۱- Introduction

۲- Background

۳- Related work

۴- Proposed solution

۵- Prototype implementation

۶- Evaluation

۷- Conclusions Funding

References

Abstract

Personalized electronic services, e.g. from the e-government domain, need to reliably identify and authenticate users. During user-authentication processes, the electronic identity of the respective user is determined and required additional attributes, e.g. name and date of birth, linked to this identity are collected. This attribute-collection process can become complex, especially if required attributes are distributed over various attribute providers that are organized in a federated identity-management system. In many cases, these identity management systems rely on different ontologies and make use of different languages. Hence, identity federations, such as the one currently established across the European Union, require effective solutions to collect user attributes from different heterogeneous sources and aggregate them to a holistic user facet. At the same time, these solutions need to comply with minimum disclosure rules to preserve users’ privacy. In this article, we propose and introduce a solution for privacy-preserving attribute aggregation. Our solution combines attributes from different domains using ontology alignment and makes use of locality sensitive hashing functions to preserve users’ privacy. Evaluation results obtained from conducted experiments demonstrate our solution’s advantages for both, service providers and users. While service providers can be provided with a larger set of attributes, users remain in full control of their data and can decide on which of their attributes shall be revealed.

Introduction

Governments and public administrations face the challenge to continuously improve their e-government infrastructures in order to cope with fast-changing requirements and to provide citizens useful electronic services. During recent years, interoperability between e-government solutions has been on the agenda of many public-sector organisations [1]. In particular, achieving interoperability between different national electronic identity (eID) solutions has been a topic of growing interest, as electronic identification and authentication are crucial building blocks of transactional e-government services. The European Union (EU) and its Member States (MS) are a prime example of this. For many years, EU MSs have developed and rolled out country-specific eID solutions independently from each other. As a result, citizens from, for example MS A have been unable to use their eIDs to authenticate at e-government services provided in MS B, undermining the idea of a converging European society and a digital single market. To solve these issues, the EU has been committing efforts to the study of heterogeneity in existing European eID systems and the legal implications that need to be addressed when these systems aim to become interoperable. An example of the efforts committed to achieve interoperability between European e-government and eID solutions are the EU-funded Large Scale Pilots (LSP) eCodex1 , epSOS2 , PEPPOL3, SPOCS4 , STORK, and STORK 2.05 . Their goal is to bring interoperability to different public-sector domains such as justice, health care, and procurement. With regard to eID, the LSPs STORK and STORK 2.0 are especially worth mentioning, as they have yielded a first interoperability solution for national eID systems by developing an identity federation (IF) framework.