{"title":"跨界eID的中间件体系结构","authors":"Bernd Zwattendorfer, Ivo Sumelong, H. Leitold","doi":"10.1109/CASoN.2012.6412419","DOIUrl":null,"url":null,"abstract":"Many European states have issued electronic identities (eID) to its citizens since the early 2000s. Several have reached full coverage and usually high assurance credentials, such as smartcards, USB crypto tokens, or mobile phone eIDs are used. This lead to an impressive security infrastructure to authenticate at online services that, however, evolved as national silos - interoperability was no priority for a while. To overcome this, 18 European states have joined forces in the large scale pilot STORK. A SAML-based technical solution for cross-border eID federation between states has been designed, implemented, and finally piloted in a number of production services. In this paper we present the STORK middleware architecture that has been developed by Austria and Germany. Its main characteristic is a decentralized deployment that gives some end-to-end security and privacy advantages, but also needs particular attention to meet scalability challenges. This is compared to the STORK proxy model, an alternative centralized deployment approach that was chosen by other states. Federation between the two architectures is described, with particular attention to security and privacy aspects.","PeriodicalId":431370,"journal":{"name":"2012 Fourth International Conference on Computational Aspects of Social Networks (CASoN)","volume":"63 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2012-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"Middleware architecture for cross-border eID\",\"authors\":\"Bernd Zwattendorfer, Ivo Sumelong, H. Leitold\",\"doi\":\"10.1109/CASoN.2012.6412419\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Many European states have issued electronic identities (eID) to its citizens since the early 2000s. Several have reached full coverage and usually high assurance credentials, such as smartcards, USB crypto tokens, or mobile phone eIDs are used. This lead to an impressive security infrastructure to authenticate at online services that, however, evolved as national silos - interoperability was no priority for a while. To overcome this, 18 European states have joined forces in the large scale pilot STORK. A SAML-based technical solution for cross-border eID federation between states has been designed, implemented, and finally piloted in a number of production services. In this paper we present the STORK middleware architecture that has been developed by Austria and Germany. Its main characteristic is a decentralized deployment that gives some end-to-end security and privacy advantages, but also needs particular attention to meet scalability challenges. This is compared to the STORK proxy model, an alternative centralized deployment approach that was chosen by other states. Federation between the two architectures is described, with particular attention to security and privacy aspects.\",\"PeriodicalId\":431370,\"journal\":{\"name\":\"2012 Fourth International Conference on Computational Aspects of Social Networks (CASoN)\",\"volume\":\"63 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2012-11-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2012 Fourth International Conference on Computational Aspects of Social Networks (CASoN)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CASoN.2012.6412419\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2012 Fourth International Conference on Computational Aspects of Social Networks (CASoN)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CASoN.2012.6412419","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Many European states have issued electronic identities (eID) to its citizens since the early 2000s. Several have reached full coverage and usually high assurance credentials, such as smartcards, USB crypto tokens, or mobile phone eIDs are used. This lead to an impressive security infrastructure to authenticate at online services that, however, evolved as national silos - interoperability was no priority for a while. To overcome this, 18 European states have joined forces in the large scale pilot STORK. A SAML-based technical solution for cross-border eID federation between states has been designed, implemented, and finally piloted in a number of production services. In this paper we present the STORK middleware architecture that has been developed by Austria and Germany. Its main characteristic is a decentralized deployment that gives some end-to-end security and privacy advantages, but also needs particular attention to meet scalability challenges. This is compared to the STORK proxy model, an alternative centralized deployment approach that was chosen by other states. Federation between the two architectures is described, with particular attention to security and privacy aspects.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
