Tuesday, 3 June 2008

Unity in multiple EU eIDs

On itprofessional.be [Dutch] I read an article about a European project to link the systems of all the member states of the EU. The result of this project will be that every citizin of a European country can use his/her eID for eGovernment solutions of a specific European country. The project is called Secure Identity Across Borders Linked and it's created by a consortium of 13 member states and Iceland.

Europe doens't want to force a unified system of eIDs but instead wants an extra layer for this to happen. The first thing that popped into my head was: Federation.

Federation can be the(and I think is the best) solution to this problem. This because it doesn't matter for the Service Provider how the authentication is done by the Identity Provider.
For example, if I would want to make use of and eGov application in the Netherlands, they could use Federation to find my Identity Provider. In my case this would be Belgium. The Netherlands redirects me to the login page of the Identity Provider Belgium. Here I can login with my eID. When the login is succesful I will be redirected back to the eGov application at the Netherlands with an assertion that I'm Stefan and I'm an authenticated Belgian :). Because of the trust relation between the member states of the EU (including Belgium and the Netherlands) the Netherlands will trust this assertion and threat me as an authenticated user.

If they choose for federation then only the eGov applications need to be aware of (some of the) federation protocols. Every member state can use it's own eID login mechanism for authentication and just redirect every other user to his corresponding country (identity provider).