On Enabling Additional Natural Person and Domain-Specific Attributes in the eIDAS Network
Within digital virtual space, secure and efficient user authentication and identification are essential to prevent identity theft and unauthorized access to sensitive information and services. The eIDAS network implementing the European Union (EU) Regulation 910/2014 links the electronic identity (e...
Gespeichert in:
Veröffentlicht in: | IEEE access 2021, Vol.9, p.134096-134121 |
---|---|
Hauptverfasser: | , , |
Format: | Artikel |
Sprache: | eng |
Schlagworte: | |
Online-Zugang: | Volltext |
Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
container_end_page | 134121 |
---|---|
container_issue | |
container_start_page | 134096 |
container_title | IEEE access |
container_volume | 9 |
creator | Berbecaru, Diana Gratiela Lioy, Antonio Cameroni, Cesare |
description | Within digital virtual space, secure and efficient user authentication and identification are essential to prevent identity theft and unauthorized access to sensitive information and services. The eIDAS network implementing the European Union (EU) Regulation 910/2014 links the electronic identity (eID) systems of EU countries to allow citizens' access by authenticating with government eIDs. At authentication time, the eIDAS nodes transfer core personal attributes (i.e., name, surname, date of birth, and an identifier) to the service providers (SPs). Since long-term applications require more personal or domain-specific data to provide the service or to perform identity matching, the SPs must obtain such data in an alternative way, with additional costs and risks. Herein, we extend the eIDAS network to retrieve and transfer additional person and domain-specific attributes besides the core ones. This process introduces technical, usability, and privacy issues that we analyze. We exploit a logical AP Connector between the eIDAS node and the entities providing additional attributes. We implemented two AP Connectors, named AP-Proxy and AP-OAuth2, integrated with the Italian pre-production eIDAS node to get additional attributes from the Politecnico di Torino university backend. In an experimental campaign, 30 students have accessed academic services at three foreign universities with recognized Italian eIDs, and transferred additional attributes over the eIDAS network. Despite some usability and privacy concerns encountered, the user experience was positive. We believe our work is helpful in the implementation of the recently adopted European Digital Identity framework, which proposes to extend the person identification data set recognized cross border, and the creation of digital wallets linking different data sets or credentials. |
doi_str_mv | 10.1109/ACCESS.2021.3115853 |
format | Article |
fullrecord | <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_crossref_primary_10_1109_ACCESS_2021_3115853</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>9548914</ieee_id><doaj_id>oai_doaj_org_article_4c45c9b31d7845938603e632f8d782c9</doaj_id><sourcerecordid>2579441067</sourcerecordid><originalsourceid>FETCH-LOGICAL-c408t-9cc2ee31feeb0aea39571cb327f69c543145c6158bdde09c9e245c3b37f7cc703</originalsourceid><addsrcrecordid>eNpNUU1rGzEQXUoLDYl_gS-CnNeVNNLu6rg4bmMITsDtoSeh1c46cp2VK8mU_vvIWRMylxke8958vKKYM7pgjKpv7XK52m4XnHK2AMZkI-FTccVZpUqQUH3-UH8tZjHuaY4mQ7K-Kn4_jmQ1mu7gxh1p-94l50dzIBuTTiHnJwzRj8SMPbnzL8aN5faI1g3Okjal4LpTwkjcSNIzElzftVuywfTPhz83xZfBHCLOLvm6-PV99XN5Xz48_lgv24fSCtqkUlnLEYENiB01aCCvxWwHvB4qZaUAJqSt8lVd3yNVViHPAHRQD7W1NYXrYj3p9t7s9TG4FxP-a2-cfgN82GkTkrMH1MJmquqA9XUjpIKmooAV8KHJALcqa91OWsfg_54wJr33p5D_ETWXtRKC0arOXTB12eBjDDi8T2VUny3RkyX6bIm-WJJZ84nlEPGdoaRoFBPwCpoyhf8</addsrcrecordid><sourcetype>Open Website</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2579441067</pqid></control><display><type>article</type><title>On Enabling Additional Natural Person and Domain-Specific Attributes in the eIDAS Network</title><source>IEEE Open Access Journals</source><source>DOAJ Directory of Open Access Journals</source><source>Elektronische Zeitschriftenbibliothek - Frei zugängliche E-Journals</source><creator>Berbecaru, Diana Gratiela ; Lioy, Antonio ; Cameroni, Cesare</creator><creatorcontrib>Berbecaru, Diana Gratiela ; Lioy, Antonio ; Cameroni, Cesare</creatorcontrib><description>Within digital virtual space, secure and efficient user authentication and identification are essential to prevent identity theft and unauthorized access to sensitive information and services. The eIDAS network implementing the European Union (EU) Regulation 910/2014 links the electronic identity (eID) systems of EU countries to allow citizens' access by authenticating with government eIDs. At authentication time, the eIDAS nodes transfer core personal attributes (i.e., name, surname, date of birth, and an identifier) to the service providers (SPs). Since long-term applications require more personal or domain-specific data to provide the service or to perform identity matching, the SPs must obtain such data in an alternative way, with additional costs and risks. Herein, we extend the eIDAS network to retrieve and transfer additional person and domain-specific attributes besides the core ones. This process introduces technical, usability, and privacy issues that we analyze. We exploit a logical AP Connector between the eIDAS node and the entities providing additional attributes. We implemented two AP Connectors, named AP-Proxy and AP-OAuth2, integrated with the Italian pre-production eIDAS node to get additional attributes from the Politecnico di Torino university backend. In an experimental campaign, 30 students have accessed academic services at three foreign universities with recognized Italian eIDs, and transferred additional attributes over the eIDAS network. Despite some usability and privacy concerns encountered, the user experience was positive. We believe our work is helpful in the implementation of the recently adopted European Digital Identity framework, which proposes to extend the person identification data set recognized cross border, and the creation of digital wallets linking different data sets or credentials.</description><identifier>ISSN: 2169-3536</identifier><identifier>EISSN: 2169-3536</identifier><identifier>DOI: 10.1109/ACCESS.2021.3115853</identifier><identifier>CODEN: IAECCG</identifier><language>eng</language><publisher>Piscataway: IEEE</publisher><subject>attribute retrieval ; Authentication ; Connectors ; Datasets ; digital identity management ; eIDAS Regulation ; Electronic commerce ; Electronic identity ; Europe ; Microprocessors ; Peer-to-peer computing ; Privacy ; Protocols ; Regulation ; Theft ; Usability ; User experience ; Virtual reality</subject><ispartof>IEEE access, 2021, Vol.9, p.134096-134121</ispartof><rights>Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2021</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c408t-9cc2ee31feeb0aea39571cb327f69c543145c6158bdde09c9e245c3b37f7cc703</citedby><orcidid>0000-0003-1930-9473 ; 0000-0002-3901-4712 ; 0000-0002-5669-9338</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/9548914$$EHTML$$P50$$Gieee$$Hfree_for_read</linktohtml><link.rule.ids>314,780,784,864,2102,4024,27633,27923,27924,27925,54933</link.rule.ids></links><search><creatorcontrib>Berbecaru, Diana Gratiela</creatorcontrib><creatorcontrib>Lioy, Antonio</creatorcontrib><creatorcontrib>Cameroni, Cesare</creatorcontrib><title>On Enabling Additional Natural Person and Domain-Specific Attributes in the eIDAS Network</title><title>IEEE access</title><addtitle>Access</addtitle><description>Within digital virtual space, secure and efficient user authentication and identification are essential to prevent identity theft and unauthorized access to sensitive information and services. The eIDAS network implementing the European Union (EU) Regulation 910/2014 links the electronic identity (eID) systems of EU countries to allow citizens' access by authenticating with government eIDs. At authentication time, the eIDAS nodes transfer core personal attributes (i.e., name, surname, date of birth, and an identifier) to the service providers (SPs). Since long-term applications require more personal or domain-specific data to provide the service or to perform identity matching, the SPs must obtain such data in an alternative way, with additional costs and risks. Herein, we extend the eIDAS network to retrieve and transfer additional person and domain-specific attributes besides the core ones. This process introduces technical, usability, and