Abstracts

Electronic identification is used by an individual to prove who he or she is by electronic means and is normally used for logging in to various services. In Sweden there are a number of different solutions that are developed and provided by different parties. In order to promote and coordinate electronic identification for public services, the Swedish E-identification Board was founded in 2011. The Board has developed a technical framework for integration between the Relying Party and the Identity Provider based on the Security Assertion Markup Language V2.0 (SAML) standard. SAML is a quite old standard that has some limitations complicating an electronic identification solution based on it. A newer competing standard is OpenID Connect, which could be a possible candidate as an alternative to SAML. The objective of this thesis is to determine to what extent it is possible to ensure confidentiality, integrity, and accountability in an electronic identification based on OpenID Connect. To achieve this, a number of requirements for electronic identifications were identified and a design proposal based on OpenID Connect was developed together with a proof-of-concept implementation. The design proposal was evaluated against the requirements, with the final result that an electronic identification based on OpenID Connect could meet the requirements. E-legitimation anvnds av en individ fr visa vem han eller hon r p elektronisk vg och anvnds vanligtvis fr att logga in p olika tjnster. I Sverige finns ett antal olika lsningar som utvecklas och tillhandahlls av olika parter. Fr att frmja och samordna elektronisk identifiering fr offentliga tjnster grundades E-legitimationsnmnden 2011. Nmnden har tagit fram ett tekniskt ramverk fr integrationen mellan Frlitande Part och Legitimeringstjnst baserad p Security Assertion Markup Language V2.0 (SAML) standarden. SAML r en relativt gammal standard med vissa begrnsningar som komplicerar en e-legitimationslsning baserad p den. En nyare konkurrerande standard r OpenID Connect, vilket kan vara en mjlig kandidat som ett alternativ till SAML. Syftet med detta examensarbete r att underska i vilken utstrckning det r mjligt att skerstlla sekretess, integritet och ansvarsskyldighet fr en e-legitimation baserad p OpenID Connect. Fr att uppn detta, identifierades ett antal krav fr e-legitimationer och ett designfrslag baserat p OpenID Connect utvecklades tillsammans med en proof-of-concept implementation. Designfrslaget utvrderades mot kraven, med det slutliga resultatet att en e-legitimation baserad p OpenID Connect kan uppfylla kraven.