An Identity-matching Process to Strengthen Trust in Federated-identity Architectures

Paul Marillonnet, Mikaël Ates, Maryline Laurent, Nesrine Kaaniche


To smoothly counteract privilege escalation in federated-identity architectures, the cross-checking of asserted Personally Identifiable Information (PII) among different sources is highly recommended and advisable. Identity matching is thus a key component for supporting the automated PII cross-checking process. This paper proposes an efficient identity-matching solution, adapted to a chosen User-Relationship Management (URM) platform, relying on a French Territorial Collectivities and Public Administrations (TCPA) use case. The originality of the paper is threefold. (1) It presents an original solution to identity-matching issues raised by a concrete use case from the Territorial Collectivities and the Public Administration (TCPA), formalizing concepts such as information completeness, PII normalization and Levenshtein-distance matrix generation. (2) Implementation guidelines are given to deploy the solution on an operational Publik platform. (3) A precise security analysis is provided, relying on an original attacker model.


Paper Citation