SECURITY COMMUNICATION LAYER FOR PUBLIC DISTRIBUTED REPORTING SERVICES

摘要

The electronic management of user identities is a requirement for many modern applications. The user's identity defines its possible range of actions, and its management becomes critical in applications such as e-Banking, e-Payment, etc. Current solutions are based on methods that use certificate infrastructures, role and policy enforcement management, trust management using social networking, etc. We propose a solution for electronic management of identities that provides secure identification of a user using its electronic identity card (eID). The proposed nPA (the new German Identity card) Connector offers a trusted infrastructure for secure handling of electronic identities over the Internet. The nPA connector uses certificates obtained and guaranteed by a trusted Identity Provider. The user's personal data from the electronic Identity Card is transmitted from an original source service provider to subsequent destination service providers, all of which have previously signed a contract with the Identity Provider. The connector can be easily integrated within -an application, providing a supplementary security layer for identity management. It can also be accessed remote as a Web service. In such cases the connector can be accessed by applications that can communicate with an Identity Provider from a trusted list of elD Service Providers. For that, the connector offers an interface for the application to query attributes from the electronic Identity card. The nPA connector can be considered a service provider between a user wielding a user agent (usually a web application accessed through a web browser) and an Identity Provider.