Architectures and protocols for secure information technology are crucial to satisfy security requirements of current e-government solutions. Identity plays a central role in most e-government solutions, as users typically need to be reliably identified and authenticated. User identification and authentication approaches usually rely on complex cryptographic methods and sophisticated technical solutions. Additionally, these solutions need to be backed by appropriate organizational and legal frameworks that assure the legal validity of provided identification and authentication approaches. In this chapter, the authors introduce the Austrian identity ecosystem that represents one of the main pillars of the Austrian e-government infrastructure. They discuss underlying concepts and main building blocks of this comprehensive ecosystem and show how architectures and protocols for secure information technology are employed to assure the security of user identification and authentication processes. By discussing concrete use cases, the authors illustrate the applicability of the Austrian identity ecosystem for both Austrian and foreign citizens.
TopIntroduction
Identity is an important concept of various scientific disciplines and has also become common in popular discourse (Fearon, 1999). Due to its frequent use, the term ‘identity’ is often used without any further explanations and definitions, ignoring its multiple meanings. Given the complexity of the term and concept of identity, it is unsurprising that various different definitions can be found in literature. Hogg et al. (1988) define identity as ‘people’s concepts of who they are, of what sort of people they are, and how they relate to others’. According to Katzenstein (1996), ‘the term [identity] (by convention) references mutually constructed and evolving images of self and other’. White (1992) states that ‘identity is any source of action not explicable from biophysical regularities, and to which observers can attribute meaning’. The different definitions of the term ‘identity’ emphasize the multiple meanings and interpretations of this term and its relevance for many scientific disciplines.
Identity plays also a central role for governments and public administrations. Usually, such institutions have a rather pragmatic view on the abstract term identity. For these institutions, identity is basically a necessary concept that facilitates the implementation of governmental and administrative procedures. Each person that participates in such a procedure is assigned a unique identifier (e.g. a number) that unambiguously distinguishes this person from others. This concept is applied to both natural and legal persons in the same way. The use of abstract numbers is necessary as in large administrative districts (such as states or nations) the name and date of birth of citizens are usually not sufficient to allow for an unambiguous distinction of users.
Identity has played an important role in the accomplishment of governmental and administrative procedures for a long time. Citizens have become used to identify themselves by showing an ID or passport when participating in official procedures or applying for official services. During the past years, Information and Communication Technologies (ICT) have significantly changed the way administrative procedures are conducted by both public administrations and citizens. Attempts to leverage ICT in order to improve the efficiency of governmental procedures are subsumed under the term e-Government. E-Government allows citizens to carry out administrative procedures over the Internet without the need to personally show up at administrative offices. One of the biggest challenges in e-Government is the development and deployment of appropriate means to reliably identify persons that actively participate in Internet-based e-Government procedures. This typically involves the deployment of an electronic ID (eID) that is linked to the person’s identity and is used to unambiguously identify this person in electronic governmental procedures.
Many European countries have rolled-out electronic IDs to their citizens on national level since years. In the special case of Austria, the so called Citizen Card represents the national eID that allows citizens to securely identify and authenticate at online procedures. The Austrian Citizen Card concept has already been introduced in 2002 and has been designed to be applicable in both the public and the private sector. Public administrations use the Citizen Card concept to reliably identify and authenticate citizens in e-Government procedures. At the same time, the Citizen Card concept is also used by the private sector to protect access to security sensitive applications such as e-Banking. This way, the Citizen Card has emerged being a key concept and core component of various security sensitive online services in Austria.
During the past ten years, a complex and powerful ecosystem of Citizen Card related concepts and components has evolved to address emerging challenges such as integration of legal identities, electronic mandates, or interoperability with foreign eID solutions. In this article we introduce the Austrian identity ecosystem in detail. Starting from the Citizen Card concept, which represents the key element of the entire ecosystem, related concepts and components of the Austrian identity ecosystem are introduced and discussed. We show how the set of well-established concepts and components is used to securely authenticate national and foreign citizens and how advanced concepts such as legal identities and electronic mandates are considered. We will especially elaborate on security and privacy requirements of electronic identities and discuss how these issues are addressed by the Austrian identity ecosystem.