Ana Gómez Oliva

Solving identity delegation problem in the e-government environment

At present, many countries allow citizens or entities to interact with the government outside the telematic environment through a legal representative who is granted powers of representation. However, if the interaction takes place through the Internet, only primitive mechanisms of representation are available, and these are mainly based on non-dynamic offline processes that do not enable quick and easy identity delegation. This paper proposes a system of dynamic delegation of identity between two generic entities that can solve the problem of delegated access to the telematic services provided by public authorities. The solution herein is based on the generation of a delegation token created from a proxy certificate that allows the delegating entity to delegate identity to another on the basis of a subset of its attributes as delegator, while also establishing in the delegation token itself restrictions on the services accessible to the delegated entity and the validity period of delegation. Further, the paper presents the mechanisms needed to either revoke a delegation token or to check whether a delegation token has been revoked. Implications for theory and practice and suggestions for future research are discussed.At present, many countries allow citizens or entities to interact with the government outside the telematic environment through a legal representative who is granted powers of representation. However, if the interaction takes place through the Internet, only primitive mechanisms of representation are available, and these are mainly based on non-dynamic offline processes that do not enable quick and easy identity delegation. This paper proposes a system of dynamic delegation of identity between two generic entities that can solve the problem of delegated access to the telematic services provided by public authorities. The solution herein is based on the generation of a delegation token created from a proxy certificate that allows the delegating entity to delegate identity to another on the basis of a subset of its attributes as delegator, while also establishing in the delegation token itself restrictions on the services accessible to the delegated entity and the validity period of delegation. Further, the paper presents the mechanisms needed to either revoke a delegation token or to check whether a delegation token has been revoked. Implications for theory and practice and suggestions for future research are discussed.

Solving Identity Management and Interoperability Problems at Pan-European Level

In a globalized digital world, it is essential for persons and entities to have a recognized and unambiguous electronic identity that allows them to communicate with one another. The management of this identity by public administrations is an important challenge that becomes even more crucial when interoperability among public administrations of different countries becomes necessary, as persons and entities have different credentials depending on their own national legal frameworks. More specifically, different credentials and legal frameworks cause interoperability problems that prevent reliable access to public services in a cross-border scenarios like todays European Union. Work in this doctoral thesis try to analyze the problem in a carefully detailed manner by studying existing proposals (basically in Europe), proposing improvements in defined architectures and performing practical work to test the viability of solutions. Moreover, this thesis will also address the long-standing security problem of identity delegation, which is especially important in complex and heterogeneous service delivery environments like those mentioned above. This is a position paper.

Improvements of pan-european IDM architecture to enable identity delegation based on x.509 proxy certificates and SAML

To foster the secure use of telematic services provided by public institutions, most European countries – and others in the rest of the world – are promoting electronic identification systems among their citizens to enable fully reliable identification. However, in todays globalized environment, it is becoming more common for citizens and entities of a given country, with their own electronic credentials under the legal framework of their country, to seek access to the public services provided by other countries with different legal frameworks and credentials. At present, a number of projects in the European Union are attempting to solve the problem through the use of pan-European identity management systems that ensure interoperability between the public institutions of different Member States. However, the solutions adopted to date are inadequate, for they do not envision all possible cases of user interaction with institutions. Specifically, they fail to address a very important aspect provided in different national legal systems, namely delegation of identity, by which a citizen can authorize another to act on his or her behalf in accessing certain services provided by public institutions. This paper provides a thorough analysis of problems of delegation and proposes an architecture based on X.509 Proxy Certificates and SAML assertions to enable delegation in provision of services in the complex and heterogeneous environment presented by the public institutions of the European Union as a whole.

Analysis of electronic and telematic voting systems in binding experiences

This paper is about analysis and assess of three experiences on telematic and electronic voting dealing with such aspects as security and achievement of the social requirements. These experiences have been chosen taking into account the deepness of the public documentation and the technological challenge they faces.

Digital identity applied to telematic voting involving European citizens. Social and legal implications

This paper describes the characteristics of systems of electronic voting in which both the vote itself and the authorization to vote circulate through computer networks (telematic voting), with a focus on the problems arising from the need to ensure correct identification of citizens seeking to access the voting system in a Europe-wide environment. The advantages offered by such a system are discussed, as are the major social and legal implications these solutions may entail.