Assurance Requirements for Mutual User and Service Provider Authentication

Several nations and organisations have published frameworks for assurance of user authentication in the context of eGovermnent. This reflects the importance that governments see in guaranteeing that only authorized users can access eGovernment services. However, in order to ensure trusted online interaction it is equally important to obtain assurance of authentication of service providers. Unilateral authentication is obviously insufficient for securing twoway interaction, so both user authentication assurance and service provider authentication assurance must be considered. Unfortunately there are currently no satisfactory frameworks for service provider authentication in the eGovernment context. This paper first describes and compares some of the current eAuthentication frameworks for user authentication. Then it proposes an eAuthentication framework for service provider authentication, and discusses how the two types of frameworks can be integrated and aligned.