Analysis and comparison of identification and authentication systems under the eIDAS regulation

Throughout Europe governments are in the process of making themselves digitally available to their citizens. In 2014 the European Union passed Regulation 910/2014, also known as the eIDAS regulation, which set the goal for all digital governmental services to be interoperable and usable by citizens of other member states. In order to achieve this, the Union has requested the member states to create their systems individually, and created a framework that will link all these systems. This has resulted in some vastly different methods of creating such systems, which has created hurdles in the way of reaching interoperability, such as differing levels of security required for using the systems.

An example of such an aspect that the varying implementations differ in, which causes difficulties in the interoperability of the systems, is whether the system is federated or direct. Federated being that there is a usually centralised system which handles the identification and authentication, and direct meaning that there is no such party between the user and the organisation to which they are identifying. The reason for choosing a direct system is that there is no single actor that can know about all the authentication actions of a user. If one entity were to handle all authentications for everything from contact with a municipality to handling medical information, this entity could have control over an extremely privacy-sensitive data set, if no other measures against this are in place. For this reason some European countries, such as Germany, have chosen for a direct authentication model. On the other hand, a federated system is much simpler to use for service providers, as they do not need to worry about the authentication and all overhead that comes with it. Belgium is among states that have chosen for a federated model. Of course, even among countries that have made the same choice, federated or direct, there can still be vast differences in structure.

Quelle / Link: Analysis and comparison of identification and authentication systems under the eIDAS regulation (Online abrufbar)

Dieser Beitrag wurde unter Digitale Identitäten, Standards/Protokolle veröffentlicht. Setze ein Lesezeichen auf den Permalink.