This paper describes the design and implementation of an Attribute Provider (AP), compatible with the protocol defined in the STORK 2.0 electronic identity European infrastructure that provides cross-border authentication and attribute management in web-based services. Currently, this infrastructure is used as basis in some European countries to implement the recently adopted eIDAS Regulation on electronic identification and trust services for electronic transactions in the internal market. For example, in the e-SENS project the existing nodes of the STORK 2.0 infrastructure are linked to new nodes implementing the eIDAS technical specification, to create a unique interoperability platform. In our work, we considered several key aspects that have been underlined by the National Strategy for Trusted Identities in Cyberspace in USA, e.g. the possibility to incorporate attribute services in identity architectures, the principle of data minimization (provide the minimum set of attributes required so the AP should not overshare as default), and the problem of user consent. We provide also a solution to integrate the proposed AP with an existing database. We believe our work is useful for various identity, attribute and service providers that would connect in the future to the eIDAS interoperability framework.
On the design, implementation and integration of an Attribute Provider in the Pan-European eID infrastructure / Berbecaru, DIANA GRATIELA; Lioy, Antonio. - STAMPA. - (2016), pp. 1263-1269. (Intervento presentato al convegno ISCC-2016: IEEE Symposium on Computers and Communication tenutosi a Messina (Italy) nel June 27-30, 2016) [10.1109/ISCC.2016.7543910].
On the design, implementation and integration of an Attribute Provider in the Pan-European eID infrastructure
BERBECARU, DIANA GRATIELA;LIOY, ANTONIO
2016
Abstract
This paper describes the design and implementation of an Attribute Provider (AP), compatible with the protocol defined in the STORK 2.0 electronic identity European infrastructure that provides cross-border authentication and attribute management in web-based services. Currently, this infrastructure is used as basis in some European countries to implement the recently adopted eIDAS Regulation on electronic identification and trust services for electronic transactions in the internal market. For example, in the e-SENS project the existing nodes of the STORK 2.0 infrastructure are linked to new nodes implementing the eIDAS technical specification, to create a unique interoperability platform. In our work, we considered several key aspects that have been underlined by the National Strategy for Trusted Identities in Cyberspace in USA, e.g. the possibility to incorporate attribute services in identity architectures, the principle of data minimization (provide the minimum set of attributes required so the AP should not overshare as default), and the problem of user consent. We provide also a solution to integrate the proposed AP with an existing database. We believe our work is useful for various identity, attribute and service providers that would connect in the future to the eIDAS interoperability framework.Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
https://hdl.handle.net/11583/2653763
Attenzione
Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo