Federated identity architecture of the european eID system

Federated identity management is a method that facilitates management of identity processes and policies among the collaborating entities without a centralized control. Nowadays, there are many federated identity solutions, however, most of them covers different aspects of the identification problem, solving in some cases specific problems. Thus, none of these initiatives has consolidated as a unique solution and surely it will remain like that in a near future. To assist users choosing a possible solution, we analyze different federated identify approaches, showing main features, and making a comparative study among them. The former problem is even worst when multiple organizations or countries already have legacy eID systems, as it is the case of Europe. In this paper, we also present the European eID solution, a purely federated identity system that aims to serve almost 500 million people and that could be extended in midterm also to eID companies. The system is now being deployed at the EU level and we present the basic architecture and evaluate its performance and scalability, showing that the solution is feasible from the point of view of performance while keeping security constrains in mind. The results show a good performance of the solution in local, organizational, and remote environments

Current Trends in Pan-European Identity Management Systems

The demand for electronic identity has grown as a result of governments? promotion of e-Government, in which the citizen-public administration relationship often has a strictly personal nature and requires digital identification systems that are univocal, secure, and global. The management of this identity by public administrations is an important challenge, accentuated when interoperability among public administrations of different countries become necessary. In this paper current trends in pan-euroean identity management systems are analysized and a outlook of the future European scenary is shown

An identity framework for providing access to FIWARE OAuth 2.0-based services according to the eIDAS European Regulation

Secure electronic identification (eID) is one of the key enablers of data protection, privacy, and the prevention of online fraud. However, until now, the lack of common legal basis prevented European Member States from recognizing and accepting eIDs issued in the other Member States. The electronic identification and trust services (eIDAS) regulation provides a solution to these issues by ensuring the cross-border mutual recognition of eIDs. FIWARE is a European initiative that provides a rather simple yet powerful set of application programming interfaces (APIs) that ease the development of smart applications in multiple vertical sectors and oriented to the future internet. In this paper, we propose a model that enables the connection of FIWARE OAuth 2.0-based services with the eID authentication provided by eIDAS reference. Thanks to this model, services already connected with an OAuth 2.0 identity provider can be automatically connected with eIDAS nodes for providing eID authentication to European citizens. For validating the proposed model, we have deployed an instance of the FIWARE identity manager connected to the Spanish eIDAS node. Then, we have registered two services, a private videoconferencing system, and a public smart city deployment, and extended their functionalities for enriching the user experience leveraging the eID authentication. We have evaluated the integration of both services in the eIDAS network with real users from seven different countries. We conclude that the proposed model facilitates the integration of generic and FIWARE-based OAuth 2.0 services to the eIDAS infrastructure, making the connection transparent for developers

Trustworthy Cross-Border Interoperable Identity System for Developing Countries

Foundational identity systems (FIDS) have been used to optimise service delivery and inclusive economic growth in developing countries. As developing nations increasingly seek to use FIDS for the identification and authentication of identity (ID) holders, trustworthy interoperability will help to develop a cross-border dimension of e-Government. Despite this potential, there has not been any significant research on the interoperability of FIDS in the African identity ecosystem. There are several challenges to this; on one hand, complex internal political dynamics have resulted in weak institutions, implying that FIDS could be exploited for political gains. On the other hand, the trust in the government by the citizens or ID holders is habitually low, in which case, data security and privacy protection concerns become paramount. In the same sense, some FIDS are technology-locked, thus interoperability is primarily ambiguous. There are also issues of cross-system compatibility, legislation, vendor-locked system design principles and unclear regulatory provisions for data sharing. Fundamentally, interoperability is an essential prerequisite for e-Government services and underpins optimal service delivery in education, social security, and financial services including gender and equality as already demonstrated by the European Union. Furthermore, cohesive data exchange through an interoperable identity system will create an ecosystem of efficient data governance and the integration of cross-border FIDS. Consequently, this research identifies the challenges, opportunities, and requirements for cross-border interoperability in an African context. Our findings show that interoperability in the African identity ecosystem is vital to strengthen the seamless authentication and verification of ID holders for inclusive economic growth and widen the dimensions of e-Government across the continent.Comment: 18 pages, 4 figures, In 2023 Trustworthy Digital Identity International Conference, Bengaluru, Indi

Nordic digital identification (eID)

This publication presents the survey results and policy recommendations of a Nordic study of national eID-systems. The countries that have been studied are Denmark, Finland, Iceland, Norway and Sweden. The aim of the study is to facilitate and lay a foundation for discussions about the similarities and differences in legal, organisational, technical and data approaches taken by the different countries. The survey data has been gathered with the assistance of the members of a project reference group. The data has been analysed and structured into a number of highlighted issues (chapter 1). The highlighted issues have been in turn used as baseline for a set of recommendations (chapter 9). The Nordic Council of Ministers has provided funding and facilitated the staffing of the reference group. The Norwegian Agency for Public Management and e-Government, Difi, has been the project owner and provided project resources

The Review of Non-Technical Assumptions in Digital Identity Architectures

The literature on digital identity management systems (IdM) is abundant and solutions vary by technology components and non-technical requirements. In the long run, however, there is a need for exchanging identities across domains or even borders, which requires interoperable solutions and flexible architectures. This article aims to give an overview of the current research on digital identity management. We conduct a systematic literature review of digital identity solution architectures and extract their inherent non-technical assumptions. The findings show that solution designs can be based on organizational, business and trust assumptions as well as human-user assumptions. Namely, establishing the trust relationships and collaborations among participating organizations; human-users capability for maintaining private cryptographic material or the assumptions that win-win business models could be easily identified. By reviewing the key findings of solutions proposed and looking at the differences and commonalities of their technical, organizational and social requirements, we discuss their potential real-life inhibitors and identify opportunities for future research in IdM