Skip to main content
SpringerLink
Log in

STORK: a real, heterogeneous, large-scale eID management system

  • Regular Contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

Verifying who someone is on the Internet is a prerequisite for online services that process sensitive or valuable information. While this has been solved with national or sectorial electronic identification (eID) schemes, general, cross-border solutions are rare. Cross-border eID difficulties have several origins: (i) incompatible national eID models; (ii) different legislations with incompatible objectives; (iii) lack of common language and semantics; (iv) different common procedures, specially in what concerns mandates and delegation; (v) different implementations of the same eID models. These have been addressed by STORK, a project that developed a federated cross-border eID system that was piloted in about twenty European Union Member States in service sectors as sensitive as eBanking and eHealth. STORK designed and implemented a large-scale interoperability framework, allowing different systems of different models to coexist, using a common language with a common semantics and satisfying national privacy legislations. The experience gained from this large-scale pilot fed into EU policy-making, in particular, the recently enacted eIDAS Regulation requiring mutual recognition of eID by 2018 has been directly influenced by STORK and its lessons learned.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4

Source: [39]

Fig. 5
Fig. 6

Similar content being viewed by others

Notes

  1. An identity federation is an established partnership between organizations, countries or any number of entities, to allow the exchange of individuals attributes using common agreed namespaces, protocols and technologies to enable interoperability and create a network of trust between the federation members [11].

  2. http://ec.europa.eu/idabc.

References

  1. ISO/IEC 24760:2011, A framework for identity management. ISO Standards (2011)

  2. Morgan, R.L.B., Cantor, S., Carmody, S., Hoehn, W., Klingenstein, K.: Federated security: the Shibboleth approach. EDUCAUSE Q. 27(4), 12–17 (2004)

    Google Scholar 

  3. Andersson, C., Camenisch, J., Crane, S., Fischer-Hubner, S., Leenes, R., Pearsorr, S., Pettersson, J.S., Sommer, D.: Trust in prime. In: Proceedings of the Fifth IEEE International Symposium on Signal Processing and Information Technology, 2005, IEEE, pp. 552–559 (2005)

  4. Camenisch, J., Shelat, A., Sommer, D., Fischer-Hübner, S., Hansen, M., Krasemann, H., Lacoste, G., Leenes, R., Tseng, J.: Privacy and identity management for everyone. In: Proceedings of the 2005 Workshop on Digital Identity Management, pp. 20–27 (2005)

  5. López, G., Cánovas, Ó., Gómez-Skarmeta, A.F., Girao, J.: A SWIFT take on identity management. Computer 42(5), 58–65 (2009)

    Article  Google Scholar 

  6. Barisch, M., Garcia, E.T., Lischka, M., Marques, R., Marx, R., Matos, A., Mendez, A.P., Scheuermann, D.: Security and privacy enablers for future identity management systems. In: Future Network and Mobile Summit, 2010, IEEE Computer Society Press, pp. 1–10(2010)

  7. Pérez, A., López, G., Cánovas, Ó., Gómez-Skarmeta, A.F.: Formal description of the SWIFT identity management framework. Future Gener. Comput. Syst. 27, 1113–1123 (2011)

    Article  Google Scholar 

  8. Torres, J., Nogueira, M., Pujolle, G.: A survey on identity management for the future network. IEEE Commun. Surv. Tutor. 15, 787–802 (2013)

    Article  Google Scholar 

  9. Dhamija, L., Dusseault, R.: The seven flaws of identity management. Secur. Priv. IEEE 6(2), 24–29 (2008)

    Article  Google Scholar 

  10. Jøsang, A., Zomai, M.A., Suriadi, S.: Usability and privacy in identity management architectures. In: Proceedings of the Fifth Australasian Symposium on ACSW Frontiers-vol. 68, pp. 143–152. Australian Computer Society, Inc. (2007)

  11. Bertino, E., Takahashi, K.: Identity Management: Concepts, Technologies, and Systems. Artech House, Norwood (2010)

    Google Scholar 

  12. Maler, E., Reed, D.: The venn of identity: options and issues in federated identity management. IEEE Secur. Priv. 6(2), 16–23 (2008)

    Article  Google Scholar 

  13. Chadwick, D.W., Inman, G.: Attribute aggregation in federated identity management. Computer 42, 33–40 (2009)

    Article  Google Scholar 

  14. Sabouri, A., Rannenberg, K.: ABC4Trust: protecting privacy in identity management by bringing privacy-ABCs into real-life. In: Camenisch, J., Fischer-Hübner, S., Hansen, M. (eds.) Privacy and Identity Management for the Future Internet in the Age of Globalisation, pp. 3–16. Springer (2014)

