SP4 Backend Integration

The Subproject Backend Integration is composed of the folloing workpackages:

Identity Broker

The identity broker isolates service providers from the complexity and diversity of today's eIDs, health, and signature cards, in order to significantly facilitate the use in eIDs in existing and future service offerings.  The broker will integrate existing identity and authentications services, as well as support important identity federation standards such as SAML and WS-Trust.  The broker supports two distinct functionalities, a dispatch and a claims transformer mode.
In the former case, the broker just dispatches requests to an appropriate authentication service; in the latter case, the broker acts as an identity provider, issuing either short-lived session credentials such as SAML or OpenID assertions, or long-lived privacy-enhancing attribute-based credentials provided by Idemix or U-Prove.  The workpackage comprises the requirements analysis, specification, implementation, integration, and testing of the broker, as well as an analysis of legal issues such as data protection and intermediary liability. 

Universal Authentication Service

The objective of the Universal Authentication Service  is to support all relevant authentication protocols.  Already, a significant number of them have been deployed in Europe and it can be expected that the number increases in the future.  To deal with this situation efficiently, a generic execution environment will be developed that can execute arbitrary protocols based on a specification, expressed in a newly designed domain specific language. Specifications will be created for selected protocols.  The workpackage comprises requirements analysis, specification, implementation, integration, and testing. 

Trust Services

The FutureID infrastructure requires consolidating trust status information about identity providers in consistent repository.  To achieve this, trust aspects of identification/authentication/non-repudiation mechanisms, accuracy and integrity of identity attributes, reliability and accountability of identity management systems, and trust in complex and federated infrastructures will be analyzed in detail. Existing sources of trust and assurance level frameworks will be reviewed.  On this basis, a trust service module will be specified, implemented, integrated, and tested. 

Application Integration Services

The objective of this workpackage is to make it as easy as possible for relying parties to integrate their services with the FutureID infrastructure. A review of current enterprise application infrastructures and their identity management needs will be the basis for the design of a technology independent, abstract architecture.  Requirements for easy integration of traditional and cloud-based applications will be defined.  The components will be specified, implemented, integrated and tested.  Example services will be integrated in the FutureID infrastructure. 

Server Testbed

To test the server infrastructure, assertions will be formally specified in Test Assertion Markup Language  (TAML). A reference environment  will be set up that encompasses all necessary components, including identity providers, services, LDAP, certificates, OCSP, TSL, and an initial trust anchor.  The testbed will be implemented based on existing open source TAML tools.  These will be extended to present test results in various formats such as web pages and PDF reports.  It is planned to make the testbed available to any interested party and package it in a ready-made virtual machine for "private testing".