Follow up the implementation of DERA 3.0 in BRIDGE projects (mapping to DERA)➢ Update recommendations to comply with DERA 3.0.➢ Develop / enhance the “data role model”

A design theory for e-service environments: The interoperability challenge

The delivery of e-services across organizational boundaries poses a number of issues in terms of design of inter-organizational systems that support service delivery effectively. In this context interoperability emerges as a mandatory requirement for the design of Information Technology (IT) platforms supporting collaborative e-service environments. In this paper we address this issue by presenting a design theory for IT platforms supporting e-services based on both a deep understanding of the interoperability concept and a design research approach. Through the analysis of a cooperation framework developed in the context of an EU funded project, we instantiate the theory by providing the concrete example of a solution addressing this design problem. © 2012 Springer-Verlag GmbH Berlin Heidelberg.The delivery of e-services across organizational boundaries poses a number of issues in terms of design of inter-organizational systems that support service delivery effectively. In this context interoperability emerges as a mandatory requirement for the design of Information Technology (IT) platforms supporting collaborative e-service environments. In this paper we address this issue by presenting a design theory for IT platforms supporting e-services based on both a deep understanding of the interoperability concept and a design research approach. Through the analysis of a cooperation framework developed in the context of an EU funded project, we instantiate the theory by providing the concrete example of a solution addressing this design problem. © 2012 Springer-Verlag GmbH Berlin Heidelberg.Monograph's chapter