Trustworthy Interoperability and Identity Management Systems: What Comes Next

cover
30 Mar 2024

This paper is available on arxiv under CC 4.0 license.

Authors:

(1) Ayei E. Ibor, Trustworthy Digital Infrastructure for Identity Systems, The Alan Turing Institute, United Kingdom;

(2) Mark Hooper, Trustworthy Digital Infrastructure for Identity Systems, The Alan Turing Institute, United Kingdom;

(3) Carsten Maple, Trustworthy Digital Infrastructure for Identity Systems, The Alan Turing Institute, United Kingdom;

(4) Gregory Epiphaniou, WMG, University of Warwick, United Kingdom.

Abstract & Introduction

Background

Review of Literature

Methodology

Discussion of Findings

Conclusion and Future Work & References

6. Conclusion and Future Work

Trustworthy interoperability is a key enabler for identity management and widens the dimensions of e-government in developing countries. This research provided insights into the challenges, opportunities, and requirements of interoperability and highlighted the limitations of current interoperability solutions such as the Estonian X-Road and the eIDAS of the European Union. We found that each existing interoperability solution has its benefits and drawbacks, although both are targeted at a common goal.

To achieve seamless communication of identification data, we proposed an approach for scoping requirements by first identifying the key processes to identity management in an interoperability context. Furthermore, we addressed the limitations of the current solutions using an architecture that considers the flexibility of identity verification and validation through an interoperable layer that is based on four interacting layers of data representation, semantics, binding, and security and privacy. For future work, an analysis of country-specific use cases for achieving interoperability in the African identity ecosystem will be performed.

References

African Union, 2020. The Digital Transformation Strategy for Africa (2020-30), Available at https://openresearch-repository.anu.edu.au/bitstream/1885/278587/1/GhaEcon_24.pdf, Accessed 20 May 2023.

Alamillo, I., Mouille, S., Rock, A., Soumelidis, N., Tabor, M., Gorniak, S., 2023. Digital identity standards: Analysis of standardisation requirements in support of cybersecurity policy, Available at file:///C:/Users/aIbor/Downloads/Digital_Identity_Standards%20(1).pdf, Accessed 30 July 2023.

Aldosary, M. and Alqahtani, N., 2021. A Survey on Federated Identity Management Systems Limitation and Solutions. International Journal of Network Security & Its Applications (IJNSA) Vol, 13.

ANSSI, 2023. The EIDAS Regulation, Available at https://www.ssi.gouv.fr/en/regulation/digital-confidence/the-eidas-regulation/, Accessed 09 April 2023.

Atick, J., 2016. Digital identity: the essential guide. In ID4Africa Identity Forum (Vol. 2016, pp. 1-3).

Backhouse, J. and Halperin, R., 2009. Approaching interoperability for identity management systems. In The Future of Identity in the Information Society (pp. 245-268). Berlin, Heidelberg: Springer Berlin Heidelberg.

Bakhtina, M., Matulevičius, R., Awad, A. and Kivimäki, P., 2022. Rebooting Trust Management in X-Road, Public Report. Nordic Institute for Interoperability Solutions (NIIS).

Bhattarai, R., Pappel, I., Vainsalu, H., Yahia, S.B. and Draheim, D., 2019. The impact of the single digital gateway regulation from the citizens’ perspective. Procedia Computer Science, 164, pp.159-167.

Bandura, R. and Ramanujam, S.R., 2021. Developing inclusive digital payment systems. Center for Strategic and International Studies, 21.

Benaddi, H., Laaz, N., Bouhlal, A. and El Kettani, E., 2023. Data storage architecture for egovernment interoperability: Morocco case. Indonesian Journal of Electrical Engineering and Computer Science, 29(3), pp.1678-1686.

Catuogno, L. and Galdi, C., 2014. Achieving interoperability between federated identity management systems: A case of study. Journal of High Speed Networks, 20(4), pp.209-221.

Colbern, A. and Ramakrishnan, S.K., 2020. Citizenship reimagined: A new framework for state rights in the United States. Cambridge University Press.

Cuijpers, C.M.K.C. and Schroers, J., 2014. eIDAS as guideline for the development of a pan European eID framework in FutureID.

Domingo, E. and Teevan, C., 2022. Africa’s journey towards an integrated digital payments landscape and how the EU can support it. ECDPM brief, 23.

European Commission, 2023a. X-Road Data Exchange Layer, Available at https://joinup.ec.europa.eu/collection/ict-security/solution/x-road-data-exchange-layer/about, Accessed 10 April 2023.

European Commission, 2023b. Shaping Europe’s digital future, Available at https://digitalstrategy.ec.europa.eu/en/policies/discover-eidas, Accessed 20 April 2023.

