Security requirements for e-government services: a methodological approach for developing a common PKI-based security policy

The concept of one-stop on-line government is not science fiction any more. On the contrary, the high reliability and performance of communication links, combined with architectural models that facilitate transparent access to distributed computational and storage resources, propel the development of integrated e-govemment platforms that support increased citizen mobility. The price we have to pay is the complexity introduced in the design of the security mechanisms required for protecting several heterogeneous information systems-each one supporting some of the services offered through the e-govemment integrated environment-and ensuring user privacy. This paper demonstrates that the security services offered by Public Key Infrastructure (PKI) can be employed for fulfilling most of the identified security requirements for an integrated e-government platform. The list of security requirements has been compiled by adopting an organisational framework that facilitates the classification of e-govemment services according to the security requirements they exhibit. The proposed approach has been applied, as a case study, to the e-govemment system 'Webocrat', identifying its security requirements and then designing a PKI-based security architecture for fulfilling them. (C) 2003 Elsevier B.V. All rights reserved.