Skip to main content
Log in

Solving identity delegation problem in the e-government environment

  • Regular Contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript


At present, many countries allow citizens or entities to interact with the government outside the telematic environment through a legal representative who is granted powers of representation. However, if the interaction takes place through the Internet, only primitive mechanisms of representation are available, and these are mainly based on non-dynamic offline processes that do not enable quick and easy identity delegation. This paper proposes a system of dynamic delegation of identity between two generic entities that can solve the problem of delegated access to the telematic services provided by public authorities. The solution herein is based on the generation of a delegation token created from a proxy certificate that allows the delegating entity to delegate identity to another on the basis of a subset of its attributes as delegator, while also establishing in the delegation token itself restrictions on the services accessible to the delegated entity and the validity period of delegation. Further, the paper presents the mechanisms needed to either revoke a delegation token or to check whether a delegation token has been revoked. Implications for theory and practice and suggestions for future research are discussed.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or Ebook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Similar content being viewed by others


  1. Decision 2004/387/EC of the European Parliament and of the Council of 21 April 2004 on the interoperable delivery of pan-European eGovernment services to public administrations, businesses and citizens (IDABC). Off. J. Eur. Union Luxembourg, L 181, 25–35 (18 May 2004)

  2. Communication from the Commission to the Council, the European Parliament, the Ecomnomic and Social Commitee and The Comittee of Regions—eEurope 2005: An information society for all [COM(2002) 263 final]. Brussels (28 May 2002)

  3. Communities, Commission of the European. Communication from the Commission to the Council, the European Parliament, the European Economic and Social Committee and the Committee of the Regions. i2010 eGovernment Action Plan: Accelerating eGovernment in Europe for the Benefit of All. (25 Apr 2006).

  4. General, European Commission Information Society and Media Directorate. Signpost towards eGovernment 2010. (Nov 2005)

  5. AAVV: A Roadmap for a pan-European eIDM Framework by 2010. Version 1.0. Accessed Aug 2010

  6. Graux, H., Dumortier, J.: Report on the State of Pan-European eID Initiatives. Technical Department, ENISA (2009)

  7. Team, The Modinis IDM Study: Modinis Study on Identity Management in eGovernment: Common Terminological Framework for Interoperable Electronic Identity Management. Version 2.01. (23 Nov de 2005). Accessed Aug 2010

  8. Brmme, A., Busch, C., Hhnlein, D.: Cross-Context Delegation through Identity Federation. In: Peeters, R., et al. (eds.) Proceedings of the Special Interest Group on Biometrics and Electronic Signatures. Vols. Lecture Notes in Informatics (LNI) P-137. Bonner Kllen Verlag, pp. 79–92 (2008)

  9. Alrodhan, W., Mitchell, C. J.: A delegation Framework for Liberty. In: Proceedings of the 3rd Conference on Advances in Computer Security and Forensics (ACSF’08). Liverpool John Moores University, Liverpool, pp. 67–73 (2008)

  10. Sandhu R. et al.: Role-based access control models. IEEE Comput. 29, 38–47 (2006)

    Google Scholar 

  11. Zhang, L., Ahn, G., Chu, B.: A rule-based framework for role-based delegation. In: Proceedings of the Sixth ACM Symposium on Access Control Models and Technologies. pp. 153–162 (2001)

  12. Welch, V., et al.: X.509 Proxy Certificates for Dynamic Delegation. 3rd Annual PKI R&D Workshop (2004)

  13. Gomi, H., et al.: A delegation framework for federated identity management. In: Proceedings of the 2005 Workshop on Digital identity management. Fairfax, VA, USA (2005)

  14. Farrell, S., Housley, R.: An Internet Attribute Certificate Profile for Authorization. IETF RFC 3281 (2002)

  15. Liberty Alliance Project. Accessed Aug 2010

  16. Komura, T., et al.: Proposal of delegation using electronic certificates on single sign-on system with SAML-protocol. SAINT’09. Ninth Annual International Symposium on Applications and the Internet (2009)

  17. Tuecke, S., et al.: Internet X.509 Public Key Infrastructure (PKI) Proxy Certificate Profile. IETF RFC 3820 (2004)

  18. Ragouzis, N., et al.: Security Assertion Markup Language (SAML) V2.0 Technical Overview. v16. (2008), Accessed June 2010

  19. Housley, R., et al.: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. IETF RFC 3280 (2002)

  20. Cooper, D., et al.: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. IETF RFC 5280 (2008)

  21. Myers, M., et al.: X.509 Internet Public Key Infrastructure Online Certificate Status Protocol—OCSP. IETF RFC 2560 (1999)

  22. OASIS: SAML. Online Community for the Security Assertion Markup Language (SAML) OASIS Standard. Accessed June 2010

  23. Maler, E., Mishra, P., Philpott, R.: Assertions and Protocol for the OASIS Security Assertion Markup Language (SAML) V1.1. Accessed June 2010

  24. OASIS: OASIS Security Services Technical Committee. Accessed June 2010

  25. OASIS: Organization for the Advancement of Structured Information Standards. Accessed June 2010

  26. GridShib: Accessed June 2010

  27. VVAA: An X.509 Binding for SAML.

  28. Berners-Lee, T., Fielding, R., Masinter, L.: Uniform Resource Identifier (URI): Generic Syntax. IETF RFC 3986 (2005)

  29. Web Services Addressing 1.0—Core: W3C Recommendation. Accessed May 2010

  30. Duerst, M., Suignard, M.: Internationalized Resource Identifiers (IRIs). IETF RFC 3987 (2005)

  31. Federal Information Processing Standards Publication (FIPS PUB) 180-2. Secure Hash Standard (2002)

  32. Myers, M., et al.: X.509 Internet Public Key Infrastructure Online Certificate Status Protocol—OCSP. IETF RFC 2560 (1999)

  33. Oracle Corporation: Java. Accessed June 2010

  34. Java SE Downloads: Accessed June 2010

  35. Oracle Corporation: Netbeans IDE. Accessed June 2010

  36. The Apache Software Foundation: Apache Tomcat. Accessed June 2010

  37. The Legion of the Bouncycastle. Bouncy Castle Crypto APIs for Java. Accessed June 2010

  38. University of Chicago. Globus Toolkit. Accessed June 2010

  39. Board of Trustees of the University of Illinois. GridShib. Accessed June 2010

Download references

Author information

Authors and Affiliations


Corresponding author

Correspondence to Sergio Sánchez García.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Sánchez García, S., Gómez Oliva, A., Pérez Belleboni, E. et al. Solving identity delegation problem in the e-government environment. Int. J. Inf. Secur. 10, 351–372 (2011).

Download citation

  • Published:

  • Issue Date:

  • DOI: