A privacy-preserving eID based Single Sign-On solution

Single Sign-On (SSO) has become a popular technology allowing users to identify and authenticate once and to gain access to different resources in a distributed computing environment. Austrian e-Government relies on a secure and privacy-preserving sectoral identity management model. Even if a sectoral identifier model improves privacy, it also negatively affects the usability of authentication processes. In Austria, most public sector applications use an open-source identity provider called MOA-ID. However, due to the sectoral identity management MOA-ID has not been Single Sign-On-capable. In this paper we present a security architecture that enables Single Sign-On between different governmental applications using MOA-ID as identity provider while meeting the requirements for sectoral data privacy protection at the same time. We achieve this by transforming unique sectoral identifiers of users with the help of an additional trusted attribute provider.