As the data people commit to the Internet becomes more and more sensitive, user credential management becomes more and more important, and all the more so when dealing with government or other official sites. In Europe, this problem is often compounded by the need to access sites from all member states. This paper describes STORK, a Europe-wide credential management system that does not override single national credential management systems, but makes possible the seamless navigation within any public European site with a single set of credentials.
The paper starts by describing the theoretical model, composed of identity providers (IdPs), service providers (SPs), and identity management models. SPs offer data processing capabilities, identity providers offer credentials to access those services, and identity management models describe different relationships between them. The latter are described quite thoroughly, each with corresponding advantages and disadvantages; the main ones identified are the isolated, centralized, federated, and distributed models. In the isolated model, IdPs and SPs are the same entity, and each SP manages the identities of its users (who must thus remember several identities). In the centralized (or single sign-on) model, one IdP manages the identities of several SPs; this model is simpler, but often raises privacy concerns. In the federated model, every SP trusts identities issued by any IdP within the federation, akin to human passports. Users need not worry about their credentials, scattered across IdPs; however, this model imposes some overhead on the machines that must discover the credentials. In the distributed model, the IdP is a physical device (for example, a smart card): this is the less burdensome model for users, but if the card is lost, so is access to the resources. This section also explains the delegation of rights from one entity to another entity, where entities can be persons, groups of persons, or whole organizations, and rights can be delegated in full or partially.
The paper then delves into the STORK model itself. It first presents STORK goals and constraints, namely the fact that it must offer web authentication and be able to handle unique user identifications trusted by European governments, while respecting their respective privacy laws and allowing for different security levels all at the same time. Then it describes the STORK architecture’s components: software installed at participating IdPs and SPs, acting as middleware among a network of proxies for participating European SPs; and an ad hoc language, the Security Assertion Markup Language (SAML), to communicate among them.
The paper ends with how the authors used this architecture to build federated, distributed, and mixed models on six Europe-wide projects to hop from one government site to another, even in different countries. It reports results from end users, that is, European citizens accessing websites for their everyday needs. This paper is undoubtedly an academic and technical work, yet it leaves readers with a feeling that the widespread use of systems like this one should enhance ease of navigation, while at the same time safeguarding the privacy and legal rights of users.
