On Enabling Additional Natural Person and Domain-Specific Attributes in the eIDAS Network

Within digital virtual space, secure and efficient user authentication and identification are essential to prevent identity theft and unauthorized access to sensitive information and services. The eIDAS network implementing the European Union (EU) Regulation 910/2014 links the electronic identity (e...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:IEEE access 2021, Vol.9, p.134096-134121
Hauptverfasser: Berbecaru, Diana Gratiela, Lioy, Antonio, Cameroni, Cesare
Format: Artikel
Sprache:eng
Schlagworte:
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 134121
container_issue
container_start_page 134096
container_title IEEE access
container_volume 9
creator Berbecaru, Diana Gratiela
Lioy, Antonio
Cameroni, Cesare
description Within digital virtual space, secure and efficient user authentication and identification are essential to prevent identity theft and unauthorized access to sensitive information and services. The eIDAS network implementing the European Union (EU) Regulation 910/2014 links the electronic identity (eID) systems of EU countries to allow citizens' access by authenticating with government eIDs. At authentication time, the eIDAS nodes transfer core personal attributes (i.e., name, surname, date of birth, and an identifier) to the service providers (SPs). Since long-term applications require more personal or domain-specific data to provide the service or to perform identity matching, the SPs must obtain such data in an alternative way, with additional costs and risks. Herein, we extend the eIDAS network to retrieve and transfer additional person and domain-specific attributes besides the core ones. This process introduces technical, usability, and privacy issues that we analyze. We exploit a logical AP Connector between the eIDAS node and the entities providing additional attributes. We implemented two AP Connectors, named AP-Proxy and AP-OAuth2, integrated with the Italian pre-production eIDAS node to get additional attributes from the Politecnico di Torino university backend. In an experimental campaign, 30 students have accessed academic services at three foreign universities with recognized Italian eIDs, and transferred additional attributes over the eIDAS network. Despite some usability and privacy concerns encountered, the user experience was positive. We believe our work is helpful in the implementation of the recently adopted European Digital Identity framework, which proposes to extend the person identification data set recognized cross border, and the creation of digital wallets linking different data sets or credentials.
doi_str_mv 10.1109/ACCESS.2021.3115853
format Article
fullrecord <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_crossref_primary_10_1109_ACCESS_2021_3115853</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>9548914</ieee_id><doaj_id>oai_doaj_org_article_4c45c9b31d7845938603e632f8d782c9</doaj_id><sourcerecordid>2579441067</sourcerecordid><originalsourceid>FETCH-LOGICAL-c408t-9cc2ee31feeb0aea39571cb327f69c543145c6158bdde09c9e245c3b37f7cc703</originalsourceid><addsrcrecordid>eNpNUU1rGzEQXUoLDYl_gS-CnNeVNNLu6rg4bmMITsDtoSeh1c46cp2VK8mU_vvIWRMylxke8958vKKYM7pgjKpv7XK52m4XnHK2AMZkI-FTccVZpUqQUH3-UH8tZjHuaY4mQ7K-Kn4_jmQ1mu7gxh1p-94l50dzIBuTTiHnJwzRj8SMPbnzL8aN5faI1g3Okjal4LpTwkjcSNIzElzftVuywfTPhz83xZfBHCLOLvm6-PV99XN5Xz48_lgv24fSCtqkUlnLEYENiB01aCCvxWwHvB4qZaUAJqSt8lVd3yNVViHPAHRQD7W1NYXrYj3p9t7s9TG4FxP-a2-cfgN82GkTkrMH1MJmquqA9XUjpIKmooAV8KHJALcqa91OWsfg_54wJr33p5D_ETWXtRKC0arOXTB12eBjDDi8T2VUny3RkyX6bIm-WJJZ84nlEPGdoaRoFBPwCpoyhf8</addsrcrecordid><sourcetype>Open Website</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2579441067</pqid></control><display><type>article</type><title>On Enabling Additional Natural Person and Domain-Specific Attributes in the eIDAS Network</title><source>IEEE Open Access Journals</source><source>DOAJ Directory of Open Access Journals</source><source>Elektronische Zeitschriftenbibliothek - Frei zugängliche E-Journals</source><creator>Berbecaru, Diana Gratiela ; Lioy, Antonio ; Cameroni, Cesare</creator><creatorcontrib>Berbecaru, Diana Gratiela ; Lioy, Antonio ; Cameroni, Cesare</creatorcontrib><description>Within digital virtual space, secure and efficient user authentication and