This paper describes the design and implementation of an Attribute Provider (AP), compatible with the protocol defined in the STORK 2.0 electronic identity European infrastructure that provides cross-border authentication and attribute management in web-based services. Currently, this infrastructure is used as basis in some European countries to implement the recently adopted eIDAS Regulation on electronic identification and trust services for electronic transactions in the internal market. For example, in the e-SENS project the existing nodes of the STORK 2.0 infrastructure are linked to new nodes implementing the eIDAS technical specification, to create a unique interoperability platform. In our work, we considered several key aspects that have been underlined by the National Strategy for Trusted Identities in Cyberspace in USA, e.g. the possibility to incorporate attribute services in identity architectures, the principle of data minimization (provide the minimum set of attributes required so the AP should not overshare as default), and the problem of user consent. We provide also a solution to integrate the proposed AP with an existing database. We believe our work is useful for various identity, attribute and service providers that would connect in the future to the eIDAS interoperability framework.

On the design, implementation and integration of an Attribute Provider in the Pan-European eID infrastructure / Berbecaru, DIANA GRATIELA; Lioy, Antonio. - STAMPA. - (2016), pp. 1263-1269. (Intervento presentato al convegno ISCC-2016: IEEE Symposium on Computers and Communication tenutosi a Messina (Italy) nel June 27-30, 2016) [10.1109/ISCC.2016.7543910].

On the design, implementation and integration of an Attribute Provider in the Pan-European eID infrastructure

BERBECARU, DIANA GRATIELA;LIOY, ANTONIO
2016

Abstract

This paper describes the design and implementation of an Attribute Provider (AP), compatible with the protocol defined in the STORK 2.0 electronic identity European infrastructure that provides cross-border authentication and attribute management in web-based services. Currently, this infrastructure is used as basis in some European countries to implement the recently adopted eIDAS Regulation on electronic identification and trust services for electronic transactions in the internal market. For example, in the e-SENS project the existing nodes of the STORK 2.0 infrastructure are linked to new nodes implementing the eIDAS technical specification, to create a unique interoperability platform. In our work, we considered several key aspects that have been underlined by the National Strategy for Trusted Identities in Cyberspace in USA, e.g. the possibility to incorporate attribute services in identity architectures, the principle of data minimization (provide the minimum set of attributes required so the AP should not overshare as default), and the problem of user consent. We provide also a solution to integrate the proposed AP with an existing database. We believe our work is useful for various identity, attribute and service providers that would connect in the future to the eIDAS interoperability framework.
File in questo prodotto:
Non ci sono file associati a questo prodotto.
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11583/2653763
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo