Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Options for integrating eID and SAML

: Hühnlein, Detlef; Schwenk, Jörg; Wich, Tobias; Mladenov, Vladislav; Feldmann, Florian; Mayer, Andreas; Schmölz, Johannes; Bruegger, Bud; Horsch, Moritz


Groß, T. ; Association for Computing Machinery -ACM-:
Proceedings of the 2013 ACM workshop on Digital identity management, DIM '13 : Friday, 8 November 2013, Berlin, Germany
New York: ACM, 2013
ISBN: 978-145-032-493-9
Digital Identity Management Workshop (DIM) <2013, Berlin>
Conference Paper
Fraunhofer IAO ()

Several European countries currently introduce highly sophisticated eID functionality in their national identity cards. This functionality typically has no direct relation to web security standards, but will be integrated with web technologies to enable browser-based access to critical resources. The research challenge to combine eID protocols and web standards like TLS in a secure way proves extremely challenging: The security of many of the proposed systems boils down to HTTP session cookies and TLS server certificates. Therefore, the overall security is not improved and does not justify the additional costs. In this paper, we investigate this security challenge for the German national identity card and its eID functionality. We show that the solution currently standardized by the German government does not offer any additional security, by giving an in-depth analysis of the complete software system. We discuss several possible paths to an enhanced solution based on T LS channel bindings. Finally, we describe a system setup based on the SAML Holder-of-Key Web Browser Profile, which also mitigates interoperability problems.