identification are essential to prevent identity theft and unauthorized access to sensitive information and services. The eIDAS network implementing the European Union (EU) Regulation 910/2014 links the electronic identity (eID) systems of EU countries to allow citizens' access by authenticating with government eIDs. At authentication time, the eIDAS nodes transfer core personal attributes (i.e., name, surname, date of birth, and an identifier) to the service providers (SPs). Since long-term applications require more personal or domain-specific data to provide the service or to perform identity matching, the SPs must obtain such data in an alternative way, with additional costs and risks. Herein, we extend the eIDAS network to retrieve and transfer additional person and domain-specific attributes besides the core ones. This process introduces technical, usability, and privacy issues that we analyze. We exploit a logical AP Connector between the eIDAS node and the entities providing additional attributes. We implemented two AP Connectors, named AP-Proxy and AP-OAuth2, integrated with the Italian pre-production eIDAS node to get additional attributes from the Politecnico di Torino university backend. In an experimental campaign, 30 students have accessed academic services at three foreign universities with recognized Italian eIDs, and transferred additional attributes over the eIDAS network. Despite some usability and privacy concerns encountered, the user experience was positive. We believe our work is helpful in the implementation of the recently adopted European Digital Identity framework, which proposes to extend the person identification data set recognized cross border, and the creation of digital wallets linking different data sets or credentials.</description><identifier>ISSN: 2169-3536</identifier><identifier>EISSN: 2169-3536</identifier><identifier>DOI: 10.1109/ACCESS.2021.3115853</identifier><identifier>CODEN: IAECCG</identifier><language>eng</language><publisher>Piscataway: IEEE</publisher><subject>attribute retrieval ; Authentication ; Connectors ; Datasets ; digital identity management ; eIDAS Regulation ; Electronic commerce ; Electronic identity ; Europe ; Microprocessors ; Peer-to-peer computing ; Privacy ; Protocols ; Regulation ; Theft ; Usability ; User experience ; Virtual reality</subject><ispartof>IEEE access, 2021, Vol.9, p.134096-134121</ispartof><rights>Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2021</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c408t-9cc2ee31feeb0aea39571cb327f69c543145c6158bdde09c9e245c3b37f7cc703</citedby><orcidid>0000-0003-1930-9473 ; 0000-0002-3901-4712 ; 0000-0002-5669-9338</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/9548914$$EHTML$$P50$$Gieee$$Hfree_for_read</linktohtml><link.rule.ids>314,780,784,864,2102,4024,27633,27923,27924,27925,54933</link.rule.ids></links><search><creatorcontrib>Berbecaru, Diana Gratiela</creatorcontrib><creatorcontrib>Lioy, Antonio</creatorcontrib><creatorcontrib>Cameroni, Cesare</creatorcontrib><title>On Enabling Additional Natural Person and Domain-Specific Attributes in the eIDAS Network</title><title>IEEE access</title><addtitle>Access</addtitle><description>Within digital virtual space, secure and efficient user authentication and identification are essential to prevent identity theft and unauthorized access to sensitive information and services. The eIDAS network implementing the European Union (EU) Regulation 910/2014 links the electronic identity (eID) systems of EU countries to allow citizens' access by authenticating with government eIDs. At authentication time, the eIDAS nodes transfer core personal attributes (i.e., name, surname, date of birth, and an identifier) to the service providers (SPs). Since long-term applications require more personal or domain-specific data to provide the service or to perform identity matching, the SPs must obtain such data in an alternative way, with additional costs and risks. Herein, we extend the eIDAS network to retrieve and transfer additional person and domain-specific attributes besides the core ones. This process introduces technical, usability, and privacy issues that we analyze. We exploit a logical AP Connector between the eIDAS node and the entities providing additional attributes. We implemented two AP