The eIDAS Regulation: A Survey of Technological Trends for European Electronic Identity Schemes
The eIDAS regulation aims to provide an interoperable European framework to enable EU citizens to authenticate and communicate with services of other Member States by using their national electronic identity. While a number of high-level requirements (e.g., related to privacy and security) are estab...
| Main Authors: | , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2022-12-01
|
| Series: | Applied Sciences |
| Subjects: | |
| Online Access: | https://www.mdpi.com/2076-3417/12/24/12679 |
| _version_ | 1827641975472390144 |
|---|---|
| author | Amir Sharif Matteo Ranzi Roberto Carbone Giada Sciarretta Francesco Antonio Marino Silvio Ranise |
| author_facet | Amir Sharif Matteo Ranzi Roberto Carbone Giada Sciarretta Francesco Antonio Marino Silvio Ranise |
| author_sort | Amir Sharif |
| collection | DOAJ |
| description | The eIDAS regulation aims to provide an interoperable European framework to enable EU citizens to authenticate and communicate with services of other Member States by using their national electronic identity. While a number of high-level requirements (e.g., related to privacy and security) are established to make interoperability among Member States possible, the eIDAS regulation does not explicitly specify the technologies that can be adopted during the development phase to meet the requirements as mentioned earlier. To the best of our knowledge, there is no work available in the literature investigating the technological trends within the notified eIDAS electronic identity schemes used by Member States. To fill this gap, this paper analyzes how the different technological trends of notified schemes satisfy the requirements of the eIDAS regulation. To do this, we define a set of research questions that allow us to investigate the correlations between different design dimensions such as security, privacy, and usability. Based on these findings, we provide a set of lessons learned that would be valuable to the security community, as they can provide useful insights on how to more efficiently protect interoperable national digital identities. Furthermore, we provide a brief overview regarding the new eIDAS regulation (eIDAS 2.0) that aims to provide a more privacy-preserving electronic identity solution by moving from a centralized approach to a decentralized one. |
| first_indexed | 2024-03-09T17:22:10Z |
| format | Article |
| id | doaj.art-7e7e0784f9a947099a6498e1bf0d8303 |
| institution | Directory Open Access Journal |
| issn | 2076-3417 |
| language | English |
| last_indexed | 2024-03-09T17:22:10Z |
| publishDate | 2022-12-01 |
| publisher | MDPI AG |
| record_format | Article |
| series | Applied Sciences |
| spelling | doaj.art-7e7e0784f9a947099a6498e1bf0d83032023-11-24T13:02:52ZengMDPI AGApplied Sciences2076-34172022-12-0112241267910.3390/app122412679The eIDAS Regulation: A Survey of Technological Trends for European Electronic Identity SchemesAmir Sharif0Matteo Ranzi1Roberto Carbone2Giada Sciarretta3Francesco Antonio Marino4Silvio Ranise5Center for Cybersecurity, FBK, 38123 Trento, ItalyDepartment of Information Engineering & Computer Science, University of Trento, 38123 Trento, ItalyCenter for Cybersecurity, FBK, 38123 Trento, ItalyCenter for Cybersecurity, FBK, 38123 Trento, ItalyPolygraphic Institute & State Mint, 00138 Rome, ItalyCenter for Cybersecurity, FBK, 38123 Trento, ItalyThe eIDAS regulation aims to provide an interoperable European framework to enable EU citizens to authenticate and communicate with services of other Member States by using their national electronic identity. While a number of high-level requirements (e.g., related to privacy and security) are established to make interoperability among Member States possible, the eIDAS regulation does not explicitly specify the technologies that can be adopted during the development phase to meet the requirements as mentioned earlier. To the best of our knowledge, there is no work available in the literature investigating the technological trends within the notified eIDAS electronic identity schemes used by Member States. To fill this gap, this paper analyzes how the different technological trends of notified schemes satisfy the requirements of the eIDAS regulation. To do this, we define a set of research questions that allow us to investigate the correlations between different design dimensions such as security, privacy, and usability. Based on these findings, we provide a set of lessons learned that would be valuable to the security community, as they can provide useful insights on how to more efficiently protect interoperable national digital identities. Furthermore, we provide a brief overview regarding the new eIDAS regulation (eIDAS 2.0) that aims to provide a more privacy-preserving electronic identity solution by moving from a centralized approach to a decentralized one.https://www.mdpi.com/2076-3417/12/24/12679OAuth 2.0SAMLOpenID Connectdigital identityeIDAS |
| spellingShingle | Amir Sharif Matteo Ranzi Roberto Carbone Giada Sciarretta Francesco Antonio Marino Silvio Ranise The eIDAS Regulation: A Survey of Technological Trends for European Electronic Identity Schemes Applied Sciences OAuth 2.0 SAML OpenID Connect digital identity eIDAS |
| title | The eIDAS Regulation: A Survey of Technological Trends for European Electronic Identity Schemes |
| title_full | The eIDAS Regulation: A Survey of Technological Trends for European Electronic Identity Schemes |
| title_fullStr | The eIDAS Regulation: A Survey of Technological Trends for European Electronic Identity Schemes |
| title_full_unstemmed | The eIDAS Regulation: A Survey of Technological Trends for European Electronic Identity Schemes |
| title_short | The eIDAS Regulation: A Survey of Technological Trends for European Electronic Identity Schemes |
| title_sort | eidas regulation a survey of technological trends for european electronic identity schemes |
| topic | OAuth 2.0 SAML OpenID Connect digital identity eIDAS |
| url | https://www.mdpi.com/2076-3417/12/24/12679 |
| work_keys_str_mv | AT amirsharif theeidasregulationasurveyoftechnologicaltrendsforeuropeanelectronicidentityschemes AT matteoranzi theeidasregulationasurveyoftechnologicaltrendsforeuropeanelectronicidentityschemes AT robertocarbone theeidasregulationasurveyoftechnologicaltrendsforeuropeanelectronicidentityschemes AT giadasciarretta theeidasregulationasurveyoftechnologicaltrendsforeuropeanelectronicidentityschemes AT francescoantoniomarino theeidasregulationasurveyoftechnologicaltrendsforeuropeanelectronicidentityschemes AT silvioranise theeidasregulationasurveyoftechnologicaltrendsforeuropeanelectronicidentityschemes AT amirsharif eidasregulationasurveyoftechnologicaltrendsforeuropeanelectronicidentityschemes AT matteoranzi eidasregulationasurveyoftechnologicaltrendsforeuropeanelectronicidentityschemes AT robertocarbone eidasregulationasurveyoftechnologicaltrendsforeuropeanelectronicidentityschemes AT giadasciarretta eidasregulationasurveyoftechnologicaltrendsforeuropeanelectronicidentityschemes AT francescoantoniomarino eidasregulationasurveyoftechnologicaltrendsforeuropeanelectronicidentityschemes AT silvioranise eidasregulationasurveyoftechnologicaltrendsforeuropeanelectronicidentityschemes |