The IM building block allows identification, authentication, and authorisation of stakeholders operating in a data space. It ensures that organisations, individuals, machines, and other actors are provided with acknowledged identities, and that those identities can be authenticated and verified, including additional information provisioning, to be used by authorisation mechanisms to enable access and usage control. The IM building block can be implemented on the basis of readily available IM platforms that cover parts of the required functionality.
Role and Scope
Provides authentication and authorisation of data space participants.
Features 1
DSBA - CTO architecture coherence
Identification
Authentication
Authorization policy description language
Authorization framework
Components and Technologies 1
Design Principles Position Paper
Examples of open-source solutions are the KeyCloak infrastructure, the Apache Syncope IM platform52, the open-source IM platform of the Shibboleth Consortium53, or the FIWARE IM framework54. It would be particularly important to integrate the IM building block with the eID building block of the Connecting Europe Facility (CEF)55 supporting electronic identification of users across Europe.
Creation of federated and trusted identities in data spaces can be supported by European regulations such as EIDAS.
i3-Market Project
User-centric Authentication.
W3C Verifiable
Credentials Data Model 1.0
W3C Decentralized Identifiers (DIDs) v1.0
EGI-ACE
iSHARE Foundation
H2020 InterConnect
In the InterConnect Semantic Interoperability Framework ( SIF) we deployed a set of tool to account for the Trust building block, particularly the "Identity Management" and "Access & usage control". We rely in the "off-the-shelf" Keycloak IDP system to provide AAA services.
Accounting is managed via the Service Store (component of the SIF) and via the Generic Adapters (InterConnect gateways).
Lightweight Access & usage control is provided via this toolset. Trusted exchange is not explored.
i4Trust
OpenID Connect has been adopted as common standard.
Features 2
DSBA - CTO architecture coherence
Digital Identities and Authentication
Digital Identities
Authorization
Identification & Authentication of Organisations, individuals, machines, etc.
Authorization framework
i3-Market Project
Authentication and Authorization
Policy management
Role management
Secure Data Transfer and Anonymization
Data Encryption
Proxy
Data Transfer Transparency
Data Transfer Management
Data Transfer Tracking
Data Transfer Monitor
Data Management
Batch Data Transfer Management
Data Stream Management
Technical Reference Implementation
Design Principles Position Paper
A user within an organisation registered with a data space provides his/her log-in credentials to the IM module in order to gain access to the data of the data space in line with his/her role in the organisation.
EGI-ACE
H2020 InterConnect
All interactions with the SIF require the use of AAA mechanisms. We host the IDP system as part of our backend that support all AAA features to our gateways ( Generic Adapters). The system relies in the reference implementation for OAuth 2.0.All interactions with the SIF require the use of AAA mechanisms. We host the IDP system as part of our backend that support all AAA features to our gateways ( Generic Adapters). The system relies in the reference implementation for OAuth 2.0.
i4Trust
OpenID Connect flows have been implemented by different components of the FIWARE Catalogue:
Keyrock implements the functions of Identity Provider. See: https://github.com/ging/fiware-idm
Business Use Cases Implementation
Catena-X
Based on sovereignty and standardization, Catena-X creates a network in which data exchange as well as the provision and use of value-added services is realized. Access to the network is centralized via the Catena-X Portal. With focus on usability, the portal integrates different Catena-X services on a suitable user interface.
Participants get access to different services and business applications. As a trusted network, the Catena-X Portal has the ability to solve daily challenges quickly and easily. Participants not only receive a transparent presentation of all offers and services, but also a resource-efficient connection to the value creation of the automotive industry.
The Catena-X portal will be implemented by means of a customer-friendly connection process and a central identity and user management system. On the other hand, a marketplace for applications and data as well as a developer hub will serve for the realization.
idento.io
Best practices identification and recommendations
i3-Market Project
W3C Verifiable Credentials specification provides a standard way to express credentials on the Web being cryptographically secure, privacy respecting, and machine-verifiable.
EGI-ACE
Federation of Identity providers and proxy component.
Combination of user attributes originating from various authoritative sources (IdPs and attribute provider services) and delivers them to the connected Service providers in a transparent way.
iSHARE Foundation
H2020 InterConnect
For this building block we implemented a Security and Privacy Plan (SPP) devised within the project. In a nutshell is a joint approach for using STRIDE and LINDUN approaches, enabling our service owners (the users of the SIF) to take informed decisions.
Gap or what is missing?
EGI-ACE
Evolution towards SSI.
i4Trust
FIWARE components implementing this building block (Keyrock, Kong plugins) are evolving to bring support to DIDs (Decentralized Identifiers) and Verifiable Credentials/Presentations, following recent W3C standards, as mean to manage identities.
TRL
Comments
Additional Information
iSHARE Foundation
i4Trust
Last updated
based on Keycloack for OIDC provider
Identity providers are a key items to assure the trust, iSHARE utilises existing Identity providers and only sets requirements to identity providers to assure the same level of assurance or trust. Check out more information .
Go to the for more detailed information.
is a proxy service that operates as a central hub to connect federated Identity Providers (IdPs) with EGI service providers. Check-in allows users to select their preferred IdP so that they can access and use EGI services in a uniform and easy way.
API gateways implementing the OpenID Connect flows. The extended version of the is recommended.
of pioneer use cases relying on the i4Trust framework and using FIWARE Keyrock and API gateways.
More details about .
As a verified user with , you can manage your digital identity from anywhere and on any device. Your idento.one dashboard gives you an overview of the digital services you use, from online banking to your social networks. You decide which service can access your data, when and how. You keep control of your data, only you can share them with whom you want to and when you want to.
The EIDAS framework is at the same level of trust, hence EIDAS and iSHARE are connected, further reading .
