article

STORK: a real, heterogeneous, large-scale eID management system

Authors:

Carlos Ribeiro,

Herbert Leitold,

Simon Esposito,

David MitzamAuthors Info & Claims

International Journal of Information Security, Volume 17, Issue 5

Pages 569 - 585

https://doi.org/10.1007/s10207-017-0385-x

Published: 01 October 2018 Publication History

Abstract

Verifying who someone is on the Internet is a prerequisite for online services that process sensitive or valuable information. While this has been solved with national or sectorial electronic identification (eID) schemes, general, cross-border solutions are rare. Cross-border eID difficulties have several origins: (i) incompatible national eID models; (ii) different legislations with incompatible objectives; (iii) lack of common language and semantics; (iv) different common procedures, specially in what concerns mandates and delegation; (v) different implementations of the same eID models. These have been addressed by STORK, a project that developed a federated cross-border eID system that was piloted in about twenty European Union Member States in service sectors as sensitive as eBanking and eHealth. STORK designed and implemented a large-scale interoperability framework, allowing different systems of different models to coexist, using a common language with a common semantics and satisfying national privacy legislations. The experience gained from this large-scale pilot fed into EU policy-making, in particular, the recently enacted eIDAS Regulation requiring mutual recognition of eID by 2018 has been directly influenced by STORK and its lessons learned.

References

[1]

ISO/IEC 24760:2011, A framework for identity management. ISO Standards (2011)

[2]

Morgan, R.L.B., Cantor, S., Carmody, S., Hoehn, W., Klingenstein, K.: Federated security: the Shibboleth approach. EDUCAUSE Q. 27(4), 12---17 (2004)

[3]

Andersson, C., Camenisch, J., Crane, S., Fischer-Hubner, S., Leenes, R., Pearsorr, S., Pettersson, J.S., Sommer, D.: Trust in prime. In: Proceedings of the Fifth IEEE International Symposium on Signal Processing and Information Technology, 2005, IEEE, pp. 552---559 (2005)

[4]

Camenisch, J., Shelat, A., Sommer, D., Fischer-Hübner, S., Hansen, M., Krasemann, H., Lacoste, G., Leenes, R., Tseng, J.: Privacy and identity management for everyone. In: Proceedings of the 2005 Workshop on Digital Identity Management, pp. 20---27 (2005)

Digital Library

[5]

López, G., Cánovas, Ó., Gómez-Skarmeta, A.F., Girao, J.: A SWIFT take on identity management. Computer 42(5), 58---65 (2009)

Digital Library

[6]

Barisch, M., Garcia, E.T., Lischka, M., Marques, R., Marx, R., Matos, A., Mendez, A.P., Scheuermann, D.: Security and privacy enablers for future identity management systems. In: Future Network and Mobile Summit, 2010, IEEE Computer Society Press, pp. 1---10(2010)

[7]

Pérez, A., López, G., Cánovas, Ó., Gómez-Skarmeta, A.F.: Formal description of the SWIFT identity management framework. Future Gener. Comput. Syst. 27, 1113---1123 (2011)

Digital Library

[8]

Torres, J., Nogueira, M., Pujolle, G.: A survey on identity management for the future network. IEEE Commun. Surv. Tutor. 15, 787---802 (2013)

[9]

Dhamija, L., Dusseault, R.: The seven flaws of identity management. Secur. Priv. IEEE 6(2), 24---29 (2008)

Digital Library

[10]

JØsang, A., Zomai, M.A., Suriadi, S.: Usability and privacy in identity management architectures. In: Proceedings of the Fifth Australasian Symposium on ACSW Frontiers-vol. 68, pp. 143---152. Australian Computer Society, Inc. (2007)

Digital Library

[11]

Bertino, E., Takahashi, K.: Identity Management: Concepts, Technologies, and Systems. Artech House, Norwood (2010)

Digital Library

[12]

Maler, E., Reed, D.: The venn of identity: options and issues in federated identity management. IEEE Secur. Priv. 6(2), 16---23 (2008)

Digital Library

[13]

Chadwick, D.W., Inman, G.: Attribute aggregation in federated identity management. Computer 42, 33---40 (2009)

Digital Library

[14]

