Identity and access management and trust models in digital infrastructures are the invisible architectures that hold our digitally networked world together. In an era in which our lives increasingly take place online, complex networks interacting with digital identities, protocols and standards form the basic technical infrastructures that we use every day. And in the middle of it all: trust-based identities.

The nuts and bolts of digital authentication: standards, security, trust

In addition to the high level of integrity for the information entrusted to the networks and to protect our identities, robust identity management realizes indispensable functions for maximum security. In addition, users demand corresponding convenience functions with regard to the user experience offered to them.

How is it possible for us to log in securely to different services without having a separate username and password for each one? What mechanisms ensure that our data is transferred securely from one digital service to the next? Dive with us into the fascinating world of digital identities and federated identity management and discover how modern trust models shape and protect our digital existence.

Inhaltsverzeichnis

What is a trust model in the context of identities?

As we look at the trust models and requirements in identity management and the federation of identities in this podcast episode today, we first need to clarify:

A trust model is a framework or, in technical terms, an IT architecture that defines rules and guidelines for the interaction between different entities in a digital network. Such a trust model defines the conditions and criteria under which one entity can trust another.

When we use digital services, our identities regularly switch from the network of one organization to the technical infrastructure of another. More precisely, it is often only partial information that validates identity information. Most of the data that flows in identity management is information abstracted from the identities, specifically the tokens in the identity matching token flow.

In the context of identity management, the concept of the federation of identities plays a central role here.

These are mechanisms for authentication, authorization and data exchange between different independent systems. All of this serves to ensure the trustworthy and secure identification of identities. For example, in an ident scenario between different organizations that operate together in a technical network system of a trustworthy federation.

Core requirements in identity management

Let’s now look at the key requirements for secure and robust identity management.

  • Authentication: The system must be able to reliably verify the identity of a user or other entity.
  • Authorization: After authentication, the system must be able to control access to resources based on defined roles or authorizations.
  • Data protection: Personal information must be treated securely and in accordance with applicable data protection guidelines.
  • Interoperability: Identity management must be able to interact with different systems and platforms.
  • Scalability: The system must be able to support a growing number of users and services.

This brings us to the question of what requirements are necessary for the trustworthy federation of identities.

The federation of identities enables a system that allows the secure exchange of identity information and credentials between different organizations and platforms.

This allows users to conveniently log in to different services and applications without having to create separate credentials for each service and eliminates the need to manually manage their credentials.

Requirements for the federation of identities

  • Trusted authentication: All systems involved must be able to rely on a common or compatible authentication procedure.
  • Standardized authorization guidelines: Clear and uniform authorization guidelines must exist within the network.
  • Secure data transmission: When exchanging identity data between different systems, the integrity and confidentiality of the data must be guaranteed.
  • Compliance: All parties involved must ensure that they comply with legal requirements and standards, both nationally and internationally.
  • Dynamic partnerships: The federation must be flexible enough to accept new members and end outdated relationships without jeopardizing the entire system.

By observing these basic requirements, an efficient, secure and user-friendly system for identity management and the federation of identities can be realized. These guard rails also form the basis for the trust model that makes these complex interactions possible.

Why is the federation of identities important?

In today’s digitally networked world, characterized by a multitude of cloud services, microservices, countless APIs and cloud nodes, the management of identities is becoming increasingly critical, especially in the context of a fine-grained authorization concept and the implementation of zero trust principles.

These approaches require precise and dynamic management of access rights based on verified identity and contextual information to maximize security and prevent unauthorized access.

What are digital identities?

In the previous Rock the Prototype podcast episode, we realized that there is not just one, but a multitude of different digital identities.

A digital identity always refers to a digital profile that we want to use in the context of certain actions. Mostly to gain access to various online services. Access in turn requires certain authorizations, i.e. technical authorization. The federation of identities enables us to use a single digital identity – as a kind of ID card – for several digital services in an identity federation. This allows us to conveniently access multiple, independent services via the same identity.

Secure handling of digital identities under permanent cyber attack risk

All of this underlines the need for secure and responsible handling of digital identities, especially in light of the ever-growing threat of cyberattacks.

These attacks often target digital identities directly in order to gain unauthorized access to sensitive information and services.

