Abstract
Identification, authentication, and authorization
are essential processes in various areas of applications, where
access to sensitive data needs to be protected and regulated.
To achieve this, usually identity-management systems are put
into place, where an identity provider manages digital identities
and handles the identification and authentication process for a
service provider, which hosts the protected data and regulates
access to this information. Due to increasing mobility of citizens
and cross-border public administration, interoperability across
the border of national electronic identity management systems
in the European eID landscape becomes more and more important.
While there were several European initiatives ongoing for
achieving cross-border identification and authentication in the
last couple of years, there was actually no initiative to enable
cross-border authorization in Europe. Hence, in this paper we
propose an advanced architectural design towards cross-border
authorization in Europe. This proposed solution extends the existing
cross-border eID federation implementations, which are
actually in place across Europe, to bring up also cross-border
authorization support into these European eID infrastructures.
The proposed architecture follows a modular and plug-in based
approach to ease the integration into various heterogeneous eID
infrastructures, which are actually deployed in European countries.
We illustrate the practical applicability of the proposed
architecture by implementing an Authorization Gateway for
the Austrian eID infrastructure. This Authorization Gateway
meets all national legal and technical requirements to transfer
authorization information across borders.
are essential processes in various areas of applications, where
access to sensitive data needs to be protected and regulated.
To achieve this, usually identity-management systems are put
into place, where an identity provider manages digital identities
and handles the identification and authentication process for a
service provider, which hosts the protected data and regulates
access to this information. Due to increasing mobility of citizens
and cross-border public administration, interoperability across
the border of national electronic identity management systems
in the European eID landscape becomes more and more important.
While there were several European initiatives ongoing for
achieving cross-border identification and authentication in the
last couple of years, there was actually no initiative to enable
cross-border authorization in Europe. Hence, in this paper we
propose an advanced architectural design towards cross-border
authorization in Europe. This proposed solution extends the existing
cross-border eID federation implementations, which are
actually in place across Europe, to bring up also cross-border
authorization support into these European eID infrastructures.
The proposed architecture follows a modular and plug-in based
approach to ease the integration into various heterogeneous eID
infrastructures, which are actually deployed in European countries.
We illustrate the practical applicability of the proposed
architecture by implementing an Authorization Gateway for
the Austrian eID infrastructure. This Authorization Gateway
meets all national legal and technical requirements to transfer
authorization information across borders.
| Original language | English |
|---|---|
| Title of host publication | 15th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom-16) |
| Publisher | IEEE Computer Society |
| Pages | 426-434 |
| Number of pages | 9 |
| ISBN (Electronic) | 978-1-5090-3205-1 |
| DOIs | |
| Publication status | Published - 2017 |
| Event | 15th IEEE Trustcom/BigDataSE/ISPA: TrustCom 2016 - Tianjin, China Duration: 23 Aug 2016 → 26 Aug 2016 |
Conference
| Conference | 15th IEEE Trustcom/BigDataSE/ISPA |
|---|---|
| Country/Territory | China |
| City | Tianjin |
| Period | 23/08/16 → 26/08/16 |
ASJC Scopus subject areas
- Computer Networks and Communications