Sabouri, A., Rannenberg, K.: ABC4Trust: protecting privacy in identity management by bringing privacy-ABCs into real-life. In: Camenisch, J., Fischer-Hübner, S., Hansen, M. (eds.) Privacy and Identity Management for the Future Internet in the Age of Globalisation, pp. 3---16. Springer (2014)

[15]

Camenisch, J., Kohlweiss, M., Soriente, C.: An Accumulator Based on Bilinear Maps and Efficient Revocation for Anonymous Credentials. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 5443, pp. 481---500 (2009)

Digital Library

[16]

Zhang, X., Oh, S., Sandhu, R.: PBDM: a flexible delegation model in RBAC. In: 8th ACM Symposium on Access Control Models and Technologies, pp. 149---157 (2003)

Digital Library

[17]

Crampton, J., Khambhammettu, H.: Delegation in role-based access control. Int. J. Inf. Secur. 7, 123---136 (2008)

Digital Library

[18]

Sandhu, R., Bhamidipati, V., Munawer, Q.: The ARBAC97 model for role-based administration of roles. ACM Trans. Inf. Syst. Secur. 2, 105---135 (1999)

Digital Library

[19]

Turner, S., Housley, R., Farrell, S., Housley, R.: An internet attribute certificate profile for authorization. INTERNET-DRAFT (Work in Progress) (2010)

[20]

Li, N., Grosof, B.N., Feigenbaum, J.: Delegation logic: a logic-based approach to distributed authorization. ACM Trans. Inf. Syst. Secur. 6(1), 128---171 (2003)

Digital Library

[21]

Li, N., Mitchell, J.C., Winsborough, W.H.: Design of a role-based trust-management framework. In: IEEE Symposium on Security and Privacy, pp. 114---130 (2002)

Digital Library

[22]

Paquin, A.C., Zaverucha, G.: U-prove cryptographic specification V1. 1. Technical Report December, Microsoft Corporation (2013)

[23]

Camenisch, J., Van Herreweghen, E.: Design and implementation of the idemix anonymous credential system. In: 9th ACM Conference on Computer and Communications Security CCS 02, p. 21 (2002)

Digital Library

[24]

Acar, T., Nguyen, L.: Revocation for delegatable anonymous credentials. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 6571, pp. 423---440. LNCS (2011)

Digital Library

[25]

Belenkiy, M., Camenisch, J., Chase, M., Kohlweiss, M., Lysyanskaya, A., Shacham, H.: Randomizable proofs and delegatable anonymous credentials. In: Proceedings of Advances in Cryptology-CRYPTO 2009, pp. 108---125. Springer (2009)

Digital Library

[26]

Rissanen, T.: Electronic identity in Finland: ID cards vs. bank IDs. Identity Inf. Soc. 3, 175---194 (2010)

[27]

Martens, T.: Electronic identity management in Estonia between market and state governance (2010)

[28]

Kalja, A., Pold, J., Robal, T., Vallner, U.: Modernization of the e-government in Estonia. In: 2011 Proceedings of PICMET '11: Technology Management in the Energy Smart World (PICMET), pp. 1---7 (2011)

[29]

Moniava, G., Verheul, E., Schoenmakers, L.: Extending DigiD to the private sector (DigiD-2). Technical Report. Eindhoven University of Technology (2008)

[30]

Angulo, J., Fischer-Hübner, S., Wästlund, E., Pulls, T.: Towards usable privacy policy display and management. Inf. Manag. Comput. Secur. 20(1), 4---17 (2012)

[31]

Leitold, H., Tauber, A.: A systematic approach to legal identity management best practice Austria. In: Proceedings of the Information Security Solutions Europe 2011 Conference, vol. 32, pp. 1---11 (2011)

[32]

Arora, S.: National e-ID card schemes: a European overview. Information Security Technical Report, vol. 13, pp. 46---53 (2008)

Digital Library

[33]

Rossler, T.: Giving an interoperable e-ID solution: using foreign e-IDs in Austrian e-Government. Comput. Law Secur. Rep. 24, 447---453 (2008)

[34]

Sanchez Garcia, S., Gomez Olivia, A., Perez Belleboni, E., Pau de la Cruz, I.: Current trends in pan-European identity management systems. IEEE Technol. Soc. Mag. 31, 44---50 (2012)

[35]

Modinis, I.D.M.: Consortium and others: Modinis study on identity management in eGovernment. Common terminological framework for interoperable electronic identity management consultation Paper, vol. 2 (2005)

[36]

Leontaridis, L., Andersson, T., Leitold, H., Zwattendorfer, B., Yang, S., Lindholm, P.: The INDI ecosystem of privacy-aware, user-centric Identity. In: ISSE 2013 Securing Electronic Business Processes: Highlights of the Information Security Solutions Europe 2013 Conference, pp. 45---57 (2013)

[37]

Rossnagel, H., Camenisch, J., Fritsch, L., Gross, T., Houdeau, D., Huhnlein, D., Lehmann, A., Shamah, J.: FutureID--shaping the future of electronic identity. In: Proceedings of Annual Privacy Foru (2012)

[38]

Koulolias, V., Kountzeris, A., Leitold, H., Zwattendorfer, B., Crespo, A., Stern, M.: STORK e-privacy and security. In: Proceedings of 2011 5th International Conference on Network and System Security, NSS 2011, pp. 234---238 (2011)

[39]

Zwattendorfer, B., Sumelong, I., Leitold, H.: Middleware architecture for cross-border eID. In: Proceedings of the 2012 4th International Conference on Computational Aspects of Social Networks, CASoN 2012, IEEE, pp. 303---308 (2012)

[40]

STORK2.0 WP4: D4.9 Final version of functional design. Technical report, STORK2.0--secure idenTity acrOss boRders linKed 2.0 (2015)

[41]

Pedersen, T.P.: Non-interactive and information-theoretic secure verifiable secret sharing. In: CRYPTO '91, (London, UK), pp. 129---140. Springer (1992)

Digital Library

[42]

Perego, A., Fugazza, C., Vaccari, L., Lutz, M., Smits, P., Kanellopoulos, I., Schade, S.: Harmonization and interoperability of EU environmental information and services. Intell. Syst. IEEE 27(3), 33---39 (2012)

Digital Library

[43]

Graux, H., Majava, J.: eID interoperability for PEGS proposal for a multi-level authentication mechanism and a mapping of existing authentication mechanisms. Technical Report December, EU IDABC (2007)

[44]

ISO/IEC:29115:2013: Information technology--security techniques--entity authentication assurance framework. Technical report, International Organization for Standardization (2013)

[45]

Volker Reible, T.S.: D6.1.5 Cross border authentication for electronic services--Final Report, Technical report, STORK Project (2011)

[46]

Axfjör, A.F., Jónsson, G.K., Leitold, H., Reynisdóttir, Ö.H.: D6.2.5 SaferChat Final Report, Technical report, STORK, IS MoF, AT TUG (2011)

[47]

Ribeiro, C., Kolbitsch, J., Mahlapuu, L., Oreglia, M., Santapau, P., Andreu, V.: D6.3.5 Student Mobility Final Report. Technical report, STORK (2011)

[48]

Pelan, A., Tauber, A.: D6.4.5 eDelivery Final Report. Technical report, STORK (2011)

[49]

Felix, L.: D6.5.5 Change of Address Final Report. Technical report, STORK (2011)

[50]

Andreu, V., Aragó, F., Prša, J., Kalogirou, V., Stasis, A., Tsiafoulis, S., Lelis, S., Samper, R., Másson, S., Venuto, G., Coutandin, E., Krasauskas, V., Velicka, A., Ribeiro, C., Klobuă?ar, T.G.C., Heppe, J., Torroglosa, E., Ortiz, J., Popov, O., Januta, A., Karabat, Ç., Medeny, T., Topham, S., Gay, J., Crespo, A., Little, R., Piñuela, A., Graux, H.: D5.1.5 eAcademia Pilot Final Report. Technical report, STORK 2.0 (2015)

[51]

Smith, E., Topham, S., Stewart, P., Little, R.: D5.2.5 eBanking Pilot Final Report. Technical report, STORK 2.0 (2015)

[52]

Leitold, H., Suzic, B., Saartee, P., Kalogirou, V., Tsiafoulis, R.R., Samper, S., Fabbrizi, P., Mitzman, D., van der Burght, H., Vennekens, I.: D5.3.5 eGov4Business Pilot Final Report. Technical report, STORK 2.0 (2015)