The use of convenience functions such as single sign-on simplifies access to digital services, but also increases the risk if one of these identities is compromised. Therefore, it is crucial to use strong authentication mechanisms such as strong passwords and multi-factor authentication to ensure the security of our digital identities. This not only creates a high level of trust in the platforms and digital identities we use on them, but also helps to effectively minimize the risk of cyberattacks and keep our data secure.

Variety of digital identities and electronic proof of identity – eIDs for short

Where do we stand today and what official digital identities are there? The following official electronic means of identification – eIDs for short – can currently be used by citizens of the Federal Republic of Germany:

1) The eID function of the ID card

Since the introduction of the new ID card and the Smart eID Act, which came into effect on September 1, 2021, citizens have been able to use the online ID function to identify themselves via the Internet. This function makes it possible to confirm a person’s identity digitally, for example to authorities such as the statutory pension insurance scheme.

2) The electronic residence permit (eAT)

can be used by citizens of non-EU countries living in Germany. Similar to the ID card for German nationals, the eAT offers an online ID function.

Both physical ID documents contain a chip on which the eID is stored and which enables secure identification and authentication. The use of these eIDs requires a reader with which the chip of the ID document can be read, as well as a PIN that the holder of the document enters during authentication.

How does the eID function of the ID card work in combination with the SmartPhone and the official federal ID card app?

The eID function of the ID card can also be used with a smartphone in combination with the official federal ID card app.

To do this, the ID card app reads the required data via the hardware component of the NFC chip integrated in the smartphone. NFC stands for Near Field Communication and enables wireless communication over short distances. Once the ID card is held up to the smartphone, a secure connection can be established via the NFC interface. The AusweisApp Bund then asks the user to enter their personal identification number (PIN) to confirm their identity and complete the authentication process.

This technology enables citizens to identify themselves for online public administration services, such as applying for documents, registering for elections or using insurance benefits, from the comfort of their own home or while on the move. Using the eID function via the AusweisApp Bund is a secure method, as the data transfer is encrypted and the sensitive information is read directly from the chip of the ID card without being stored on the smartphone.

Of course, the data is temporarily stored in the smartphone’s cache. In short, we rely on specially protected hardware security modules within the smart phone. However, apart from the iphone, only a few smart phones so far offer comparable secure enclaves, which are also known as trusted execution environments. We will be taking a closer look at this exciting topic in another podcast series on the subject of confidential computing. For the time being, we should be satisfied with the statement that ID data is not stored on the smartphone, but that the identification procedure is based purely on attribute matching.

What does that mean?

Now, in order to carry out an attribute comparison with my ID card, the remote station must know my attributes, i.e. my first name and surname, in order to confirm these attributes. This generally leads to technical limitations, but we will not concern ourselves with this any further at this point.

Who is responsible for the digitalization of digital identities in Germany?

As we do not have a Ministry for Digital Affairs in Germany – at least not yet – the eID and the ID app are the responsibility of the
Federal Ministry of the Interior and for Home Affairs
the BMI. As the ministry, the BMI must create the technical requirements for digital identification infrastructures in Germany.

The BMI is one of the federal ministries of the Federal Republic of Germany and is responsible for a large number of areas, including internal security and information technology matters.

The BSI, on the other hand, is a subordinate authority of the BMI that deals specifically with issues of
IT security
 issues. BMI and BSI have a hierarchical and functional relationship with each other. The The BSI’s tasks include the development of security standards and recommendations for information technologies as well as the evaluation and certification of IT security systems.

Governikus GmbH & Co. KG is currently responsible for developing the native ID card app, while the Federal Office for Information Security BSI for short, is formally responsible for technical supervision and the
Federal Data Protection Commissioner (BfDI)
 in turn monitors compliance with data protection regulations.

This constellation ensures that the eID function and the associated ID card app meet the high security requirements needed to protect personal and sensitive data.

Since the scenarios that can be used with it have apparently not seemed very interesting to citizens so far, both the eID function of the ID card and the PIN that is mandatory to use the eID are still not very widespread.

Digital Wallet - Rock the Prototype

Digital Wallet – Rock the Prototype

The age of the digital wallet – your smartphone as a keychain for digital identities?

How do we store sensitive information securely? The answer could lie in a digital wallet.

The BMI has entrusted this exciting task to the
federal agency for leapfrog innovation, SPRIN-D
to develop a basic wallet for our multi-layered identification ecosystem.

