Social and Legal Implications of Digital Identity in a Multi-national Environment

The i2010 e-Government Action Plan from the European Union forces Public Administrations (national, regional and local) of all Member States that by 2010 to meet all administrative acts of the citizens through the Internet. This implies the need for mechanisms and systems to be able to unequivocally identify people on the Internet, together with a reliable system of interoperable electronic identification management (eIDM), in such a way that citizens, businesses and government departments (even in different Member States) can identify themselves and certify their transactions accurately, quickly and simply. However, despite the clear advantages that this entails for EU citizens, namely the fact that they possess a digital identity which allows them secure and identified access to the services offered by the various public administrations in Member States, the implementation of a solution of this kind involves a series of risks which, if they are not duly dealt with, may engender a reduction in the effectiveness of public institutions and citizens' trust in them. This article will analyse the problems associated with digital identity in the EU framework and the extent to which the solutions adopted to date meet the constitutional requirements, or fail to, highlighting aspects which may entail a risk or detriment to the freedoms of citizens and those relating to the handling of digital identity which have not yet been tackled but which, given their particular relevance, necessitate an immediate solution

Solving identity delegation problem in the e-government environment

At present, many countries allow citizens or entities to interact with the government outside the telematic environment through a legal representative who is granted powers of representation. However, if the interaction takes place through the Internet, only primitive mechanisms of representation are available, and these are mainly based on non-dynamic offline processes that do not enable quick and easy identity delegation. This paper proposes a system of dynamic delegation of identity between two generic entities that can solve the problem of delegated access to the telematic services provided by public authorities. The solution herein is based on the generation of a delegation token created from a proxy certificate that allows the delegating entity to delegate identity to another on the basis of a subset of its attributes as delegator, while also establishing in the delegation token itself restrictions on the services accessible to the delegated entity and the validity period of delegation. Further, the paper presents the mechanisms needed to either revoke a delegation token or to check whether a delegation token has been revoked. Implications for theory and practice and suggestions for future research are discussed

Improvements of Pan-European IDM Architecture to Enable Identity Delegation Based on X.509 Proxy Certificates and SAML

To foster the secure use of telematic services provided by public institutions, most European countries – and others in the rest of the world – are promoting electronic identification systems among their citizens to enable fully reliable identification. However, in today’s globalized environment, it is becoming more common for citizens and entities of a given country, with their own electronic credentials under the legal framework of their country, to seek access to the public services provided by other countries with different legal frameworks and credentials. At present, a number of projects in the European Union are attempting to solve the problem through the use of pan-European identity management systems that ensure interoperability between the public institutions of different Member States. However, the solutions adopted to date are inadequate, for they do not envision all possible cases of user interaction with institutions. Specifically, they fail to address a very important aspect provided in different national legal systems, namely delegation of identity, by which a citizen can authorize another to act on his or her behalf in accessing certain services provided by public institutions. This paper provides a thorough analysis of problems of delegation and proposes an architecture based on X.509 Proxy Certificates and SAML assertions to enable delegation in provision of services in the complex and heterogeneous environment presented by the public institutions of the European Union as a whole