[53]

Scharinger, R., Heider, G., Topham, S., Gay, J., Stewart, P.: D5.4.5 eHealth pilot Final Report. Technical report, STORK 2.0 (2015)

[54]

European Parliament and Council of the European Union: Regulation (EU) No 1501/2015. Off. J. Eur. Union L(235), 1---6 (2015)

Cited By

Lips SVinogradova NKrimmer RDraheim D(2022)Re-Shaping the EU Digital Identity FrameworkProceedings of the 23rd Annual International Conference on Digital Government Research10.1145/3543434.3543652(13-21)Online publication date: 15-Jun-2022
https://dl.acm.org/doi/10.1145/3543434.3543652
Pöhn DHommel WVolkamer MWressnegger C(2020)An overview of limitations and approaches in identity managementProceedings of the 15th International Conference on Availability, Reliability and Security10.1145/3407023.3407026(1-10)Online publication date: 25-Aug-2020
https://dl.acm.org/doi/10.1145/3407023.3407026
Rocha Jde Castro APinto JChagas do Nascimento RFelici-Castell SSamper Zapater J(2020)Spanish and portuguese eIDAS node evolution for electronic identification of European citizensProceedings of the 10th Euro-American Conference on Telematics and Information Systems10.1145/3401895.3402094(1-5)Online publication date: 25-Nov-2020
https://dl.acm.org/doi/10.1145/3401895.3402094
Show More Cited By

Recommendations

Toward Interoperability Approach between Federated Systems
BDCA'17: Proceedings of the 2nd international Conference on Big Data, Cloud and Applications

The main evolution of web services and its exploitation enforce new security challenges, especially in terms of digital identity life cycle management. A set of Identity Management Systems exist to deal with these identities, in order to improve users' ...
Attribute Aggregation in Federated Identity Management

Most federated identity management systems are limited by users' ability to choose only one identity provider per service session. A proposed linking service lets users securely link their various identity provider (IdP) accounts, enabling the system to ...
Is Europe Ready for a Pan-European Identity Management System?

European public administrations must manage citizens' digital identities, particularly considering interoperability among different countries. Owing to the diversity of electronic identity management (eIDM) systems, when users of one such system seek to ...

Comments

Information & Contributors

Information

Published In

cover image International Journal of Information Security

International Journal of Information Security Volume 17, Issue 5

October 2018

119 pages

ISSN:1615-5262

EISSN:1615-5270

Issue’s Table of Contents

Copyright © Copyright © 2018 Springer-Verlag GmbH Germany, part of Springer Nature.

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 01 October 2018

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 09 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Lips SVinogradova NKrimmer RDraheim D(2022)Re-Shaping the EU Digital Identity FrameworkProceedings of the 23rd Annual International Conference on Digital Government Research10.1145/3543434.3543652(13-21)Online publication date: 15-Jun-2022
https://dl.acm.org/doi/10.1145/3543434.3543652
Pöhn DHommel WVolkamer MWressnegger C(2020)An overview of limitations and approaches in identity managementProceedings of the 15th International Conference on Availability, Reliability and Security10.1145/3407023.3407026(1-10)Online publication date: 25-Aug-2020
https://dl.acm.org/doi/10.1145/3407023.3407026
Rocha Jde Castro APinto JChagas do Nascimento RFelici-Castell SSamper Zapater J(2020)Spanish and portuguese eIDAS node evolution for electronic identification of European citizensProceedings of the 10th Euro-American Conference on Telematics and Information Systems10.1145/3401895.3402094(1-5)Online publication date: 25-Nov-2020
https://dl.acm.org/doi/10.1145/3401895.3402094
Rocha JSerrano MPérez LTudela Ade Castro APinto JChagas do Nascimento RFelici-Castell SSamper Zapater J(2020)AS4 message exchange protocol consolidation through the European CEF eDelivery infrastructureProceedings of the 10th Euro-American Conference on Telematics and Information Systems10.1145/3401895.3402057(1-7)Online publication date: 25-Nov-2020
https://dl.acm.org/doi/10.1145/3401895.3402057

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Issue’s Table of Contents