This is a challenging task, as the amended EU eIDAS Regulation requires every citizen to be able to use a wallet on a smartphone by 2027.

Such a wallet is a decisive step for the digitalization of our country, as efficient digital administration is inconceivable without secure digital identities and the associated infrastructure. A tight schedule whose implementation finally requires the necessary political attention and resources for “digital identities”! The digitalization of our country is hopeless without secure digital identities and connected service scenarios.

A wallet on your smartphone seems to be the perfect place to store digital artifacts. For example, I also entrust the wallet on my smartphone with my bank card or my HVV monthly pass or now my Deutschlandticket. The HVV is Hamburg’s public transport association and shares my wallet with my bank cards, theater tickets and parcel stamps. All of these digital artifacts now end up in my wallet on my iphone.

Do you recognize the complexity?

Now things are getting much more complex with our identity ecosystem. A clear differentiation between different types of digital identities is crucial here:

While a theater ticket and also the QR code for parcel services is only represented by a QR code and can be easily copied and thus duplicated by a simple photograph, this may be fine for these digital artifacts, even if they are personally bound to us and we undertake not to make a duplicate. However, it quickly becomes clear that official ID documents must meet far stricter requirements in terms of IT security.

The digital wallet concept is currently favored for this!

Wanted: The effective protection of a digital identity from its digital twin

Effectively protecting a digital identity from its digital twin is anything but trivial!

A digital twin is a virtual representation of a physical object, process or system, including a digital wallet artifact.

The challenge is that an identical copy of a digital twin, especially in the context of digital identities, carries a potential risk of being misused, as a digital twin could have the same access and verification rights as the original. Strong security measures must therefore ensure the authenticity and uniqueness of the original wallet objects and effectively prevent misuse.

Not all wallets are the same

The wallets on our iPhones and Android devices, although practical for many everyday purposes, have one major limitation: they are‘closed source‘ and are completely under the control of Apple or the Android device manufacturers. This characteristic makes them less ideal places for the secure storage of government ID documents. The high security and trust requirements placed on the storage of such sensitive information require a solution that goes beyond the capabilities of these commercial wallets.

Commercial wallets versus state-controlled wallets

The main difference between a commercial wallet and the planned state-controlled wallet lies in the security and sovereignty of the data. While commercial wallets are excellent for everyday transactions, they do not meet the strict security requirements necessary for the storage and management of official documents and digital identities. A state-controlled wallet should ensure that the highest security standards are maintained on the basis of transparent development and through use within a regulated framework. It also enables the state to retain sovereignty over the verification processes and thus effectively protect the identity of citizens. This initiative is a decisive step towards strengthening trust in digital services and creating a secure basis for ongoing digitalization.

For this reason, official ID documents must be stored in a separate wallet. And in order to create this, the Federal Agency for Leapfrog Innovation SPRIN-D has been commissioned by the BMI to develop such a basic wallet – the
EUdi wallet
 – for this complex identification ecosystem.

It follows that all artifacts stored in this EUdi wallet – specified by the
EUDI Wallet Consortium
 – must also comply with the relevant regulated requirements, including of course the current requirements for IT security.

The same applies to our next eID, the

3) Telematics ID

The telematics ID is an integral part of the telematics infrastructure in the German healthcare system and enables secure digital identification and communication between the various players in the healthcare system, such as doctors, pharmacies, hospitals and health insurance companies and the insured. The telematics ID is used, for example, to ensure secure access to the electronic patient file (ePA) or the electronic prescription (e-prescription). It is a key element in guaranteeing data protection and data security in the digital exchange of health data.

The telematics infrastructure is the integral sector that aims to improve the efficiency, transparency and safety of healthcare provision through digital services. The telematics ID plays a decisive role here by ensuring trustworthy identification of the parties involved and thus laying the foundation for secure data exchange within the data room of the telematics infrastructure.

The Telematik ID identification procedure, which will become more widespread in Germany due to the high number of citizens with statutory health insurance, is part of the digital transformation that aims to supplement physical cards with digital solutions in wallets.

This is an integral part of a digital transformation that makes it possible to transform card-based services into digital offerings with adequate proof of identity. A striking digital service example of this is the video consultation, which illustrates how flexibly local and physical presence requirements can be adapted to user needs through digitalization.

