Information Technology Reference
In-Depth Information
Federation Identity
- in the proposed model, we used SAML token as the
federation ID. SAML token is issued to users, government civil servants or
platforms itselves after proper entity's authentication to the STS server. The
STS server issues the SAML token to the users after successful entity's
authentication based on the entity's electronic certificate.
User authorization to the proposed platform
- a process of the user
authorization to the platform is based on the obtained SAML token carrying
the user's role which is presented to the m-government platform together with
the signed m-governmental service request. The SAML token could also serve
as the Federation ID to access any other Web service-based governmental
platform without a need for the user to be authenticated again.
Authenticity, Integrity and Non-repudiation of transactions
- the user
applies digital signature (XML Signature) on each request sending to different
entities (STS server, m-government platform) based on RSA algorithm.
Confidentiality
- in the proposed model, the WS-Security mechanism (WS-
Encryption) is used to encrypt all communication between the Secure JAVA
Mobile application and STS server and/or m-government platform. This
request-response application protocol is much more suitable for the mobile
communication system compared to session-based SSL/TLS protocols,
proposed in [4], since it does not need much more expensive session
establishment between the user and the server side.
Electronic signature verification on the user's side
- Secure JAVA mobile
application has functions of electronic signature verification of transactions
(Web service responses from different entities) including electronic certificate
validation function. The latter function is implemented by applying
communication with XKMS server which is more natural solution to SOAP
based request-response Web service systems than using CRL (Certificate
Revocation List) validation or other techniques described in [4].
Long-term validity of transactions
- in order to justify reliable time of
creating m-government requests and documents, we used time stamping in
order to include reliable and signed time stamps both to the user's requests and
governmental responses (m-government documents). This enables a more
reliable proof of time when requests/documents are created as well as a fact if
that signer's electronic certificates were valid in the moment of signing.
Besides, implemented time stamping functionality enables possibility to realize
functions of long-term validity of stored requests/documents.
3 Possible m-Government Architecture
The proposed m-government model is presented on Fig. 1 [2], [3] and consists of:
Mobile users (citizen, companies) who send some Web Services requests to m-
government platform for a purpose of receiving some governmental documents
(e.g. residence certificate, birth or marriage certificates, etc.). These users use
secure JAVA mobile Web Service application for such a purpose.
Fixed/Desktop users connecting to the proposed Web Service governmental
platform through some desktop secure Web Service application (could be
JAVA-based too).
Search WWH ::
Custom Search