FB pixel

ENISA issues new EUDI Wallet recommendations in report on digital ID standards

ENISA issues new EUDI Wallet recommendations in report on digital ID standards
 

From ITU and ICAO to NIST and FIDO, organizations across the world have been working on a multitude of standards in the area of digital identity. A new report from the European Union Agency for Cybersecurity (ENISA) is attempting to help digital ID creators find their way through this alphabet soup while formulating recommendations for standard makers.

The Digital Identity Standards report, released in July, proposes new recommendations for standardization organizations, government agencies and policymakers. Special attention is paid to the European Digital Identity (EUDI) Wallet, a project that will give each European citizen and business unique and verifiable credentials which has recently kicked off pilots across the continent.

One of ENISA’s key recommendations for policymakers regarding the EUDI Wallet is finding a clear legal definition of the term “digital identity.” Another is to use the new Digital Markets Act to provide direct access from the mobile application to the security anchor provided by EU CC-certified secure elements available on smartphones.

The cybersecurity agency also wants European organizations to standardize the EUDI Wallet interfaces with QTSP, relying parties, devices, existing national eID documents and existing eIDAS node infrastructures. Another issue that requires standardization is the privacy evaluation methodology for EUDI and digital identities in general.

ENISA wants European standardization organizations to coordinate and divide responsibilities to avoid doing double work. The bloc should adopt standards such as ISO/IEC 18013-5 and the ISO/IEC DIS 23220 series as European norms, the report states.

Standardization organizations should also define a harmonized authentication protocol between the EUDI Wallet and the relying parties and prepare a generic code-of-conduct methodology to be applied to the (Q)TSP and the EUDI Wallet.

The final set of recommendations is aimed at ENISA itself as an agency dedicated to achieving a high common level of cybersecurity across Europe. This includes publishing overviews of endorsed digital ID standards and existing digital ID models, and assessing impacts on cybersecurity standards.

According to the recommendations, ENISA should also create ad hoc groups to address potential EUDI Wallet vulnerabilities and cooperate with other standardization organizations in  assisting EU institutions, bodies and agencies, EU Member States and private organizations.

Aside from providing recommendations for the EUDI Wallet, the report gives an overview of the most important standards and standardization organizations, including European and international organizations, commercial forums and consortiums as well as national organizations. It also analyzes different digital identity standards covering several areas, from policy and governance to technical and operational specifications.

Among the areas that are covered are general standards used in trust services and identity management, including identity proofing, biometrics and presentation attack detection. In addition, the paper delves into specific groups of standards, such as the International Civil Aviation Organization’s (ICAO) electronic travel documents, mobile driving licenses (mDLs) and mobile eIDs, X.509 public key certificates, Security Assertion Markup Language (SAML), OpenID Connect, FIDO2, and Self-Sovereign Identity (SSI). A matrix matches the various standards to their areas of application within eIDAS 2.0.

Related Posts

Article Topics

 |   |   |   |   |   |   | 

Latest Biometrics News

 

Cameroon live facial recognition project still trying to identify a banker

The President of Cameroon, Paul Biya, last week directed his government to source for money from a Chinese bank for…

 

Socure consortium hits milestones in tackling First-Party Fraud problem

Heeding the call for more collaboration and joint defense across industries facing a massive increase in identity fraud, Socure has…

 

Swiss e-ID has an official name, technical implementation plan

Switzerland’s government has outlined plans for the technical implementation of its upcoming national electronic identity, including a trust infrastructure that…

 

Identity verification scale and maturity to push average cost down

The costs that relying parties pay for digital identity verification, from collecting and analyzing selfie biometrics to ID document authenticity…

 

How the ID industry can become more sustainable – and help to raise awareness for greener travel

By Tobias Nuessle, COO of Veridos The travel and tourism industry is a significant contributor to global CO2 emissions. Various…

 

Biometrics upgrades arriving at borders (but check the schedule for updates)

New biometric technology is coming to borders in Europe and the UK, but as reflected in several of Biometric Update’s…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Viewed This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events