Connectors, named AP-Proxy and AP-OAuth2, integrated with the Italian pre-production eIDAS node to get additional attributes from the Politecnico di Torino university backend. In an experimental campaign, 30 students have accessed academic services at three foreign universities with recognized Italian eIDs, and transferred additional attributes over the eIDAS network. Despite some usability and privacy concerns encountered, the user experience was positive. We believe our work is helpful in the implementation of the recently adopted European Digital Identity framework, which proposes to extend the person identification data set recognized cross border, and the creation of digital wallets linking different data sets or credentials.</description><subject>attribute retrieval</subject><subject>Authentication</subject><subject>Connectors</subject><subject>Datasets</subject><subject>digital identity management</subject><subject>eIDAS Regulation</subject><subject>Electronic commerce</subject><subject>Electronic identity</subject><subject>Europe</subject><subject>Microprocessors</subject><subject>Peer-to-peer computing</subject><subject>Privacy</subject><subject>Protocols</subject><subject>Regulation</subject><subject>Theft</subject><subject>Usability</subject><subject>User experience</subject><subject>Virtual reality</subject><issn>2169-3536</issn><issn>2169-3536</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2021</creationdate><recordtype>article</recordtype><sourceid>ESBDL</sourceid><sourceid>RIE</sourceid><sourceid>DOA</sourceid><recordid>eNpNUU1rGzEQXUoLDYl_gS-CnNeVNNLu6rg4bmMITsDtoSeh1c46cp2VK8mU_vvIWRMylxke8958vKKYM7pgjKpv7XK52m4XnHK2AMZkI-FTccVZpUqQUH3-UH8tZjHuaY4mQ7K-Kn4_jmQ1mu7gxh1p-94l50dzIBuTTiHnJwzRj8SMPbnzL8aN5faI1g3Okjal4LpTwkjcSNIzElzftVuywfTPhz83xZfBHCLOLvm6-PV99XN5Xz48_lgv24fSCtqkUlnLEYENiB01aCCvxWwHvB4qZaUAJqSt8lVd3yNVViHPAHRQD7W1NYXrYj3p9t7s9TG4FxP-a2-cfgN82GkTkrMH1MJmquqA9XUjpIKmooAV8KHJALcqa91OWsfg_54wJr33p5D_ETWXtRKC0arOXTB12eBjDDi8T2VUny3RkyX6bIm-WJJZ84nlEPGdoaRoFBPwCpoyhf8</recordid><startdate>2021</startdate><enddate>2021</enddate><creator>Berbecaru, Diana Gratiela</creator><creator>Lioy, Antonio</creator><creator>Cameroni, Cesare</creator><general>IEEE</general><general>The Institute of Electrical and Electronics Engineers, Inc. (IEEE)</general><scope>97E</scope><scope>ESBDL</scope><scope>RIA</scope><scope>RIE</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>7SP</scope><scope>7SR</scope><scope>8BQ</scope><scope>8FD</scope><scope>JG9</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><scope>DOA</scope><orcidid>https://orcid.org/0000-0003-1930-9473</orcidid><orcidid>https://orcid.org/0000-0002-3901-4712</orcidid><orcidid>https://orcid.org/0000-0002-5669-9338</orcidid></search><sort><creationdate>2021</creationdate><title>On Enabling Additional Natural Person and Domain-Specific Attributes in the eIDAS Network</title><author>Berbecaru, Diana Gratiela ; Lioy, Antonio ; Cameroni, Cesare</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c408t-9cc2ee31feeb0aea39571cb327f69c543145c6158bdde09c9e245c3b37f7cc703</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2021</creationdate><topic>attribute retrieval</topic><topic>Authentication</topic><topic>Connectors</topic><topic>Datasets</topic><topic>digital identity management</topic><topic>eIDAS Regulation</topic><topic>Electronic commerce</topic><topic>Electronic identity</topic><topic>Europe</topic><topic>Microprocessors</topic><topic>Peer-to-peer computing</topic><topic>Privacy</topic><topic>Protocols</topic><topic>Regulation</topic><topic>Theft</topic><topic>Usability</topic><topic>User experience</topic><topic>Virtual reality</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Berbecaru, Diana Gratiela</creatorcontrib><creatorcontrib>Lioy, Antonio</creatorcontrib><creatorcontrib>Cameroni, Cesare</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 2005-present</collection><collection>IEEE Open Access Journals</collection><collection>IEEE All-Society Periodicals Package (ASPP) 1998-Present</collection><collection>IEEE Electronic Library (IEL)</collection><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Electronics &amp; Communications Abstracts</collection><collection>Engineered Materials Abstracts</collection><collection>METADEX</collection><collection>Technology Research