Enhancing Cross-border Eid Federations by Using a Modular and Flexible Attribute Mapping Service to Meet National Legal and Technical Requirements

Identity-management systems play a key role in various areas for applications and e-Government processes where access to sensitive data needs to be protected and regulated. To protect this sensitive date, the identity-management system provides all necessary functionality to service providers to manage digital identities and handle the identification and authentication process. This identification and authentication process meets legal and technical requirements, which are specified in many European countries. Due the mobility of citizens, cross-border interoperability of national electronic identity systems in the European eID landscape becomes more and more important. If cross-border interoperability comes into play, it becomes difficult to accomplish national legal and technical requirements for identification and authentication. To accomplish national legal and technical requirements, the identification and authentication information must be mapped into national eID characteristics. In this paper, we present a new modular and flexible architecture of an attribute mapping service, which establish an interoperation layer on cross-border identification and authentication attributes to meet national legal and technical requirements. The proposed architecture follows a plug-in based approach that eases the integration of new attributes, or national legal or technical requirements. We illustrate the practical applicability of the proposed architecture by implementing a foreign identity attribute mapping service for the Austrian eID infrastructure. This attribute mapping service meets all national legal and technical requirements of the Austrian eID infrastructure, which are necessary to use foreign identities in the national infrastructure.