Fathalla, E.S., Azab, M., Xin, C. and Wu, H., 2023. PT-SSIM: A Proactive, Trustworthy SelfSovereign Identity Management System. IEEE Internet of Things Journal.

Grassi, P.A., Garcia, M.E. and Fenton, J.L., 2017. Digital identity guidelines. NIST special publication, 800, pp.63-3.

Gelb, A. and Metz, A.D., 2018. Identification revolution: Can digital ID be harnessed for development?. Brookings Institution Press.

Halili, F. and Ramadani, E., 2018. Web services: a comparison of soap and rest services. Modern Applied Science, 12(3), p.175.

Hoffmann, T. and Solarte-Vasquez, M.C., 2022. The estonian e-residency programme and its role beyond the country’s digital public sector ecosystem. Revista CES Derecho, 13(2), pp.184-204.

Hölbl, M., Kežmah, B. and Kompara, M., 2023. eIDAS Interoperability and Cross-Border Compliance Issues. Mathematics, 11(2), p.430.

Hummer, D. and Rebovich, D.J., 2023. Identity theft and financial loss. In Handbook on Crime and Technology (pp. 38-53). Edward Elgar Publishing.

Irvin-Erickson, Y., 2023. How Does Immigration Status and Citizenship Affect Identity Theft Victimization Risk in the US? Insights from the 2018 National Crime Victimization Survey Identity Theft Supplement. Victims & Offenders, pp.1-24.

Kaaniche, N., Laurent, M. and Belguith, S., 2020. Privacy enhancing technologies for solving the privacy-personalization paradox: Taxonomy and survey. Journal of Network and Computer Applications, 171, p.102807.

Kanagwa, B., Nakatumba-Nabende, J., Mugwanya, R., Kigozi Kahiigi, E. and Ngabirano, S., 2018. Towards an interoperability e-government framework for Uganda. In e-Infrastructure and e-Services for Developing Countries: 9th International Conference, AFRICOMM 2017, Lagos, Nigeria, December 11-12, 2017, Proceedings 9 (pp. 16-28). Springer International Publishing.

Kiourtis, A., Giannetsos, T., Menesidou, S.A., Mavrogiorgou, A., Symvoulidis, C., GRAZİANİ, A., KLEFTAKİS, S., MAVROGİORGOS, K., ZAFEİROPOULOS, N., GKOLİAS, C.A. and KYRİAZİS, D., 2023. Identity management standards: A literature review. Computers and Informatics, 3(1), pp.35-46.

Krimmer, R., Dedovic, S., Schmidt, C. and Corici, A.A., 2021, August. Developing crossborder e-Governance: Exploring interoperability and cross-border integration. In International Conference on Electronic Participation (pp. 107-124). Cham: Springer International Publishing.

Kotzé, P. and Alberts, R., 2017. Towards a Conceptual Model for an e-Government Interoperability Framework for South Africa. In ICEIS (3) (pp. 493-506).

Lips, S., Bharosa, N. and Draheim, D., 2020. eIDAS implementation challenges: the case of Estonia and the Netherlands. In Electronic Governance and Open Society: Challenges in Eurasia: 7th International Conference, EGOSE 2020, St. Petersburg, Russia, November 18– 19, 2020, Proceedings 7 (pp. 75-89). Springer International Publishing.

Luong, D.A. and Park, J.H., 2023. Privacy-Preserving Identity Management System on Blockchain Using Zk-SNARK. IEEE Access, 11, pp.1840-1853.

Manda, M. I. and Backhouse, J., "Addressing trust, security and privacy concerns in egovernment integration, interoperability and information sharing through policy: a case of South Africa" (2016). CONF-IRM 2016 Proceedings. Paper 67. http://aisel.aisnet.org/confirm2016/6

Masiero, S., 2023. Digital identity as platform-mediated surveillance. Big Data & Society, 10(1), p.20539517221135176.

McBride, K., Kütt, A., Ben Yahia, S. and Draheim, D., 2019, November. On positive feedback loops in digital government architecture. In Proceedings of the 11th International Conference on Management of Digital EcoSystems (pp. 174-180).

Mocanu, S., Chiriac, A.M., Popa, C., Dobrescu, R. and Saru, D., 2019. Identification and trust techniques compatible with eIDAS regulation. In Security and Privacy in New Computing Environments: Second EAI International Conference, SPNCE 2019, Tianjin, China, April 13– 14, 2019, Proceedings 2 (pp. 656-665). Springer International Publishing.

