An identity-matching process to strengthen trust in federated-identity architectures

Paul Marillonnet; Mikaël Ates; Maryline Laurent; Nesrine Kaaniche

doi:10.5220/0009828401420154

An identity-matching process to strengthen trust in federated-identity architectures

Paul Marillonnet
, Mikaël Ates
, Maryline Laurent
, Nesrine Kaaniche

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

To smoothly counteract privilege escalation in federated-identity architectures, the cross-checking of asserted Personally Identifiable Information (PII) among different sources is highly recommended and advisable. Identity matching is thus a key component for supporting the automated PII cross-checking process. This paper proposes an efficient identity-matching solution, adapted to a chosen User-Relationship Management (URM) platform, relying on a French Territorial Collectivities and Public Administrations (TCPA) use case. The originality of the paper is threefold. (1) It presents an original solution to identity-matching issues raised by a concrete use case from the Territorial Collectivities and the Public Administration (TCPA), formalizing concepts such as information completeness, PII normalization and Levenshtein-distance matrix generation. (2) Implementation guidelines are given to deploy the solution on an operational Publik platform. (3) A precise security analysis is provided, relying on an original attacker model.

Original language	English
Title of host publication	ICETE 2020 - Proceedings of the 17th International Joint Conference on e-Business and Telecommunications
Editors	Christian Callegari, Soon Xin Ng, Panagiotis Sarigiannidis, Sebastiano Battiato, Angel Serrano Sanchez de Leon, Adlen Ksentini, Pascal Lorenz, Mohammad Obaidat, Mohammad Obaidat, Mohammad Obaidat
Publisher	SciTePress
Pages	142-154
Number of pages	13
ISBN (Electronic)	9789897584459
DOIs	https://doi.org/10.5220/0009828401420154
Publication status	Published - 1 Jan 2020
Event	17th International Conference on Security and Cryptography, SECRYPT 2020 - Part of the 17th International Joint Conference on e-Business and Telecommunications, ICETE 2020 - Virtual, Online, France Duration: 8 Jul 2020 → 10 Jul 2020

Publication series

Name	ICETE 2020 - Proceedings of the 17th International Joint Conference on e-Business and Telecommunications
Volume	3

Conference

Conference	17th International Conference on Security and Cryptography, SECRYPT 2020 - Part of the 17th International Joint Conference on e-Business and Telecommunications, ICETE 2020
Country/Territory	France
City	Virtual, Online
Period	8/07/20 → 10/07/20

Keywords

Citizen-relationship management
Federated-identity architecture
Identity management
Identity matching
Trust enforcement

Access to Document

10.5220/0009828401420154

Cite this

Marillonnet, P., Ates, M., Laurent, M., & Kaaniche, N. (2020). An identity-matching process to strengthen trust in federated-identity architectures. In C. Callegari, S. X. Ng, P. Sarigiannidis, S. Battiato, A. S. S. de Leon, A. Ksentini, P. Lorenz, M. Obaidat, M. Obaidat, & M. Obaidat (Eds.), ICETE 2020 - Proceedings of the 17th International Joint Conference on e-Business and Telecommunications (pp. 142-154). (ICETE 2020 - Proceedings of the 17th International Joint Conference on e-Business and Telecommunications; Vol. 3). SciTePress. https://doi.org/10.5220/0009828401420154

Marillonnet, Paul ; Ates, Mikaël ; Laurent, Maryline et al. / An identity-matching process to strengthen trust in federated-identity architectures. ICETE 2020 - Proceedings of the 17th International Joint Conference on e-Business and Telecommunications. editor / Christian Callegari ; Soon Xin Ng ; Panagiotis Sarigiannidis ; Sebastiano Battiato ; Angel Serrano Sanchez de Leon ; Adlen Ksentini ; Pascal Lorenz ; Mohammad Obaidat ; Mohammad Obaidat ; Mohammad Obaidat. SciTePress, 2020. pp. 142-154 (ICETE 2020 - Proceedings of the 17th International Joint Conference on e-Business and Telecommunications).

@inproceedings{02c0c1521b0940c28653fc3901ba73a7,

title = "An identity-matching process to strengthen trust in federated-identity architectures",

abstract = "To smoothly counteract privilege escalation in federated-identity architectures, the cross-checking of asserted Personally Identifiable Information (PII) among different sources is highly recommended and advisable. Identity matching is thus a key component for supporting the automated PII cross-checking process. This paper proposes an efficient identity-matching solution, adapted to a chosen User-Relationship Management (URM) platform, relying on a French Territorial Collectivities and Public Administrations (TCPA) use case. The originality of the paper is threefold. (1) It presents an original solution to identity-matching issues raised by a concrete use case from the Territorial Collectivities and the Public Administration (TCPA), formalizing concepts such as information completeness, PII normalization and Levenshtein-distance matrix generation. (2) Implementation guidelines are given to deploy the solution on an operational Publik platform. (3) A precise security analysis is provided, relying on an original attacker model.",

keywords = "Citizen-relationship management, Federated-identity architecture, Identity management, Identity matching, Trust enforcement",

author = "Paul Marillonnet and Mika{\"e}l Ates and Maryline Laurent and Nesrine Kaaniche",

note = "Publisher Copyright: Copyright {\textcopyright} 2020 by SCITEPRESS - Science and Technology Publications, Lda. All rights reserved; 17th International Conference on Security and Cryptography, SECRYPT 2020 - Part of the 17th International Joint Conference on e-Business and Telecommunications, ICETE 2020 ; Conference date: 08-07-2020 Through 10-07-2020",

year = "2020",

month = jan,

day = "1",

doi = "10.5220/0009828401420154",

language = "English",

series = "ICETE 2020 - Proceedings of the 17th International Joint Conference on e-Business and Telecommunications",

publisher = "SciTePress",

pages = "142--154",

editor = "Christian Callegari and Ng, \{Soon Xin\} and Panagiotis Sarigiannidis and Sebastiano Battiato and \{de Leon\}, \{Angel Serrano Sanchez\} and Adlen Ksentini and Pascal Lorenz and Mohammad Obaidat and Mohammad Obaidat and Mohammad Obaidat",

booktitle = "ICETE 2020 - Proceedings of the 17th International Joint Conference on e-Business and Telecommunications",

