FB pixel

ENISA issues new EUDI Wallet recommendations in report on digital ID standards

ENISA issues new EUDI Wallet recommendations in report on digital ID standards
 

From ITU and ICAO to NIST and FIDO, organizations across the world have been working on a multitude of standards in the area of digital identity. A new report from the European Union Agency for Cybersecurity (ENISA) is attempting to help digital ID creators find their way through this alphabet soup while formulating recommendations for standard makers.

The Digital Identity Standards report, released in July, proposes new recommendations for standardization organizations, government agencies and policymakers. Special attention is paid to the European Digital Identity (EUDI) Wallet, a project that will give each European citizen and business unique and verifiable credentials which has recently kicked off pilots across the continent.

One of ENISA’s key recommendations for policymakers regarding the EUDI Wallet is finding a clear legal definition of the term “digital identity.” Another is to use the new Digital Markets Act to provide direct access from the mobile application to the security anchor provided by EU CC-certified secure elements available on smartphones.

The cybersecurity agency also wants European organizations to standardize the EUDI Wallet interfaces with QTSP, relying parties, devices, existing national eID documents and existing eIDAS node infrastructures. Another issue that requires standardization is the privacy evaluation methodology for EUDI and digital identities in general.

ENISA wants European standardization organizations to coordinate and divide responsibilities to avoid doing double work. The bloc should adopt standards such as ISO/IEC 18013-5 and the ISO/IEC DIS 23220 series as European norms, the report states.

Standardization organizations should also define a harmonized authentication protocol between the EUDI Wallet and the relying parties and prepare a generic code-of-conduct methodology to be applied to the (Q)TSP and the EUDI Wallet.

The final set of recommendations is aimed at ENISA itself as an agency dedicated to achieving a high common level of cybersecurity across Europe. This includes publishing overviews of endorsed digital ID standards and existing digital ID models, and assessing impacts on cybersecurity standards.

According to the recommendations, ENISA should also create ad hoc groups to address potential EUDI Wallet vulnerabilities and cooperate with other standardization organizations in  assisting EU institutions, bodies and agencies, EU Member States and private organizations.

Aside from providing recommendations for the EUDI Wallet, the report gives an overview of the most important standards and standardization organizations, including European and international organizations, commercial forums and consortiums as well as national organizations. It also analyzes different digital identity standards covering several areas, from policy and governance to technical and operational specifications.

Among the areas that are covered are general standards used in trust services and identity management, including identity proofing, biometrics and presentation attack detection. In addition, the paper delves into specific groups of standards, such as the International Civil Aviation Organization’s (ICAO) electronic travel documents, mobile driving licenses (mDLs) and mobile eIDs, X.509 public key certificates, Security Assertion Markup Language (SAML), OpenID Connect, FIDO2, and Self-Sovereign Identity (SSI). A matrix matches the various standards to their areas of application within eIDAS 2.0.

Related Posts

Article Topics

 |   |   |   |   |   |   |   | 

Latest Biometrics News

 

PNG launches birth registration legislation in landmark for national ID project

Papua New Guinea is taking a concrete step in making sure every citizen is officially recognized and able to access…

 

Yoti improves liveness detection pass rates

Digital identity and age estimation company Yoti has released new figures on its liveness detection technology, showing success rate improvements…

 

Inclusive digital ID poised for leap forward with QR codes, similar credentials

QR codes have been around for decades, but they and other similar technologies have only recently emerged as digital identity…

 

Age assurance debate simmers across EU with calls for stronger measures

Age checks remain in the headlines with new proposals from EU digital ministers to go further with legislation limiting social…

 

Yoti welcomes age assurance direction in UK Strategic Priorities

Yoti has weighed in on the UK government’s publication of its final draft Strategic Priorities for online safety. Prepared by…

 

AuthenticID and Darwinium execs pinpoint AI fraud weaknesses

AI always leaves a trace. Executives from AuthenticID and Darwinium agreed on this point, which offers a silver lining among…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Biometric Market Analysis

Most Viewed This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events