FIDO Alliance paper positions protocol for EU Digital Identity Wallet authentications

The EU Digital Identity Wallet represents a significant growth opportunity for FIDO authentication, according to a new white paper from the FIDO Alliance.

The 45-page white paper on ‘Using FIDO for the EUDI Wallet’ was written by IDnow Senior Architect Sebastian Elfors from the proceedings of the FIDO subgroup on the EUDI Wallet to help government agencies weigh the use of FIDO for the EUDI Wallet under the eIDAS2 regulation.

FIDO is an approved authentication standard for digital ID schemes at the ‘High’ or ‘Substantial’ Level of Assurance under eIDAS in the Czech Republic and Norway, proving its compliance with the system, according to the paper. This, the paper states, shows the protocol’s conformance to the regulation.

The updated digital identity regulation and ongoing development of the EUDI Wallet is intended to enable authentication for many more online transactions.

The technically-detailed paper describes how eIDAS has evolved and the place the EUDI Wallet has in it, and then the architecture of the wallet. The EUDI pilots are then reviewed, before a pair of sections on how and why to use FIDO for transactions with the EUDI Wallet.

Two types of configurations are specified in the Architecture Reference Framework. Type 1 configuration of the EUDI Wallet is intended for use cases in which PID attestations are used for cross-border identification to LoA High. Type 2 configuration is intended to support electronic attribute attestations outside of Type 1’s scope, potentially such as education credentials or health information.

Person Identification Data (PID) stored in the EUDI Wallet must be in the ISO mDL or W3C Verifiable Credential format, with OpenID for Verifiable Credentials Issuance as the enrollment protocol. This takes FIDO out of scope for Type 1 configurations.

In Type 2 configurations, FIDO is well-suited as an authentication standard for the EUDI Wallet, the paper argues. Potential use cases in this type of implementation could include authentication to payment service providers, cloud wallets, and OpenID Connect, for access to remote Qualified Signature Creation Devices, online mDL verification, and issuance from an identity verification provider.

Ultimately, eIDAS2 represents an opportunity for expanded use cases for FIDO authentication, according to the white paper.

Article Topics

biometric authentication  |  digital wallets  |  eIDAS  |  EU Digital Identity Wallet  |  FIDO Alliance  |  FIDO2  |  IDnow  |  OpenID Connect  |  standards