Innovative building blocks for versatile authentication within the skidentity service
Accepting arbitrary electronic identity cards (eIDs) and similar authenticators in cloud and web applications has been a challenging task. Thanks to the multiply awarded "SkIDentity Service" this has changed recently. This versatile authentication infrastructure combines open technologies, international eID standards and latest research results with respect to trusted cloud computing in order to offer electronic identification and strong authentication in form of a trustworthy, simple to use and cost efficient cloud computing service, which supports various European eIDs as well as alternative authenticators proposed by the FIDO Alliance for example. The present contribution exposes innovative and patent pending building blocks of the SkIDentity Service: (1) The "Identity Broker", which eases the integration of authentication, authorization, federation and application services and in particular allows to derive secure credentials from conventional eID cards, which can be transferred to mobile devices for example. (2) The "Universal Authentication Service" (UAS), which allows to execute arbitrary authentication protocols, which are specified by the recently introduced "Authentication Protocol Specification" (APS) language, (3) the "Cloud Connector" which eases the integration of federation protocols into web applications and last but not least (4) the "SkIDentity Self-Service Portal", which makes it extremely easy for Service Providers to configure the necessary parameters in order to connect with the SkIDentity Service and use strong authentication in their individual applications.
Full Text: PDF