  15. Camenisch, J., Kohlweiss, M., Soriente, C.: An Accumulator Based on Bilinear Maps and Efficient Revocation for Anonymous Credentials. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 5443, pp. 481–500 (2009)

  16. Zhang, X., Oh, S., Sandhu, R.: PBDM: a flexible delegation model in RBAC. In: 8th ACM Symposium on Access Control Models and Technologies, pp. 149–157 (2003)

  17. Crampton, J., Khambhammettu, H.: Delegation in role-based access control. Int. J. Inf. Secur. 7, 123–136 (2008)

    Article  Google Scholar 

  18. Sandhu, R., Bhamidipati, V., Munawer, Q.: The ARBAC97 model for role-based administration of roles. ACM Trans. Inf. Syst. Secur. 2, 105–135 (1999)

    Article  Google Scholar 

  19. Turner, S., Housley, R., Farrell, S., Housley, R.: An internet attribute certificate profile for authorization. INTERNET-DRAFT (Work in Progress) (2010)

  20. Li, N., Grosof, B.N., Feigenbaum, J.: Delegation logic: a logic-based approach to distributed authorization. ACM Trans. Inf. Syst. Secur. 6(1), 128–171 (2003)

    Article  Google Scholar 

  21. Li, N., Mitchell, J.C., Winsborough, W.H.: Design of a role-based trust-management framework. In: IEEE Symposium on Security and Privacy, pp. 114–130 (2002)

  22. Paquin, A.C., Zaverucha, G.: U-prove cryptographic specification V1. 1. Technical Report December, Microsoft Corporation (2013)

  23. Camenisch, J., Van Herreweghen, E.: Design and implementation of the idemix anonymous credential system. In: 9th ACM Conference on Computer and Communications Security CCS 02, p. 21 (2002)

  24. Acar, T., Nguyen, L.: Revocation for delegatable anonymous credentials. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 6571, pp. 423–440. LNCS (2011)

  25. Belenkiy, M., Camenisch, J., Chase, M., Kohlweiss, M., Lysyanskaya, A., Shacham, H.: Randomizable proofs and delegatable anonymous credentials. In: Proceedings of Advances in Cryptology-CRYPTO 2009, pp. 108–125. Springer (2009)

  26. Rissanen, T.: Electronic identity in Finland: ID cards vs. bank IDs. Identity Inf. Soc. 3, 175–194 (2010)

    Article  Google Scholar 

  27. Martens, T.: Electronic identity management in Estonia between market and state governance (2010)

  28. Kalja, A., Pold, J., Robal, T., Vallner, U.: Modernization of the e-government in Estonia. In: 2011 Proceedings of PICMET ’11: Technology Management in the Energy Smart World (PICMET), pp. 1–7 (2011)

  29. Moniava, G., Verheul, E., Schoenmakers, L.: Extending DigiD to the private sector (DigiD-2). Technical Report. Eindhoven University of Technology (2008)

  30. Angulo, J., Fischer-Hübner, S., Wästlund, E., Pulls, T.: Towards usable privacy policy display and management. Inf. Manag. Comput. Secur. 20(1), 4–17 (2012)

    Article  Google Scholar 

  31. Leitold, H., Tauber, A.: A systematic approach to legal identity management best practice Austria. In: Proceedings of the Information Security Solutions Europe 2011 Conference, vol. 32, pp. 1–11 (2011)

  32. Arora, S.: National e-ID card schemes: a European overview. Information Security Technical Report, vol. 13, pp. 46–53 (2008)

  33. Rossler, T.: Giving an interoperable e-ID solution: using foreign e-IDs in Austrian e-Government. Comput. Law Secur. Rep. 24, 447–453 (2008)

    Article  Google Scholar 

  34. Sanchez Garcia, S., Gomez Olivia, A., Perez Belleboni, E., Pau de la Cruz, I.: Current trends in pan-European identity management systems. IEEE Technol. Soc. Mag. 31, 44–50 (2012)

    Article  Google Scholar 

  35. Modinis, I.D.M.: Consortium and others: Modinis study on identity management in eGovernment. Common terminological framework for interoperable electronic identity management consultation Paper, vol. 2 (2005)

  36. Leontaridis, L., Andersson, T., Leitold, H., Zwattendorfer, B., Yang, S., Lindholm, P.: The INDI ecosystem of privacy-aware, user-centric Identity. In: ISSE 2013 Securing Electronic Business Processes: Highlights of the Information Security Solutions Europe 2013 Conference, pp. 45–57 (2013)

  37. Rossnagel, H., Camenisch, J., Fritsch, L., Gross, T., Houdeau, D., Huhnlein, D., Lehmann, A., Shamah, J.: FutureID—shaping the future of electronic identity. In: Proceedings of Annual Privacy Foru (2012)

