Abstract
Achieving interoperability, i.e. creating identity federations between different Electronic identities (eID) systems, has gained relevance throughout the past years. A serious problem of identity federations is the missing harmonization between various attribute providers (APs). In closed eID systems, ontologies allow a higher degree of automation in the process of aligning and aggregating attributes from different APs. This approach does not work for identity federations, as each eID system uses its own ontology to represent its attributes. Furthermore, providing attributes to intermediate entities required to align and aggregate attributes potentially violates privacy rules. To tackle these problems, we propose the use of combined ontology-alignment (OA) approaches and locality-sensitive hashing (LSH) functions. We assess existing implementations of these concepts defining and using criteria that are special for identity federations. Obtained results confirm that proper implementations of these concepts exist and that they can be used to achieve interoperability between eID systems on attribute level. A prototype is implemented showing that combining the two assessment winners (AlignAPI for ontology-alignment and Nilsimsa for LSH functions) achieves interoperability between eID systems. In addition, the improvement obtained in the alignment process by combining the two assessment winners does not impact negatively the privacy of the user’s data, since no clear-text data is exchanged in the alignment process.
Highlights
Electronic identities have become a critical concept of electronic services from both the private and the public sector
Running tests with the two ontologies Ontology 1 (O1) and O2 yielded 22 matchings found by the AlignAPI and only one match found by PROMPT
This way, we investigated the capabilities of our prototype to deal with different input data
Summary
Electronic identities (eID) have become a critical concept of electronic services from both the private and the public sector. Recalling the e-government example, eIDs assigned to citizens by a national government can only be used to identify and authenticate at relying parties from the same country As this is a significant limitation, several attempts have been made during the past years to achieve interoperability between different identity systems, i.e. to establish an eID federation. This lack of harmonization raises problems, if attribute providers from different identity systems store attributes of one and the same user In this case, attributes from different identity systems potentially need to be aligned and aggregated during identification/authentication processes. We present results obtained in a prototype implementation using the winner solutions of our evaluation This way, this paper represents a major step towards privacy-preserving attribute aggregation in federated eID systems.
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: Complex Systems Informatics and Modeling Quarterly
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
