Central authentication system SI-CAS 1941 views
Users can authenticate using different e-identities of domestic and foreign identity providers. E-identities can have different trust assurance levels from the lowest level (user names and passwords, FB profile, ...) to the highest levels (e-identity on a secure token, eg. on a smart card) provided by different identity providers. The required trust assurance level is always determined by the service provider that uses the SI-CAS for authentication purposes.
The only user data stored in SI-CAS are his e-mail address and appropriately protected (encrypted or protected by the hash function) basic identifiers. Instead, only the information of the registered identity providers and available attributes providers are stored in the system.
If the service provider decides to use the SI-CAS it doesn’t have to integrate with each identity provider and attribute provider separately but only with SI-CAS. In the process of authentication SI-CAS acts as a trusted intermediary. On the service provider’s request it verifies the user's identity at the relevant identity provider and, where necessary, obtains further identification attributes from identity provider or attribute providers. For this purpose SI-CAS has established direct trust with service providers, identity providers and attribute providers. Trust is established both on the technological and on a formal level.