e-Identity

The objective of the e-SENS building block e-ID is to establish cross border recognition and e-identification validation that meets the requirements set for e-Government applications in different domains. Thus e-SENS permits businesses, citizens and government employees to use the presently widespread (national) identities in cross-border public and private services. The solution includes the know-how gained in STORK which is developed to provide infrastructure for cross-border use of government-endorsed electronic identities and exchange of attributes, including roles and mandates as needed by various on-line services.

 

The e-ID group identified 2 areas of focus, namely cross-border e-ID Interoperability Architecture and Attribute Provider.    

 

 e-ID architecture

Cross-border e-ID Interoperability Architecture consists of following architectural BBs (ABB):

1. Quality Authentication Assurance

  • Quality Assurance Agency (QAA) Levels: This terms indicates the levels of authentication assurance between a national and e-SENS e-ID solutions. 

 

2. Authentication Exchange Protocol

  • It defines the SAML v2.0-based protocol which is used to forward query and get replies from the IdP during a cross-border authentication procedure.

 

3.  Authentication Exchange Forward

  • It is concerned with the forwarding of Authentication requests and response from/to the service provider to/from the Identity provider.

 

4.  Mobile e-ID

  • Growing popularity of mobile technologies and a general trend towards mobile computing indicate that mobile e-ID solution will be playing an increasingly important role in future. However, while the smart card-based e-ID and e-signature solutions are already widespread across Europe, mobile e-ID and e-signature solutions are still not available in all countries. Therefore, the central goal is to develop and provide of the mobile e-ID and e-signature building blocks that help countries in deploy mobile e-ID and e-signature solutions. Considering different legal, organizational, and technical conditions in different countries, this building block must be highly flexible in order to adapt to special requirements provided under different deployment scenarios.
  • To achieve this goal, a set of actions has been taken targeting the provision of a ramp-up solution that supports European countries in deploying own mobile e-ID solutions. As a result, a web application is being developed, which will act as interoperability layer between national infrastructure components and different mobile e-ID solutions.
  • Mobile e-ID solutions have been identified as relevant components of current e-ID solutions. At the inventory checking phase, several building block candidates have been identified that have the potential to help achieve these goals. Despite the fact that the Mobile e-ID is a high-potential market and exists in several European countries, a majority of the countries still use traditional e-ID solutions based on smart cards.

 

Attribute Provider

An attribute provider (AP) is defined as a service trusted by one or more entities that provides digital identity-related “attributes” (i.e. specific data describing that identity that may be either a natural or a legal person). It has three architectural building blocks:

  • Attribute Exchange Protocol – it  addresses the protocol used to forward query and get replies from the IdP and the AP during a cross-border attribute exchange procedure (and after an authentication procedure). 
  • Attribute Exchange Forward - this ABB is concerned with the forwarding of Attribute requests and response from/to the service provider to/from the Attribute Provider.