FB pixel

ENISA issues new EUDI Wallet recommendations in report on digital ID standards

ENISA issues new EUDI Wallet recommendations in report on digital ID standards
 

From ITU and ICAO to NIST and FIDO, organizations across the world have been working on a multitude of standards in the area of digital identity. A new report from the European Union Agency for Cybersecurity (ENISA) is attempting to help digital ID creators find their way through this alphabet soup while formulating recommendations for standard makers.

The Digital Identity Standards report, released in July, proposes new recommendations for standardization organizations, government agencies and policymakers. Special attention is paid to the European Digital Identity (EUDI) Wallet, a project that will give each European citizen and business unique and verifiable credentials which has recently kicked off pilots across the continent.

One of ENISA’s key recommendations for policymakers regarding the EUDI Wallet is finding a clear legal definition of the term “digital identity.” Another is to use the new Digital Markets Act to provide direct access from the mobile application to the security anchor provided by EU CC-certified secure elements available on smartphones.

The cybersecurity agency also wants European organizations to standardize the EUDI Wallet interfaces with QTSP, relying parties, devices, existing national eID documents and existing eIDAS node infrastructures. Another issue that requires standardization is the privacy evaluation methodology for EUDI and digital identities in general.

ENISA wants European standardization organizations to coordinate and divide responsibilities to avoid doing double work. The bloc should adopt standards such as ISO/IEC 18013-5 and the ISO/IEC DIS 23220 series as European norms, the report states.

Standardization organizations should also define a harmonized authentication protocol between the EUDI Wallet and the relying parties and prepare a generic code-of-conduct methodology to be applied to the (Q)TSP and the EUDI Wallet.

The final set of recommendations is aimed at ENISA itself as an agency dedicated to achieving a high common level of cybersecurity across Europe. This includes publishing overviews of endorsed digital ID standards and existing digital ID models, and assessing impacts on cybersecurity standards.

According to the recommendations, ENISA should also create ad hoc groups to address potential EUDI Wallet vulnerabilities and cooperate with other standardization organizations in  assisting EU institutions, bodies and agencies, EU Member States and private organizations.

Aside from providing recommendations for the EUDI Wallet, the report gives an overview of the most important standards and standardization organizations, including European and international organizations, commercial forums and consortiums as well as national organizations. It also analyzes different digital identity standards covering several areas, from policy and governance to technical and operational specifications.

Among the areas that are covered are general standards used in trust services and identity management, including identity proofing, biometrics and presentation attack detection. In addition, the paper delves into specific groups of standards, such as the International Civil Aviation Organization’s (ICAO) electronic travel documents, mobile driving licenses (mDLs) and mobile eIDs, X.509 public key certificates, Security Assertion Markup Language (SAML), OpenID Connect, FIDO2, and Self-Sovereign Identity (SSI). A matrix matches the various standards to their areas of application within eIDAS 2.0.

Article Topics

 |   |   |   |   |   | 

Latest Biometrics News

 

Biometrics developers dance with data privacy regulations continues

Biometrics controversy and investments are often found side by side, as seen in many of this week’s top stories on…

 

EU AI Act should revise its risk-based approach: Report

Another voice has joined the chorus criticizing the European Union’s Artificial Intelligence Act, this time arguing that important provisions of…

 

Swiss e-ID resists rushing trust infrastructure

Switzerland is debating on how to proceed with the technical implementation of its national digital identity as the 2026 deadline…

 

Former Jumio exec joins digital ID web 3.0 project

Move over Worldcoin, there’s a new kid on the block vying for the attention of the digital identity industry and…

 

DHS audit urges upgrade of biometric vetting for noncitizens and asylum seekers

A recent audit by the DHS Office of Inspector General (OIG) has called for the Department of Homeland Security (DHS)…

 

Researchers spotlight Russia’s opaque facial recognition surveillance system

In recent years, Russia has been attracting attention for its use of facial recognition surveillance to track down protestors, opposition…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events