Interoperable Identity Services
Søren Peter Nielsen, National IT and Telecom Agency, Denmark
In relation to identity (aka. claims) services government is wearing (at least) two hats. First, Government
must act as the policy setting body regulating usage of identity services in general for society.
From a policy perspective it is important for government to enable privacy and security for the individual
citizen and evolution of an enabling IT-infrastructure that also support competition, innovation and
Besides setting policy government is also a deployer of identity services. These services are required in
many citizen-to-government and business-to-government solutions as well as for government-to-
As a deployer of identity services government can be quite a big customer. In the Danish case public
sector covers a third of the labor market. Thus the government sector is a large customer in the market.
In the Danish public sector federation we have chosen to use the OASIS SAML 2.0 standard for all
members in the federation to accelerate uptake and to keep integration costs down. The federation
standard was chosen by weighing a number of criteria. Three major criteria being weighed were
• Is it an open standard? - to adhere to a policy of openness
• Is the standard supported by the market? - to support uptake
• Are there third party interoperability testing programs for the standard?
- to lower individual integration costs.
To help diffusion of the federation standard the Danish National IT and Telecom agency developed
open source reference implementations adhering to the Danish SAML 2.0 eGov profile named OIOSAML.
With all major vendors of IAM products supporting SAML 2.0 and availability of open source reference
implementations service providers in the Danish federation now have a good choice of suppliers.
With more and more providers of software as a service (SaaS) providers supporting SAML 2.0 members
of the Danish federation can use their existing infrastructure for identity services to take advantage of
cloud based services.
The Danish federation support sending different pseudonyms representing a user to service providers
instead of disclosing the users real world identity. This is one way to ensure privacy for citizens.
Denmark benefit from having a homogeneous infrastructure for
At the same time we have from the start recognized that our federation must not be defined by
whichever technology that is chosen chosen. Our architecture must be able to take advantage of new
developments with regard to identity services. That has always been a clear goal.
For example, note the momentum in identity services for social networking. Imagine if we can swing a
lot of citizens otherwise not reachable over the digital service channel by supporting such identity
services. If such a situation arises we are able to do so.
To abstract from technology tie-in the Danish federation defines four levels of authentication. Service
Providers determine, based on a risk analysis, which level of authentication their application requires.
Identity Providers include in the assertion (aka. claim) to the service provider information about the level
of authentication accomplished for the given user. This way the Danish federation has a major piece of
policy in place to support different technologies and standards that delivers different levels of
authentication - if and when required.
Further, the Danish federation technical architecture has well defined places of decoupling, which allow
new technologies to be added while still taking advantage of the core infrastructure.
The really important glue of the federation is the policies and agreements assuring the necessary trust
between users, service providers and "identity fabric" services like identity providers and attribute
services. We applaud the initiatives in the market to demonstrate interoperability between different
technologies. However, much more work is needed to figure out how to get inter operable policies
between different circles of trust. Liberty Identity Assurance Framework is a good start here, but more
work is needed. It would be good to see research, vendors and large service providers to engage more in
Responding to the individual questions.
• What are the key challenges in making identity services interoperable?
o Key challenges: Work on making trust enabling policies interoperable is still in its infancy.
It is expensive to have identity services based on different technologies
• What are the biggest security threats to identity services? How to mitigate the threats?
o The most critical is if the integrity of our federation is compromised. If a central identity
provider is compromised it has huge consequences compared to a case where the
credential of a single user is compromised. Mitigation on the short run is to assure
relevant policies mandating secure operations of identity providers and similar critical
services coupled with independent audit.
• What will be the next frontier in identity services? (SaaS, cloud computing, mobile, etc.)
o We are making our identity services work with SaaS offerings that often are cloud based.
We pilot three mobile services on our citizen portal this year.
o Another more untouched frontier is how to put the user more in direct control of their
credentials where the users can choose to generate different keys for different services
while still maintaining the right level of assurance.
• How should privacy concerns be addressed?
o The easy answer is that citizens who wish so should be in full control of their own data -
and only release claims regarding the data instead of the actual data itself (for example
instead of releasing the birth date a service provider may only require a claim that states
whether the user is above the age of 18). A much harder question is how to get to this
situation. On the shorter run strong policies governing the treatment of personal data are
needed together with actual compliance auditing.
• How can trust between different services and users be established in identity transactions? How
to convey and evaluate the assurance of identity among them?
o In Denmark we have created the Danish public sector federation to vouch for the
individual parties in the federation, and thus create the necessary trust between user and
service. However, our federation agreements do not scale beyond Denmark. We need a
common language to describe the identity assurance necessary to create trust between
services and users in a context larger than an individual country – as well as independent
auditors to vouch for the levels of assurance claimed. The best initiative we are aware of
in this area is the Liberty Identity Assurance Framework.