Pöhn, D. and Hommel, W., 2023. Towards an Improved Taxonomy of Attacks Related to Digital Identities and Identity Management Systems. Security and Communication Networks, 2023.

Priisalu, J. and Ottis, R., 2017. Personal control of privacy and data: Estonian experience. Health and technology, 7(4), pp.441-451.

Saputro, R., Pappel, I., Vainsalu, H., Lips, S. and Draheim, D., 2020, April. Prerequisites for the adoption of the X-Road interoperability and data exchange framework: a comparative study. In 2020 Seventh International Conference on eDemocracy & eGovernment (ICEDEG) (pp. 216-222). IEEE.

Schmidt, C. and Krimmer, R., 2022. How to implement the European digital single market: identifying the catalyst for digital transformation. Journal of European Integration, 44(1), pp.59-80.

Sedlmeir, J., Smethurst, R., Rieger, A. and Fridgen, G., 2021. Digital identities and verifiable credentials. Business & Information Systems Engineering, 63(5), pp.603-613.

Sharif, A., Ranzi, M., Carbone, R., Sciarretta, G. and Ranise, S., 2022, August. SoK: A Survey on Technological Trends for (pre) Notified eIDAS Electronic Identity Schemes. In Proceedings of the 17th International Conference on Availability, Reliability and Security (pp. 1-10).

Sharma, R. and Panigrahi, P.K., 2015. Developing a roadmap for planning and implementation of interoperability capability in e-government. Transforming Government: People, Process and Policy, 9(4), pp.426-447.

Solvak, M., Unt, T., Rozgonjuk, D., Võrk, A., Veskimäe, M. and Vassil, K., 2019. Egovernance diffusion: Population level e-service adoption rates and usage patterns. Telematics and Informatics, 36, pp.39-54.

Spiliotopoulos, T., Sheik, A.T., Gottardello, D. and Dover, R., 2023. Onboarding Citizens to Digital Identity Systems. arXiv preprint arXiv:2306.13511.

Srinivas, J., Das, A.K. and Kumar, N., 2019. Government regulations in cyber security: Framework, standards and recommendations. Future generation computer systems, 92, pp.178-188.

Tang, F., Ma, C. and Cheng, K., 2023. Privacy-preserving authentication scheme based on zero trust architecture. Digital Communications and Networks.

The World Bank, 2023a. ID4D Global Dataset, Available at https://id4d.worldbank.org/global-dataset, Accessed: 17 July 2023.

The World Bank, 2023b. Practitioner’s Guide: Interoperability, Available at https://id4d.worldbank.org/guide/interoperability, Accessed: 22 April 2023.

Walters, R., 2023. Theft [Identity]. In Cybersecurity and Data Laws of the Commonwealth: International Trade, Investment and Arbitration (pp. 297-306). Singapore: Springer Nature Singapore.

World Bank Group, 2016. ID4D Country Diagnostic: Nigeria, 2016, Available at https://documents1.worldbank.org/curated/en/136541489666581589/pdf/113567-REPLNigeria-ID4D-Diagnostics-Web.pdf, Accessed 20 May 2023.

W3C Recommendation, 2022. Verifiable credentials data model v1.1, Available at https://www.w3.org/TR/vc-data-model/#dfn-credential, Accessed 04 April 2023.

World Bank Group, 2018. Guidelines for ID4D Diagnostics, Available at https://documents1.worldbank.org/curated/en/370121518449921710/Guidelines-for-ID4DDiagnostics.pdf, Accessed: 22 April 2023.

X-Road, 2020. X-Road: Message Transport Protocol, Available at https://www.xtee.ee/docs/live/xroad/pr-messtransp_x-road_message_transport_protocol.html, Accessed 12 April 2023.

X-Road, 2023a. X-Road Security, Available at https://x-road.global/security, Accessed 03 April 2023.

X-Road, 2023b. X-Road Technology Overview, Available at https://x-road.global/x-roadtechnology-overview, Accessed 10 March 2023.

X-Road, 2023c. X-Road: Use Case Model for Member Communication, Available at https://docs.x-road.global/UseCases/uc-mess_x-road_member_communication_use_case_model.html#version-history, Accessed 12 April 2023.

X-Road, 2023d. Technical Specification: X-Road Architecture, Available at https://docs.xroad.global/Architecture/arc-g_x-road_arhitecture.html#version-history, Accessed 12 April 2023.

Yin, J., Xiao, Y., Pei, Q., Ju, Y., Liu, L., Xiao, M. and Wu, C., 2022. SmartDID: a novel privacy-preserving identity based on blockchain for IoT. IEEE Internet of Things Journal, 10(8), pp.6718-6732.


This paper is available on Arxiv under CC 4.0 license.