4) Future eIDs

In addition, Germany and the EU are working on the further development of other usable trust services in connection with the eIDAS regulation in order to create cross-border usage options for electronic identification and trust services within the EU.

The aforementioned eIDs therefore represent important building blocks for a secure digital identity in Germany and are key components for the realization of digital administrative services and the secure use of online services.

Coordinated identity management through federated identity providers

Isolated identity management systems are no longer up to date. A federation of federated identity providers is an alternative solution to enable a network of interoperable digital services across different sectors. This decentralized approach promotes increased security through the distributed management of digital identities and creates a trusting space in which these identities are authorized with fine-grained permissions based on roles in different service scenarios.

Federated identity providers are specialized systems that define and authorize digital services within a federated network. Within this federation, the participating organizations are responsible for the internal administration of user identities and access authorizations in order to enable secure interactions with other participants in the federation, as far as the authorization concept provides for this.

A further requirement for such a federation system is to support dynamic membership, i.e. to enable new members to join easily or to terminate a membership or transfer it to another organization without jeopardizing system integrity or system security.

Furthermore, the federated identity concept must support technical users, which in turn must be securely authenticated and authorized by both human users and system components via federated identity providers. This allows technical functions, such as administration and maintenance, to be implemented securely and in compliance with data protection regulations.

A critical aspect of federated identity management is the implementation of fine-grained authorizations for role-based access, which enable detailed and precise control of user interactions with the various services within the network. This ensures that each user – whether human or a system component – receives exactly the access rights that correspond to their role and the associated tasks. This tailored access control and authorization not only strengthens system security, but also optimizes the efficiency and effectiveness of user interactions within the federated network.

Compliance with overarching requirements, for example from established quality standards such as ISO 27010, further underlines the importance of security and interoperability in this context. All with the aim of creating a robust and seamlessly interacting digital ecosystem that eliminates system discontinuities and incompatibilities and promotes the secure exchange of digital identities.

In addition to the already discussed security and interoperability requirements within federated identity systems, it is crucial to address the data protection risks associated with the use of electronic identities (eIDs).

R isks include potential misuse, such as identity theft, unauthorized access to personal information and the unwanted tracking of user activities. To minimize these risks, strict data protection guidelines and technologies must be implemented to ensure user privacy.

Important measures to protect the privacy of eID users include:

  • Data minimization and purpose limitation: Ensure that only the data absolutely necessary for the respective service is collected and processed and that this data is used exclusively for the originally intended purpose.
  • Strong encryption technologies: Use of end-to-end encryption to secure data transmission between users and services and thus minimize the risk of security leaks.
  • Transparency and user control: ensuring that users are always informed about the use of their data and have control over their personal information, including the ability to withdraw their consent to data processing.
  • Regular security audits and updates: By implementing a process for regular security audits and updates, we proactively address emerging threats and vulnerabilities.

Integrating these privacy principles into the architecture of federated identity systems not only strengthens system security, but also promotes user trust in digital identities as secure and reliable tools for online access to services. Compliance with internationally recognized standards, such as ISO 27010 and the General Data Protection Regulation (GDPR), is essential for building a resilient and user-friendly digital identity ecosystem that effectively addresses data protection risks and protects user privacy.

Requirements and standardization for robust identity processes

To enable the implementation of secure identity processes, it is also essential to minimize the risks of a lack of standardization. This debate is crucial in order to avoid vendor lock-in effects and at the same time ensure the security and interoperability of the systems. This forms the foundation for building a sustainable and scalable digital infrastructure.


Key factors for avoiding vendor lock-in and promoting standardization:

  • Vendor lock-in effect: This situation occurs when an organization becomes so dependent on a single provider that switching to another provider is associated with disproportionately high costs or complications. Such a dependency can arise through proprietary technologies and interfaces, which strengthens the provider’s negotiating power and leads to increased costs and reduced flexibility.
  • Lack of standardization: In the area of identity management and federated networks, a lack of standardization can lead to increased dependence on solutions from a single provider. This limits organizations to specific, often proprietary solutions, which entails the risk of a technological dead end.