  38. Koulolias, V., Kountzeris, A., Leitold, H., Zwattendorfer, B., Crespo, A., Stern, M.: STORK e-privacy and security. In: Proceedings of 2011 5th International Conference on Network and System Security, NSS 2011, pp. 234–238 (2011)

  39. Zwattendorfer, B., Sumelong, I., Leitold, H.: Middleware architecture for cross-border eID. In: Proceedings of the 2012 4th International Conference on Computational Aspects of Social Networks, CASoN 2012, IEEE, pp. 303–308 (2012)

  40. STORK2.0 WP4: D4.9 Final version of functional design. Technical report, STORK2.0—secure idenTity acrOss boRders linKed 2.0 (2015)

  41. Pedersen, T.P.: Non-interactive and information-theoretic secure verifiable secret sharing. In: CRYPTO ’91, (London, UK), pp. 129–140. Springer (1992)

  42. Perego, A., Fugazza, C., Vaccari, L., Lutz, M., Smits, P., Kanellopoulos, I., Schade, S.: Harmonization and interoperability of EU environmental information and services. Intell. Syst. IEEE 27(3), 33–39 (2012)

    Article  Google Scholar 

  43. Graux, H., Majava, J.: eID interoperability for PEGS proposal for a multi-level authentication mechanism and a mapping of existing authentication mechanisms. Technical Report December, EU IDABC (2007)

  44. ISO/IEC:29115:2013: Information technology—security techniques—entity authentication assurance framework. Technical report, International Organization for Standardization (2013)

  45. Volker Reible, T.S.: D6.1.5 Cross border authentication for electronic services—Final Report, Technical report, STORK Project (2011)

  46. Axfjör, A.F., Jónsson, G.K., Leitold, H., Reynisdóttir, Ö.H.: D6.2.5 SaferChat Final Report, Technical report, STORK, IS MoF, AT TUG (2011)

  47. Ribeiro, C., Kolbitsch, J., Mahlapuu, L., Oreglia, M., Santapau, P., Andreu, V.: D6.3.5 Student Mobility Final Report. Technical report, STORK (2011)

  48. Pelan, A., Tauber, A.: D6.4.5 eDelivery Final Report. Technical report, STORK (2011)

  49. Felix, L.: D6.5.5 Change of Address Final Report. Technical report, STORK (2011)

  50. Andreu, V., Aragó, F., Prša, J., Kalogirou, V., Stasis, A., Tsiafoulis, S., Lelis, S., Samper, R., Másson, S., Venuto, G., Coutandin, E., Krasauskas, V., Velicka, A., Ribeiro, C., Klobučar, T.G.C., Heppe, J., Torroglosa, E., Ortiz, J., Popov, O., Januta, A., Karabat, Ç., Medeny, T., Topham, S., Gay, J., Crespo, A., Little, R., Piñuela, A., Graux, H.: D5.1.5 eAcademia Pilot Final Report. Technical report, STORK 2.0 (2015)

  51. Smith, E., Topham, S., Stewart, P., Little, R.: D5.2.5 eBanking Pilot Final Report. Technical report, STORK 2.0 (2015)

  52. Leitold, H., Suzic, B., Saartee, P., Kalogirou, V., Tsiafoulis, R.R., Samper, S., Fabbrizi, P., Mitzman, D., van der Burght, H., Vennekens, I.: D5.3.5 eGov4Business Pilot Final Report. Technical report, STORK 2.0 (2015)

  53. Scharinger, R., Heider, G., Topham, S., Gay, J., Stewart, P.: D5.4.5 eHealth pilot Final Report. Technical report, STORK 2.0 (2015)

  54. European Parliament and Council of the European Union: Regulation (EU) No 1501/2015. Off. J. Eur. Union L(235), 1–6 (2015)

    Google Scholar 

Download references

Acknowledgements

STORK and STORK 2.0 were co-funded by the European Commission under the Competitiveness and Innovation Framework Programme, ICT Policy Support Programme.

Author information

Authors and Affiliations

  1. Instituto Superior Tcnico, Universidade de Lisboa, Av. Rovisco Pais, 1, 1049-001, Lisboa, Portugal

    Carlos Ribeiro & Simon Esposito

  2. A-SIT, Secure Information Technology Center, Austria Inffeldgasse 16a, 8010, Graz, Austria

    Herbert Leitold

  3. Infocamera, Padova, Italy

    David Mitzam

Authors
  1. Carlos Ribeiro
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Herbert Leitold
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Simon Esposito
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. David Mitzam
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Carlos Ribeiro.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Ribeiro, C., Leitold, H., Esposito, S. et al. STORK: a real, heterogeneous, large-scale eID management system. Int. J. Inf. Secur. 17, 569–585 (2018). https://doi.org/10.1007/s10207-017-0385-x

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-017-0385-x

Keywords

Search

Navigation