FutureID - Shaping the Future of Electronic Identity

FutureID - Shaping the Future of Electronic Identity

02 April 15

Share This

The content of this blog was first published in The Paypers Web Fraud Prevention, Online Security & Digital Identity Market Guide 2014/2015 (see ‘related links’ below). The European Payments Council wishes to thank the authors and The Paypers for the permission to publish this article as an guest blog.

The FutureID project is partially funded by the European Commission within the 7th Framework Programme. Its consortium consists of 19 partners from 11 countries and is coordinated by Fraunhofer-Gesellschaft. The three-year research project started in November 2012. More information is available on the FutureID Website (see ‘related links’ below).

Objectives

The objective of the FutureID project is to build an identity management infrastructure for Europe in support of a single market of online services. This requires the availability and large-scale use of trusted and secure identities that replace current password credentials.

The problem

As learned, for example, from the experience of rolling out government electronic identities (eIDs) in Europe, the key factor to success is to reach a critical mass of user base and available services. This is often called a ‘chicken and egg problem’. Users are only interested in taking up a credential, if it provides access to a critical mass of services; service providers are only willing to invest in a credential if they bring a large enough base of potential users to justify the investment.

Today’s landscape of secure credentials in Europe shows a very high diversity. Also, credentials that combine both security and convenience of use are possibly yet to come (for example, from the Fast IDentity Online (FIDO) initiative). In this situation, it is highly unlikely that a single credential or identity management technology reaches the required critical mass by itself.

The solution

For this reason, the FutureID project attempts to build an open infrastructure able to potentially integrate all existing and future credentials. Reaching a critical mass across all user bases and all available services seems to be the most promising way to go. The base idea of the FutureID infrastructure is to build a bridge between user credentials on one side and services on the other.

The critical mass becomes much easier to reach if any credential can be consumed by any service; or reversely, any service can potentially reach out to the installed base of any credential. The only constraint to this approach comes from trust and security constraints set by the service provider.

Any technology of user credentials shall be potentially supported. This ranges from well-proven government issued eIDs to the cutting-edge and innovative privacy-enhancing attribute-based credentials (Privacy-ABCs). Some credentials may also be bound to existing Identity Providers (IdP) that employ one of the existing federation technologies.

Service providers can either be integrated ‘as is’, or by installing the FutureID native component for service providers. The reuse of existing elements ‘as is’ facilitates the introduction and contains the roll-out cost of the FutureID infrastructure.

To match credentials to services, the FutureID infrastructure must address three main issues:

  • provide interoperability,
  • enhance privacy where possible, and
  • provide as much as possible a common user experience across technologies.

The FutureID is not the only initiative that addresses the interoperability problem; the European STORK project and the various pilot projects of the National Strategy for Trusted Identities in Cyberspace (NSTIC), a White House initiative, all define infrastructures that use intermediary components to achieve interoperability. FutureID follows the very same approach.

What makes FutureID unique?

What is unique about FutureID, however, is that the number and topology of intermediary components is not fixed and static. FutureID rather adopts an ecosystem-approach by creating a free market for intermediating services.

This provides for the flexibility to: scale according to need, adapt to market needs, support special needs of market sectors including niche markets, adapt to established contractual relationships, and easily adapt to various possible business models that render the infrastructure sustainable.

Evidently, an open number of intermediaries, with new ones being able to join the ecosystem at any point of time, renders the whole situation much more dynamic. Instead of a static configuration that is common to other approaches, the decision of which intermediaries to involve and who has to perform which transformations has to be made dynamically. This is somewhat similar to ad-hoc networking where routing gets automatically configured based on available nodes. In this context, the dynamic configuration of the infrastructure means to compute the possible routes between credentials and services and choose the best suited one for the actual authentication process.

Another unique feature of FutureID is that this dynamic configuration of the infrastructure is completely under the control of a user component. While a similar approach was taken by Microsoft’s identity selector, this goes beyond just the selection of a credential and possibly an identity provider. Infrastructure configuration may well involve more than one intermediary and controls transformations performed by intermediaries.

User-enforced privacy

Users can now enforce data minimisation by using intermediaries capable of filtering and deriving pseudonymous identifiers. Similarly, they can avoid being profiled by applying the do not track pattern that distributes information over several intermediaries. Users simply have to select a privacy policy and all the rest is managed by an intelligent user component. This approach brings unprecedented awareness of the level of privacy offered by a given transaction and allows adapting to different perceptions of privacy and trust.

Bud P. Bruegger, Ph.D, is the Technical Coordinator and Chief Architect of FutureID. He looks back on a long experience in identity management, including active participation in the Italian e-ID pilot project and pioneering e-ID interoperability in the Porvoo Group. Dr. Heiko Roßnagel is coordinating the European Commission-funded project FutureID. His research interests are in the areas of security, privacy and identity management with a focus on technology development and adoption. Fraunhofer-Gesellschaft provides both, the overall and the technical coordination of FutureID. Fraunhofer-Gesellschaft is Europe's largest application-oriented research organisation. The authors are part of the Fraunhofer Institute for Industrial Engineering IAO where Dr. Roßnagel heads the identity management group. Fraunhofer IAO takes a holistic view well beyond just technology.

The views expressed in this blog are solely those of the authors and should not be attributed to the European Payments Council.

Related links:



Your reactions

If you would like to comment on this article, please identify yourself with your first and last name. Your name will appear next to your comment. Email addresses will not be published. Please note that by accessing or contributing to the discussion you agree to abide by the EPC website Terms and Conditions.