SEMIRAMIS_D6.2 - Id Provider Collaboration Model

Published on: 06/02/2013

SEMIRAMIS stands for Secure Management of Information across multiple Stakeholders. It defines and deploys a pilot infrastructure that enables two scenarios: eDoc Services for Citizens and Roaming Student. All scenarios consist of several use cases [6] that can be reused by external companies to reduce the time to market and the difficulty associated with the deployment of an entire IdM and Privacy infrastructure, needed to offer services centred in secure and privacy issues. Moreover companies may easily integrate with one (or more) of the federations worked within the project, increasing the reuse and the acceptance of their one services.
SEMIRAMIS overall architecture, that enables the scenarios worked out during the project and the reusable functionalities, follows a modular approach with five architectural components, which are Service Provider (SP), Attribute Provider (AttrP), Authentication Provider (AuthnP), Federation Proxy (FP) and Identity Aggregator (IA). The SP is the relying party; it provides services beneficial to end-users. Instead of one Identity Provider there are several asserting entities, which are AuthnP, AttrP and IA. This decomposition and especially the IA functionalities allow for use cases not possible with usual identity provider approaches - authentication can be performed using eID mechanisms, attributes can be asserted by different institutions, and those finally can be aggregated by the IA.
To fulfil the project requirements three types of federations were defined: telco federations, academic federations and governmental federations which have differences in their purpose, structure and technologies used. As on other federated infrastructures the SEMIRAMIS architecture uses the relations “rely on / consume” and “assert / produce” which describe the flow of identity and document data. Trust relations between entities are necessary to build circles of trust. SEMIRAMIS introduces new trust relations that cross federation borders (peer-to-peer inter-federation) and connect different types of federations. With such concepts the integration, delegation and reuse of functionalities will be simpler and provide extra gains to the organizations.