Attribute Hierarchies to Tally Fish

Attribute Hierarchies to Tally Fish

Andreas Mitrakas (European Network and Information Security Agency (ENISA), Greece)
DOI: 10.4018/978-1-61520-769-5.ch012
OnDemand PDF Download:
No Current Special Offers


This chapter presents a model that addresses some shortcomings associated with limitations in the way that electronic identities are used in an application environment. This model, Snowflake, allows the exchange of validation data in order to establish trust when identity attributes are used in applications. Snowflake leverages upon groups of validation authorities as electronic intermediaries to facilitate application interoperation. The application area of choice is the electronic reporting of fish catches by a vessel’s master in line with the European Union legal framework. Grouping together the services of multiple validation authorities maximises the utilisation of resources available especially in environments that do not shy out in sharing resources and data such and the electronic fish logbook provides a good platform in this respect.
Chapter Preview


Electronic identity management has emerged as the lynchpin of various eGovernment applications that depend on user authentication. Electronic identities based on electronic signatures allow the identifying, authenticating and ensuring the non-repudiation and integrity of a transaction. Electronic identity management also allows users to act under a role in environments where a multifunctional approach is necessary. Attributes can be leveraged upon to come up with identity services in areas where there is a need to link a user with a role rather than with its real life identity. The growing use of electronic identity technologies in disparate groups of users has also highlighted the need for interoperability at the application level in order to allow for better diffusion of the benefits associated with these transactions. As applications grow in what is often perceived as isolated contexts, it is often necessary to ensure efficient application management by leveraging upon data sets generated in these isolated contexts. Snowflake is an architecture that allows the exchange of information in order to establish trust in an electronic identity management based on a validation centric model. The remainder of this paper addresses the following areas: an overview of interoperability and identity, some considerations on an electronic identity model based on intermediaries and Snowflake, a model that enhances interoperability through a specific business process that relies on grouping together validation authorities.

The remainder of this Chapter describes the background of identity management upon which eGovernment services build. The use of attributes is described in the context of extending their functionality in a way that allows for carrying out performative transactions. To allow the interoperation of attribute hierarchies to interoperate, an interoperability architecture based on the validation of attribute certificates is discussed in a way that permits the interoperability of multiple validation authorities. This attribute validation model is set up against the transactions background of the electronic fish logbook, in line with the prevailing legal framework in the European Union. This Chapter claims that (a) attributes can replace fully fledged identities where it is not necessary or desirable to reveal fall or most identity elements in due consideration of privacy or the requirements of a transaction; (b) additionally a validation centric interoperability model can provide an alternative to interoperable certification authorities, the policy criteria of which might be a challenge to reconcile; (c) discreet policy environments and formal applications and transactions such as the electronic fish logbook can benefit from the functional interoperability allowed under the proposed certificate validation model in a way to facilitate European Union policies in terms of functional cooperation in discreet areas of public services.

Complete Chapter List

Search this Book: