IDABC - Federated eID

Search on EUROPA


	The Programme

	Projects

	Your Europe

	eProcurement

	Interoperability

	eSignature

	Resources

	IDABC Events

	Public consultations

The IDABC programme has ended in 2009 and the page you are visiting has been frozen. Thank you for your visit.

Call for Tenders

FAQ

Federated eID

Federated Identity is an increasingly important concept that can offer governments and businesses a convenient and secure way to control identity information, whilst helping promote the take-up of eGovernment and eCommerce services. Federated Identity Management (FIM) also has great promise in terms of development of cross-border eGovernment, potentially allowing citizens to flexibly access online services, regardless of the country they are in.

A federated identity based system allows users to log on using a single username and password or other authentication device, rather than logging in with separate identifiers to carry out different transactions, such as filing a tax return or applying for parking permits. In a federated system, the user logs in to what is known as a circle of trust. This is a federation of service providers and identity providers that agree to rely on one another to authenticate their respective users and vouch for their access to services in a secure and apparently seamless environment, thus removing the need for multiple logins.

FIM systems were initially developed in the private sector by companies such as American Express, Boeing, General Motors and Nokia. One example of a straightforward FIM system is banking ATM networks: banks use simple authentication at the point of transaction (bank cards and PIN codes) to allow customers to withdraw funds from their accounts even though they may not be using an ATM belonging to their home bank and may even be in another country. The banks that have agreed to trust one another make the necessary transfers of funds ‘behind the scenes’ once a customer has withdrawn money.

Moving FIM forward with the Liberty Alliance

Momentum behind more widespread adoption of FIM is now building up thanks to the Liberty Alliance, an international organisation with a membership of more than 150 companies, non-profit and government bodies. The Liberty Alliance project is dedicated to building a federated identity standard based on open technology specifications with inbuilt privacy controls. The standards are compliant with international regulations, including EU data protection legislation (see box), and Liberty Alliance issues Liberty Interoperable Certifications that validate implementations and are designed to drive take-up of the standards. The Liberty Alliance approach contrasts with more centralised, proprietary systems as pioneered by organizations such as Microsoft with its .Net Passport system. In late 2004, the Liberty Alliance added a number of new members, including IBM and Adobe, providing a major boost to its approach.

Liberty Alliance specifications describe the federated architecture and provide policy and security guidance, define transport bindings and usage profiles for abstract protocols, give detailed implementation guidelines and checklists, and list mandatory and optional features. For exchanging authentication information within the circle of trust, Liberty Alliance has developed specifications based on Security Assertion Markup Language (SAML). The Liberty Alliance is now readying itself to include SAML 2.0 in its interoperability testing programme. Development of SAML 2.0 has been overseen by OASIS, the Organisation for the Advancement of Structured Information Standards.

FIM – the potential for eGovernment

The potential benefits of FIM in terms of eGovernment services to citizens and businesses are underlined by the fact that several government organizations have become Liberty Alliance members. One sponsor member is the French government agency for the development of electronic administration (ADAE – Agence pour le Développement de l’AdministrationÉlectronique), which is set to develop its identity management architecture in accordance with Liberty Alliance specifications.

In order to develop the French administration’s personalised portal, aimed at citizens and businesses, ADAE was tasked with finding a solution that would simplify access without concentrating identifiers in a central database. FIM was identified as a potential answer to this requirement, and ADAE joined the Liberty Alliance in mid - 2004.

From ADAE’s point of view, FIM technology has many advantages for establishing standards of user identity management. These advantages go beyond the basic benefit of access simplification. For example, FIM can reduce the investment in authentication systems by each government department or level of administration. By its nature, FIM is also well-suited to federal organisations and so can be used to link national and local services, with the possibility in the future of expanding to include European services.

ADAE is also working on a proof of concept aimed at improving the user experience of federated identity. A FIM infrastructure, compliant with Liberty Alliance standards and usable across the range of French public services, will be constructed in 2006. FIM in France will ‘go live’ in 2007, firstly on the French administration’s personalised portal, and then for other services. ADAE is also studying the notion of Attribute Providers (1) linked to federated identity, as a way of simplifying user data management in eGovernment procedures.

(1) An Attribute Provider is defined in Liberty Alliance specifications as follows: The attribute provider (AP) provides Identity Personal Profile (ID-PP) information. Sometimes called an ID-PP provider, the AP is an ID-WSF (Identity web services).

For further information:

The Liberty Alliance
OASIS (Organisation for the Advancement of Structured Information Standards)
ADAE (Agence pour le Développement de l’Administration Electronique)

Article published in Synergy 03 - July 2005