Secure cross-cloud single sign-on (SSO) using eIDs

Most cloud computing service providers secure their offered cloud services by username/password schemes, which have been proven to be weak. While such schemes may be sufficient for simple personalized services, e-Government or e-Health applications in the cloud require more reliable and stronger mechanisms. One of such mechanisms are electronic IDs (eID), which allow for unique qualified identification and strong authentication. EIDs have been rolled-out in many EU Member States since years. In this paper we present how various national eIDs can be used for secure cloud authentication. We therefore extended the STORK eID interoperability framework, which will be the relevant identification and authentication framework across Europe in future. Furthermore, we increased usability by additionally applying single sign-on (SSO). Single sign-on defines the ability to authenticate just once in a distributed environment and gain access to several protected services. In fact, by our extended STORK architecture citizens of 18 EU Member States - those Member States that support STORK - are able to use seamless authentication at different cloud service providers by using their own national eID.