Impact on identity management and trust models:

  • Costs: Cost increases caused by vendor lock-in due to the lack of availability of alternative solutions.
  • Security risks: Proprietary solutions may be less thoroughly tested than established standards and may have security vulnerabilities.
  • Interoperability: The lack of standardization makes it difficult or impossible for different systems and services to work together smoothly, which limits the benefits of federated identity and trust models.
  • Innovation: A lack of standardization can inhibit the ability to innovate, as the focus is more on adapting to the specific requirements of a provider than on the general improvement of the system.

Risks of a lack of standardization

A lack of standardization not only leads to increased dependence on individual providers, but also has a direct impact on costs, security and the ability to innovate. Without generally accepted standards, organizations are forced to rely on proprietary solutions, which in the long term leads to higher costs, more difficult integration of new technologies and potential security risks. In addition, such a dependency can limit an organization’s ability to react quickly to new market requirements or to implement innovations.

Adoption of established standards such as OpenID Connect

The adoption of established standards such as OpenID Connect is crucial to minimize risks such as vendor lock-in while creating a robust, flexible and secure environment for identity management. These standardized protocols enable seamless interoperability between different systems and services, which is essential for the functioning of federated identity management.

The orientation towards internationally recognized standards also supports the development of trust models and contributes significantly to the security and efficiency of the digital ecosystem by eliminating system discontinuities and incompatibilities and creating an open, seamlessly interacting digital identity space.

It is therefore crucial that all stakeholders – from technology providers to organizations implementing identity management solutions – recognize the importance of standardization and actively contribute to its promotion. This is the only way to create a robust, interoperable and future-proof ecosystem for digital identities that meets the requirements of an increasingly networked and digitalized world.

Quality control in identity management and the federation of identities

Let’s now focus on effective quality control measures to ensure strict safety, compliance and quality criteria. Strict security, compliance and quality criteria as well as standards-based audits and penetration tests are decisive measures that provide an objective assessment of the security mechanisms and help to strengthen trust and continuously improve the system.

Certifications

Certifications are an important quality assurance measure in the area of identity management and federation. They provide formal confirmation that a system or service meets certain standards in terms of security, reliability and compliance. Well-known certifications in this context could be ISO/IEC 27001 for information security management or specific certificates for OpenID Connect. By obtaining such certification, organizations can prove that they meet strict quality criteria and that their system is trustworthy.

Penetration tests (pentests)

Penetration tests are targeted attacks on a system with the intention of finding and documenting security vulnerabilities. In the context of identity management and the federation of identities, they are particularly valuable for identifying potential weaknesses in the authentication and authorization process. Pentests are usually carried out by specialized security companies that have no connection to the organization being tested to ensure an objective assessment.

Why are these measures important?

Both measures, certifications and pentests, provide an objective check and validation of a system’s security mechanisms. They help to strengthen the trust of users and the parties involved in the federation. They also allow organizations to proactively manage security risks and make continuous improvements, which contributes to the reliability and integrity of the entire system in the long term.

Quality control

Last but not least, ongoing quality controls must ensure that certifications and penetration tests are not only presented as tools for security assessment, but as an active part of a comprehensive strategy for quality assurance and continuous improvement of identity management and the federation of identities.

We are already well on the way to a standardized and seamless digital identity infrastructure. Many players are already actively involved in overcoming the existing challenges and developing innovative approaches for the management and use of secure digital identities.

I hope this episode of our podcast has given you valuable insights into the world of digital identities.

Stay tuned, because our series on digital identities continues in the next episode.

In the next part of our three-part special “Rock the Prototype” on the topic of digital identities, we take a closer look at OpenID Connect, a key element.

You will gain insights into the OpenID Federation and understand why the OIDC authentication protocol was developed. This protocol is based on the OAuth framework and extends it to enable authentication and identity verification of users in web applications, APIs and mobile apps.

If you have any questions or would like more information, please do not hesitate to contact us. Don’t forget to subscribe to our podcast and support us with your rating. Your feedback is important to us, so please leave a comment!

Thank you very much for your attention, and I look forward to welcoming you back in the next episode of “Rock the Prototype”!

Your Sascha Block

About the Author:

Sascha Block

I am Sascha Block – IT architect in Hamburg and the initiator of Rock the Prototype. I want to make prototyping learnable and experiential. With the motivation to prototype ideas and share knowledge around software prototyping, software architecture and programming, I created the format and the open source initiative Rock the Prototype.