Enhancing the Modularity and Flexibility of Identity Management Architectures for National and Cross-Border eID Applications

摘要

Identity-management systems play a key role in various areas of applications and e-Government processes where access to sensitive data needs to be protected. To protect this sensitive data, the identity-management system provides all necessary functionality to service providers to manage digital identities and to handle the identification and authentication process. Identity management per se is no new topic and hence several identity-management systems have evolved over time, which are deployed in almost all European countries. However, identity management is constantly evolving in terms of new technical or legal requirements, higher secure protocols, new identification and authentication mechanism, or new fields of applications. In particular, the need for exchanging or federating identities across domains or even borders requires new interoperable solutions and flexible identity management architectures. In this paper we present a flexible and modular identity management architecture which focuses on federation and interoperability capabilities based on plug-able components. Due to that, new arising requirements can be easily fulfilled by implementing appropriate plug-ins. Hence, our proposed architecture is especially applicable for high qualified identification systems such as national eIDs for e-Government applications and their federation across borders. We further illustrate the applicability of our architecture by implementing it to be used as an identity provider for Austrian eGovemment applications, on the one side being applicable for national authentications and, on the other side, in a cross-border context.