Towards Cross-Border Authorization in European eID Federations

被引:4
作者
Lenz, Thomas [1 ]
Zwattendorfer, Bernd [1 ]
机构
[1] E Govt Innovat Ctr EGIZ, Inffeldgasse 16a, A-8010 Graz, Austria
来源
2016 IEEE TRUSTCOM/BIGDATASE/ISPA | 2016年
关键词
authorization; federation; cross-border; identification; authentication;
D O I
10.1109/TrustCom.2016.0093
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Identification, authentication, and authorization are essential processes in various areas of applications, where access to sensitive data needs to be protected and regulated. To achieve this, usually identity-management systems are put into place, where an identity provider manages digital identities and handles the identification and authentication process for a service provider, which hosts the protected data and regulates access to this information. Due to increasing mobility of citizens and cross-border public administration, interoperability across the border of national electronic identity management systems in the European eID landscape becomes more and more important. While there were several European initiatives ongoing for achieving cross-border identification and authentication in the last couple of years, there was actually no initiative to enable cross-border authorization in Europe. Hence, in this paper we propose an advanced architectural design towards cross-border authorization in Europe. This proposed solution extends the existing cross-border eID federation implementations, which are actually in place across Europe, to bring up also cross-border authorization support into these European eID infrastructures. The proposed architecture follows a modular and plug-in based approach to ease the integration into various heterogeneous eID infrastructures, which are actually deployed in European countries. We illustrate the practical applicability of the proposed architecture by implementing an Authorization Gateway for the Austrian eID infrastructure. This Authorization Gateway meets all national legal and technical requirements to transfer authorization information across borders.
引用
收藏
页码:426 / 434
页数:9
相关论文
共 19 条
[1]  
Biancini A., 2015, TER NETW C 2015
[2]   Federated Authentication and Authorization: A Case Study [J].
Boehm, Oliver ;
Caumanns, Joerg ;
Franke, Markus ;
Pfaff, Oliver .
EDOC 2008: 12TH IEEE INTERNATIONAL ENTERPRISE DISTRIBUTED OBJECT COMPUTING, PROCEEDINGS, 2008, :356-+
[3]  
Cantor S., 2005, Metadata for the OASIS Security Assertion Markup Language (SAML) V2. 0
[4]  
Decat M, 2013, LECT NOTES COMPUT SC, V8185, P342, DOI 10.1007/978-3-642-41030-7_25
[5]  
European Union, 2005, MIN DECL MANCH UK 24
[6]  
Hu V., 2014, Technical Report NIST 800-162
[7]  
Hughes J., 2005, Profiles for the OASIS Security Assertion Markup Language
[8]   A Unified Attribute-Based Access Control Model Covering DAC, MAC and RBAC [J].
Jin, Xin ;
Krishnan, Ram ;
Sandhu, Ravi .
DATA AND APPLICATIONS SECURITY AND PRIVACY XXVI, 2012, 7371 :41-55
[9]  
Jin Xin., 2012, Proceedings of the First International Workshop on Secure and Resilient Architectures and Systems, P7
[10]  
Kaluvuri S. P., 2015, Frontiers ICT, V2, P9, DOI DOI 10.3389/FICT.2015.00009