Comment on page
Identity Management (IM)
The IM building block allows identification, authentication, and authorisation of stakeholders operating in a data space. It ensures that organisations, individuals, machines, and other actors are provided with acknowledged identities, and that those identities can be authenticated and verified, including additional information provisioning, to be used by authorisation mechanisms to enable access and usage control. The IM building block can be implemented on the basis of readily available IM platforms that cover parts of the required functionality.
Provides authentication and authorisation of data space participants.
Examples of open-source solutions are the KeyCloak infrastructure, the Apache Syncope IM platform52, the open-source IM platform of the Shibboleth Consortium53, or the FIWARE IM framework54. It would be particularly important to integrate the IM building block with the eID building block of the Connecting Europe Facility (CEF)55 supporting electronic identification of users across Europe.
Creation of federated and trusted identities in data spaces can be supported by European regulations such as EIDAS.
- In the InterConnect Semantic Interoperability Framework ( SIF) we deployed a set of tool to account for the Trust building block, particularly the "Identity Management" and "Access & usage control". We rely in the "off-the-shelf" Keycloak IDP system to provide AAA services.
- Accounting is managed via the Service Store (component of the SIF) and via the Generic Adapters (InterConnect gateways).
- Lightweight Access & usage control is provided via this toolset. Trusted exchange is not explored.
- Authentication and Authorization
- Policy management
- Role management
- Secure Data Transfer and Anonymization
- Data Encryption
- Proxy
- Data Transfer Transparency
- Data Transfer Management
- Data Transfer Tracking
- Data Transfer Monitor
- Data Management
- Batch Data Transfer Management
- Data Stream Management

EGI Check-in is a proxy service that operates as a central hub to connect federated Identity Providers (IdPs) with EGI service providers. Check-in allows users to select their preferred IdP so that they can access and use EGI services in a uniform and easy way.
All interactions with the SIF require the use of AAA mechanisms. We host the IDP system as part of our backend that support all AAA features to our gateways ( Generic Adapters). The system relies in the reference implementation for OAuth 2.0.All interactions with the SIF require the use of AAA mechanisms. We host the IDP system as part of our backend that support all AAA features to our gateways ( Generic Adapters). The system relies in the reference implementation for OAuth 2.0.
- OpenID Connect flows have been implemented by different components of the FIWARE Catalogue:
- Keyrock implements the functions of Identity Provider. See: https://github.com/ging/fiware-idm
- API gateways implementing the OpenID Connect flows. The extended version of the Kong API gateway via plugins is recommended.
- Portfolio of pioneer use cases relying on the i4Trust framework and using FIWARE Keyrock and API gateways.
Based on sovereignty and standardization, Catena-X creates a network in which data exchange as well as the provision and use of value-added services is realized. Access to the network is centralized via the Catena-X Portal. With focus on usability, the portal integrates different Catena-X services on a suitable user interface.
Participants get access to different services and business applications. As a trusted network, the Catena-X Portal has the ability to solve daily challenges quickly and easily. Participants not only receive a transparent presentation of all offers and services, but also a resource-efficient connection to the value creation of the automotive industry.
The Catena-X portal will be implemented by means of a customer-friendly connection process and a central identity and user management system. On the other hand, a marketplace for applications and data as well as a developer hub will serve for the realization.
As a verified user with idento.one, you can manage your digital identity from anywhere and on any device. Your idento.one dashboard gives you an overview of the digital services you use, from online banking to your social networks. You decide which service can access your data, when and how. You keep control of your data, only you can share them with whom you want to and when you want to.
Last modified 4mo ago