Towards Cross-Border Authorization in European eID Federations

Thomas Lenz, Bernd Zwattendorfer

Research output: Chapter in Book/Report/Conference proceedingConference contributionResearchpeer-review

Abstract

Identification, authentication, and authorization
are essential processes in various areas of applications, where
access to sensitive data needs to be protected and regulated.
To achieve this, usually identity-management systems are put
into place, where an identity provider manages digital identities
and handles the identification and authentication process for a
service provider, which hosts the protected data and regulates
access to this information. Due to increasing mobility of citizens
and cross-border public administration, interoperability across
the border of national electronic identity management systems
in the European eID landscape becomes more and more important.
While there were several European initiatives ongoing for
achieving cross-border identification and authentication in the
last couple of years, there was actually no initiative to enable
cross-border authorization in Europe. Hence, in this paper we
propose an advanced architectural design towards cross-border
authorization in Europe. This proposed solution extends the existing
cross-border eID federation implementations, which are
actually in place across Europe, to bring up also cross-border
authorization support into these European eID infrastructures.
The proposed architecture follows a modular and plug-in based
approach to ease the integration into various heterogeneous eID
infrastructures, which are actually deployed in European countries.
We illustrate the practical applicability of the proposed
architecture by implementing an Authorization Gateway for
the Austrian eID infrastructure. This Authorization Gateway
meets all national legal and technical requirements to transfer
authorization information across borders.
Original languageEnglish
Title of host publication15th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom-16)
PublisherIEEE Computer Society
Pages426-434
Number of pages9
ISBN (Electronic) 978-1-5090-3205-1
DOIs
Publication statusPublished - 2017
Event2016 IEEE Trustcom/BigDataSE/I​SPA - Tianjin, China
Duration: 23 Aug 201626 Aug 2016

Conference

Conference2016 IEEE Trustcom/BigDataSE/I​SPA
CountryChina
CityTianjin
Period23/08/1626/08/16

Keywords

    ASJC Scopus subject areas

    • Computer Networks and Communications

    Cite this

    Lenz, T., & Zwattendorfer, B. (2017). Towards Cross-Border Authorization in European eID Federations. In 15th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom-16) (pp. 426-434). IEEE Computer Society. https://doi.org/10.1109/TrustCom.2016.0093

    Towards Cross-Border Authorization in European eID Federations. / Lenz, Thomas; Zwattendorfer, Bernd.

    15th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom-16). IEEE Computer Society, 2017. p. 426-434.

    Research output: Chapter in Book/Report/Conference proceedingConference contributionResearchpeer-review

    Lenz, T & Zwattendorfer, B 2017, Towards Cross-Border Authorization in European eID Federations. in 15th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom-16). IEEE Computer Society, pp. 426-434, 2016 IEEE Trustcom/BigDataSE/I​SPA, Tianjin, China, 23/08/16. https://doi.org/10.1109/TrustCom.2016.0093
    Lenz T, Zwattendorfer B. Towards Cross-Border Authorization in European eID Federations. In 15th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom-16). IEEE Computer Society. 2017. p. 426-434 https://doi.org/10.1109/TrustCom.2016.0093
    Lenz, Thomas ; Zwattendorfer, Bernd. / Towards Cross-Border Authorization in European eID Federations. 15th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom-16). IEEE Computer Society, 2017. pp. 426-434
    @inproceedings{69838f06399f48bbba2905ed1b2df8ee,
    title = "Towards Cross-Border Authorization in European eID Federations",
    abstract = "Identification, authentication, and authorizationare essential processes in various areas of applications, whereaccess to sensitive data needs to be protected and regulated.To achieve this, usually identity-management systems are putinto place, where an identity provider manages digital identitiesand handles the identification and authentication process for aservice provider, which hosts the protected data and regulatesaccess to this information. Due to increasing mobility of citizensand cross-border public administration, interoperability acrossthe border of national electronic identity management systemsin the European eID landscape becomes more and more important.While there were several European initiatives ongoing forachieving cross-border identification and authentication in thelast couple of years, there was actually no initiative to enablecross-border authorization in Europe. Hence, in this paper wepropose an advanced architectural design towards cross-borderauthorization in Europe. This proposed solution extends the existingcross-border eID federation implementations, which areactually in place across Europe, to bring up also cross-borderauthorization support into these European eID infrastructures.The proposed architecture follows a modular and plug-in basedapproach to ease the integration into various heterogeneous eIDinfrastructures, which are actually deployed in European countries.We illustrate the practical applicability of the proposedarchitecture by implementing an Authorization Gateway forthe Austrian eID infrastructure. This Authorization Gatewaymeets all national legal and technical requirements to transferauthorization information across borders.",
    keywords = "authorization, federation, cross-border, identification, authentication",
    author = "Thomas Lenz and Bernd Zwattendorfer",
    year = "2017",
    doi = "10.1109/TrustCom.2016.0093",
    language = "English",
    pages = "426--434",
    booktitle = "15th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom-16)",
    publisher = "IEEE Computer Society",
    address = "United States",

    }

    TY - GEN

    T1 - Towards Cross-Border Authorization in European eID Federations

    AU - Lenz, Thomas

    AU - Zwattendorfer, Bernd

    PY - 2017

    Y1 - 2017

    N2 - Identification, authentication, and authorizationare essential processes in various areas of applications, whereaccess to sensitive data needs to be protected and regulated.To achieve this, usually identity-management systems are putinto place, where an identity provider manages digital identitiesand handles the identification and authentication process for aservice provider, which hosts the protected data and regulatesaccess to this information. Due to increasing mobility of citizensand cross-border public administration, interoperability acrossthe border of national electronic identity management systemsin the European eID landscape becomes more and more important.While there were several European initiatives ongoing forachieving cross-border identification and authentication in thelast couple of years, there was actually no initiative to enablecross-border authorization in Europe. Hence, in this paper wepropose an advanced architectural design towards cross-borderauthorization in Europe. This proposed solution extends the existingcross-border eID federation implementations, which areactually in place across Europe, to bring up also cross-borderauthorization support into these European eID infrastructures.The proposed architecture follows a modular and plug-in basedapproach to ease the integration into various heterogeneous eIDinfrastructures, which are actually deployed in European countries.We illustrate the practical applicability of the proposedarchitecture by implementing an Authorization Gateway forthe Austrian eID infrastructure. This Authorization Gatewaymeets all national legal and technical requirements to transferauthorization information across borders.

    AB - Identification, authentication, and authorizationare essential processes in various areas of applications, whereaccess to sensitive data needs to be protected and regulated.To achieve this, usually identity-management systems are putinto place, where an identity provider manages digital identitiesand handles the identification and authentication process for aservice provider, which hosts the protected data and regulatesaccess to this information. Due to increasing mobility of citizensand cross-border public administration, interoperability acrossthe border of national electronic identity management systemsin the European eID landscape becomes more and more important.While there were several European initiatives ongoing forachieving cross-border identification and authentication in thelast couple of years, there was actually no initiative to enablecross-border authorization in Europe. Hence, in this paper wepropose an advanced architectural design towards cross-borderauthorization in Europe. This proposed solution extends the existingcross-border eID federation implementations, which areactually in place across Europe, to bring up also cross-borderauthorization support into these European eID infrastructures.The proposed architecture follows a modular and plug-in basedapproach to ease the integration into various heterogeneous eIDinfrastructures, which are actually deployed in European countries.We illustrate the practical applicability of the proposedarchitecture by implementing an Authorization Gateway forthe Austrian eID infrastructure. This Authorization Gatewaymeets all national legal and technical requirements to transferauthorization information across borders.

    KW - authorization

    KW - federation

    KW - cross-border

    KW - identification

    KW - authentication

    U2 - 10.1109/TrustCom.2016.0093

    DO - 10.1109/TrustCom.2016.0093

    M3 - Conference contribution

    SP - 426

    EP - 434

    BT - 15th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom-16)

    PB - IEEE Computer Society

    ER -