Citizen-friendly identity management

The study ´Rahmenarchitektur und technischer Lösungsvorschlag zur Umsetzung eines bürgerfreundlichen Identitätsmanagements in Verwaltung und Wirtschaft´ was partially funded by the ISPRAT Institute.

The study was finalized in July 2009.

Whether citizen, customer, or traveler - more and more identity data is required in electronic processes. Online banking, e- governmental services, or shopping in the Internet - all these processes and the requested personal information is so far controlled and predefined by the service providers. In the real world and in our daily interactions with others, we have different properties (attributes) that we disclose selectively. The core task of identity management is it to create and manage the attributes of the "Digital Identity" trustworthy throughout their lifecycle.

The study introduces the vision of a citizen-friendly identity management in the future. This vision specifies the requirements for identity management at an abstract level. Based on the EU Services Directive (Directive 2006/123/EC), the vision is analyzed regarding this specific example in order to clarify the requirements. The EU Services Directive was chosen because both the electronic identities of different actors in the international context as well as the transmitted electronic documents must be verified.

Based on the requirements a generic process and information model for identity management was designed, in which the processes are described that use the digital identity and the respective users’ attributes. The main process here is "to gain access to a service." In the information model the elements called entities are presented, which interact in an identity management system and are used in the respective processes. Three players for a citizen-based identity management are identified: the citizens /users, service providers and attribute certifiers. The attribute certifier is an entity that trustworthy certifies the attributes of another entity or verifies these.

In the framework the logical architecture components and identity management services for each actor are presented. It shows which components are always required and what functions they must provide to fully implement a citizen-friendly identity management. Thereby the technical implementation can comprise all components or only a subset of the identified functions and services. The process map shows all the processes required for an identity management from the perspective of a company and from the perspective of a citizen, and includes the four process categories: administration, authentication, authorization and audit. This map is used to illustrate the different needs and priorities of a company and a user/citizen regarding an identity management system. With the EU Services Directive the architectural framework is applied to a concrete example.

Based on the architectural framework and the process model a selection of relevant initiatives and developments are investigated, such as the new German electronic identity card, the eCard-API, and Information Cards.

In this study the essential elements of a citizen identity management were derived. One of these entities is the attribute certifier that creates trust between entities. Furthermore, the essential services such as the Attributes Certification Service and the Authentication Service were identified. Further modules have been developed to meet the demands of the citizens.