Improvements of pan-European IDM Architecture to Enable Identity Delegation Based on X.509 Proxy Certificates and SAML

Abstract : To foster the secure use of telematic services provided by public institutions, most European countries - and others in the rest of the world - are promoting electronic identification systems among their citizens to enable fully reliable identification. However, in today's globalized environment, it is becoming more common for citizens and entities of a given country, with their own electronic credentials under the legal framework of their country, to seek access to the public services provided by other countries with different legal frameworks and credentials. At present, a number of projects in the European Union are attempting to solve the problem through the use of pan-European identity management systems that ensure interoperability between the public institutions of different Member States. However, the solutions adopted to date are inadequate, for they do not envision all possible cases of user interaction with institutions. Specifically, they fail to address a very important aspect provided in different national legal systems, namely delegation of identity, by which a citizen can authorize another to act on his or her behalf in accessing certain services provided by public institutions. This paper provides a thorough analysis of problems of delegation and proposes an architecture based on X.509 Proxy Certificates and SAML assertions to enable delegation in provision of services in the complex and heterogeneous environment presented by the public institutions of the European Union as a whole.
Type de document :
Communication dans un congrès
Pierangela Samarati; Michael Tunstall; Joachim Posegga; Konstantinos Markantonakis; Damien Sauveron. 4th IFIP WG 11.2 International Workshop on Information Security Theory and Practices: Security and Privacy of Pervasive Systems and Smart Devices (WISTP), Apr 2010, Passau, Germany. Springer, Lecture Notes in Computer Science, LNCS-6033, pp.183-198, 2010, Information Security Theory and Practices. Security and Privacy of Pervasive Systems and Smart Devices. 〈10.1007/978-3-642-12368-9_13〉
Liste complète des métadonnées

Littérature citée [10 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01056087
Contributeur : Hal Ifip <>
Soumis le : jeudi 14 août 2014 - 17:51:42
Dernière modification le : vendredi 11 août 2017 - 15:12:59
Document(s) archivé(s) le : jeudi 27 novembre 2014 - 01:37:59

Fichier

60330185.pdf
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Sergio Sánchez García, Ana Gómez Oliva. Improvements of pan-European IDM Architecture to Enable Identity Delegation Based on X.509 Proxy Certificates and SAML. Pierangela Samarati; Michael Tunstall; Joachim Posegga; Konstantinos Markantonakis; Damien Sauveron. 4th IFIP WG 11.2 International Workshop on Information Security Theory and Practices: Security and Privacy of Pervasive Systems and Smart Devices (WISTP), Apr 2010, Passau, Germany. Springer, Lecture Notes in Computer Science, LNCS-6033, pp.183-198, 2010, Information Security Theory and Practices. Security and Privacy of Pervasive Systems and Smart Devices. 〈10.1007/978-3-642-12368-9_13〉. 〈hal-01056087〉

Partager

Métriques

Consultations de la notice

69

Téléchargements de fichiers

280