Database</collection><collection>Materials Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts – Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><collection>DOAJ Directory of Open Access Journals</collection><jtitle>IEEE access</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Berbecaru, Diana Gratiela</au><au>Lioy, Antonio</au><au>Cameroni, Cesare</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>On Enabling Additional Natural Person and Domain-Specific Attributes in the eIDAS Network</atitle><jtitle>IEEE access</jtitle><stitle>Access</stitle><date>2021</date><risdate>2021</risdate><volume>9</volume><spage>134096</spage><epage>134121</epage><pages>134096-134121</pages><issn>2169-3536</issn><eissn>2169-3536</eissn><coden>IAECCG</coden><abstract>Within digital virtual space, secure and efficient user authentication and identification are essential to prevent identity theft and unauthorized access to sensitive information and services. The eIDAS network implementing the European Union (EU) Regulation 910/2014 links the electronic identity (eID) systems of EU countries to allow citizens' access by authenticating with government eIDs. At authentication time, the eIDAS nodes transfer core personal attributes (i.e., name, surname, date of birth, and an identifier) to the service providers (SPs). Since long-term applications require more personal or domain-specific data to provide the service or to perform identity matching, the SPs must obtain such data in an alternative way, with additional costs and risks. Herein, we extend the eIDAS network to retrieve and transfer additional person and domain-specific attributes besides the core ones. This process introduces technical, usability, and privacy issues that we analyze. We exploit a logical AP Connector between the eIDAS node and the entities providing additional attributes. We implemented two AP Connectors, named AP-Proxy and AP-OAuth2, integrated with the Italian pre-production eIDAS node to get additional attributes from the Politecnico di Torino university backend. In an experimental campaign, 30 students have accessed academic services at three foreign universities with recognized Italian eIDs, and transferred additional attributes over the eIDAS network. Despite some usability and privacy concerns encountered, the user experience was positive. We believe our work is helpful in the implementation of the recently adopted European Digital Identity framework, which proposes to extend the person identification data set recognized cross border, and the creation of digital wallets linking different data sets or credentials.</abstract><cop>Piscataway</cop><pub>IEEE</pub><doi>10.1109/ACCESS.2021.3115853</doi><tpages>26</tpages><orcidid>https://orcid.org/0000-0003-1930-9473</orcidid><orcidid>https://orcid.org/0000-0002-3901-4712</orcidid><orcidid>https://orcid.org/0000-0002-5669-9338</orcidid><oa>free_for_read</oa></addata></record>
fulltext fulltext
identifier ISSN: 2169-3536
ispartof IEEE access, 2021, Vol.9, p.134096-134121
issn 2169-3536
2169-3536
language eng
recordid cdi_crossref_primary_10_1109_ACCESS_2021_3115853
source IEEE Open Access Journals; DOAJ Directory of Open Access Journals; Elektronische Zeitschriftenbibliothek - Frei zugängliche E-Journals
subjects attribute retrieval
Authentication
Connectors
Datasets
digital identity management
eIDAS Regulation
Electronic commerce
Electronic identity
Europe
Microprocessors
Peer-to-peer computing
Privacy
Protocols
Regulation
Theft
Usability
User experience
Virtual reality
title On Enabling Additional Natural Person and Domain-Specific Attributes in the eIDAS Network
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-23T04%3A49%3A24IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=On%20Enabling%20Additional%20Natural%20Person%20and%20Domain-Specific%20Attributes%20in%20the%20eIDAS%20Network&rft.jtitle=IEEE%20access&rft.au=Berbecaru,%20Diana%20Gratiela&rft.date=2021&rft.volume=9&rft.spage=134096&rft.epage=134121&rft.pages=134096-134121&rft.issn=2169-3536&rft.eissn=2169-3536&rft.coden=IAECCG&rft_id=info:doi/10.1109/ACCESS.2021.3115853&rft_dat=%3Cproquest_cross%3E2579441067%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2579441067&rft_id=info:pmid/&rft_ieee_id=9548914&rft_doaj_id=oai_doaj_org_article_4c45c9b31d7845938603e632f8d782c9&rfr_iscdi=true