}

Marillonnet, P, Ates, M, Laurent, M & Kaaniche, N 2020, An identity-matching process to strengthen trust in federated-identity architectures. in C Callegari, SX Ng, P Sarigiannidis, S Battiato, ASS de Leon, A Ksentini, P Lorenz, M Obaidat, M Obaidat & M Obaidat (eds), ICETE 2020 - Proceedings of the 17th International Joint Conference on e-Business and Telecommunications. ICETE 2020 - Proceedings of the 17th International Joint Conference on e-Business and Telecommunications, vol. 3, SciTePress, pp. 142-154, 17th International Conference on Security and Cryptography, SECRYPT 2020 - Part of the 17th International Joint Conference on e-Business and Telecommunications, ICETE 2020, Virtual, Online, France, 8/07/20. https://doi.org/10.5220/0009828401420154

An identity-matching process to strengthen trust in federated-identity architectures. / Marillonnet, Paul; Ates, Mikaël; Laurent, Maryline et al.
ICETE 2020 - Proceedings of the 17th International Joint Conference on e-Business and Telecommunications. ed. / Christian Callegari; Soon Xin Ng; Panagiotis Sarigiannidis; Sebastiano Battiato; Angel Serrano Sanchez de Leon; Adlen Ksentini; Pascal Lorenz; Mohammad Obaidat; Mohammad Obaidat; Mohammad Obaidat. SciTePress, 2020. p. 142-154 (ICETE 2020 - Proceedings of the 17th International Joint Conference on e-Business and Telecommunications; Vol. 3).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - An identity-matching process to strengthen trust in federated-identity architectures

AU - Marillonnet, Paul

AU - Ates, Mikaël

AU - Laurent, Maryline

AU - Kaaniche, Nesrine

PY - 2020/1/1

Y1 - 2020/1/1

N2 - To smoothly counteract privilege escalation in federated-identity architectures, the cross-checking of asserted Personally Identifiable Information (PII) among different sources is highly recommended and advisable. Identity matching is thus a key component for supporting the automated PII cross-checking process. This paper proposes an efficient identity-matching solution, adapted to a chosen User-Relationship Management (URM) platform, relying on a French Territorial Collectivities and Public Administrations (TCPA) use case. The originality of the paper is threefold. (1) It presents an original solution to identity-matching issues raised by a concrete use case from the Territorial Collectivities and the Public Administration (TCPA), formalizing concepts such as information completeness, PII normalization and Levenshtein-distance matrix generation. (2) Implementation guidelines are given to deploy the solution on an operational Publik platform. (3) A precise security analysis is provided, relying on an original attacker model.

AB - To smoothly counteract privilege escalation in federated-identity architectures, the cross-checking of asserted Personally Identifiable Information (PII) among different sources is highly recommended and advisable. Identity matching is thus a key component for supporting the automated PII cross-checking process. This paper proposes an efficient identity-matching solution, adapted to a chosen User-Relationship Management (URM) platform, relying on a French Territorial Collectivities and Public Administrations (TCPA) use case. The originality of the paper is threefold. (1) It presents an original solution to identity-matching issues raised by a concrete use case from the Territorial Collectivities and the Public Administration (TCPA), formalizing concepts such as information completeness, PII normalization and Levenshtein-distance matrix generation. (2) Implementation guidelines are given to deploy the solution on an operational Publik platform. (3) A precise security analysis is provided, relying on an original attacker model.

KW - Citizen-relationship management

KW - Federated-identity architecture

KW - Identity management

KW - Identity matching

KW - Trust enforcement

U2 - 10.5220/0009828401420154

DO - 10.5220/0009828401420154

M3 - Conference contribution

AN - SCOPUS:85109216396

T3 - ICETE 2020 - Proceedings of the 17th International Joint Conference on e-Business and Telecommunications

SP - 142

EP - 154

BT - ICETE 2020 - Proceedings of the 17th International Joint Conference on e-Business and Telecommunications

A2 - Callegari, Christian

A2 - Ng, Soon Xin

A2 - Sarigiannidis, Panagiotis

A2 - Battiato, Sebastiano

A2 - de Leon, Angel Serrano Sanchez

A2 - Ksentini, Adlen

A2 - Lorenz, Pascal

A2 - Obaidat, Mohammad

PB - SciTePress

T2 - 17th International Conference on Security and Cryptography, SECRYPT 2020 - Part of the 17th International Joint Conference on e-Business and Telecommunications, ICETE 2020

Y2 - 8 July 2020 through 10 July 2020

ER -

Marillonnet P, Ates M, Laurent M , Kaaniche N. An identity-matching process to strengthen trust in federated-identity architectures. In Callegari C, Ng SX, Sarigiannidis P, Battiato S, de Leon ASS, Ksentini A, Lorenz P, Obaidat M, Obaidat M, Obaidat M, editors, ICETE 2020 - Proceedings of the 17th International Joint Conference on e-Business and Telecommunications. SciTePress. 2020. p. 142-154. (ICETE 2020 - Proceedings of the 17th International Joint Conference on e-Business and Telecommunications). doi: 10.5220/0009828401420154

An identity-matching process to strengthen trust in federated-identity architectures

Abstract

Publication series

Conference

Keywords

Access to Document

Fingerprint

Cite this