privacy issues that we analyze. We exploit a logical AP Connector between the eIDAS node and the entities providing additional attributes. We implemented two AP Connectors, named AP-Proxy and AP-OAuth2, integrated with the Italian pre-production eIDAS node to get additional attributes from the Politecnico di Torino university backend. In an experimental campaign, 30 students have accessed academic services at three foreign universities with recognized Italian eIDs, and transferred additional attributes over the eIDAS network. Despite some usability and privacy concerns encountered, the user experience was positive. We believe our work is helpful in the implementation of the recently adopted European Digital Identity framework, which proposes to extend the person identification data set recognized cross border, and the creation of digital wallets linking different data sets or credentials.</description><subject>attribute retrieval</subject><subject>Authentication</subject><subject>Connectors</subject><subject>Datasets</subject><subject>digital identity management</subject><subject>eIDAS Regulation</subject><subject>Electronic commerce</subject><subject>Electronic identity</subject><subject>Europe</subject><subject>Microprocessors</subject><subject>Peer-to-peer computing</subject><subject>Privacy</subject><subject>Protocols</subject><subject>Regulation</subject><subject>Theft</subject><subject>Usability</subject><subject>User experience</subject><subject>Virtual reality</subject><issn>2169-3536</issn><issn>2169-3536</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2021</creationdate><recordtype>article</recordtype><sourceid>ESBDL</sourceid><sourceid>RIE</sourceid><sourceid>DOA</sourceid><recordid>eNpNUU1rGzEQXUoLDYl_gS-CnNeVNNLu6rg4bmMITsDtoSeh1c46cp2VK8mU_vvIWRMylxke8958vKKYM7pgjKpv7XK52m4XnHK2AMZkI-FTccVZpUqQUH3-UH8tZjHuaY4mQ7K-Kn4_jmQ1mu7gxh1p-94l50dzIBuTTiHnJwzRj8SMPbnzL8aN5faI1g3Okjal4LpTwkjcSNIzElzftVuywfTPhz83xZfBHCLOLvm6-PV99XN5Xz48_lgv24fSCtqkUlnLEYENiB01aCCvxWwHvB4qZaUAJqSt8lVd3yNVViHPAHRQD7W1NYXrYj3p9t7s9TG4FxP-a2-cfgN82GkTkrMH1MJmquqA9XUjpIKmooAV8KHJALcqa91OWsfg_54wJr33p5D_ETWXtRKC0arOXTB12eBjDDi8T2VUny3RkyX6bIm-WJJZ84nlEPGdoaRoFBPwCpoyhf8</recordid><startdate>2021</startdate><enddate>2021</enddate><creator>Berbecaru, Diana Gratiela</creator><creator>Lioy, Antonio</creator><creator>Cameroni, Cesare</creator><general>IEEE</general><general>The Institute of Electrical and Electronics Engineers, Inc. (IEEE)</general><scope>97E</scope><scope>ESBDL</scope><scope>RIA</scope><scope>RIE</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>7SP</scope><scope>7SR</scope><scope>8BQ</scope><scope>8FD</scope><scope>JG9</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><scope>DOA</scope><orcidid>https://orcid.org/0000-0003-1930-9473</orcidid><orcidid>https://orcid.org/0000-0002-3901-4712</orcidid><orcidid>https://orcid.org/0000-0002-5669-9338</orcidid></search><sort><creationdate>2021</creationdate><title>On Enabling Additional Natural Person and Domain-Specific Attributes in the eIDAS Network</title><author>Berbecaru, Diana Gratiela ; Lioy, Antonio ; Cameroni, Cesare</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c408t-9cc2ee31feeb0aea39571cb327f69c543145c6158bdde09c9e245c3b37f7cc703</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2021</creationdate><topic>attribute retrieval</topic><topic>Authentication</topic><topic>Connectors</topic><topic>Datasets</topic><topic>digital identity management</topic><topic>eIDAS Regulation</topic><topic>Electronic commerce</topic><topic>Electronic identity</topic><topic>Europe</topic><topic>Microprocessors</topic><topic>Peer-to-peer computing</topic><topic>Privacy</topic><topic>Protocols</topic><topic>Regulation</topic><topic>Theft</topic><topic>Usability</topic><topic>User experience</topic><topic>Virtual reality</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Berbecaru, Diana Gratiela</creatorcontrib><creatorcontrib>Lioy, Antonio</creatorcontrib><creatorcontrib>Cameroni, Cesare</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 2005-present</collection><collection>IEEE Open Access Journals</collection><collection>IEEE All-Society Periodicals Package (ASPP) 1998-Present</collection><collection>IEEE Electronic Library (IEL)</collection><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Electronics & Communications Abstracts</collection><collection>Engineered Materials Abstracts</collection><collection>METADEX</collection><collection>Technology Research Database</collection><collection>Materials Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><collection>DOAJ Directory of Open Access Journals</collection><jtitle>IEEE access</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Berbecaru, Diana Gratiela</au><au>Lioy, Antonio</au><au>Cameroni, Cesare</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>On Enabling Additional Natural Person and Domain-Specific Attributes in the eIDAS Network</atitle><jtitle>IEEE access</jtitle><stitle>Access</stitle><date>2021</date><risdate>2021</risdate><volume>9</volume><spage>134096</spage><epage>134121</epage><pages>134096-134121</pages><issn>2169-3536</issn><eissn>2169-3536</eissn><coden>IAECCG</coden><abstract>Within digital virtual space, secure and efficient user authentication and identification are essential to prevent identity theft and unauthorized access to sensitive information and services. The eIDAS network implementing the European Union (EU) Regulation 910/2014 links the electronic identity (eID) systems of EU countries to allow citizens' access by authenticating with government eIDs. At authentication time, the eIDAS nodes transfer core personal attributes (i.e., name, surname, date of birth, and an identifier) to the service providers (SPs). Since long-term applications require more personal or domain-specific data to provide the service or to perform identity matching, the SPs must obtain such data in an alternative way, with additional costs and risks. Herein, we extend the eIDAS network to retrieve and transfer additional person and domain-specific attributes besides the core ones. This process introduces technical, usability, and privacy issues that we analyze. We exploit a logical AP Connector between the eIDAS node and the entities providing additional attributes. We implemented two AP Connectors, named AP-Proxy and AP-OAuth2, integrated with the Italian pre-production eIDAS node to get additional attributes from the Politecnico di Torino university backend. In an experimental campaign, 30 students have accessed academic services at three foreign universities with recognized Italian eIDs, and transferred additional attributes over the eIDAS network. Despite some usability and privacy concerns encountered, the user experience was positive. We believe our work is helpful in the implementation of the recently adopted European Digital Identity framework, which proposes to extend the person identification data set recognized cross border, and the creation of digital wallets linking different data sets or credentials.</abstract><cop>Piscataway</cop><pub>IEEE</pub><doi>10.1109/ACCESS.2021.3115853</doi><tpages>26</tpages><orcidid>https://orcid.org/0000-0003-1930-9473</orcidid><orcidid>https://orcid.org/0000-0002-3901-4712</orcidid><orcidid>https://orcid.org/0000-0002-5669-9338</orcidid><oa>free_for_read</oa></addata></record> |
fulltext | fulltext |
identifier | ISSN: 2169-3536 |
ispartof | IEEE access, 2021, Vol.9, p.134096-134121 |
issn | 2169-3536 2169-3536 |
language | eng |
recordid | cdi_crossref_primary_10_1109_ACCESS_2021_3115853 |
source | IEEE Open Access Journals; DOAJ Directory of Open Access Journals; Elektronische Zeitschriftenbibliothek - Frei zugängliche E-Journals |
subjects | attribute retrieval Authentication Connectors Datasets digital identity management eIDAS Regulation Electronic commerce Electronic identity Europe Microprocessors Peer-to-peer computing Privacy Protocols Regulation Theft Usability User experience Virtual reality |
title | On Enabling Additional Natural Person and Domain-Specific Attributes in the eIDAS Network |
url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-23T04%3A49%3A24IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=On%20Enabling%20Additional%20Natural%20Person%20and%20Domain-Specific%20Attributes%20in%20the%20eIDAS%20Network&rft.jtitle=IEEE%20access&rft.au=Berbecaru,%20Diana%20Gratiela&rft.date=2021&rft.volume=9&rft.spage=134096&rft.epage=134121&rft.pages=134096-134121&rft.issn=2169-3536&rft.eissn=2169-3536&rft.coden=IAECCG&rft_id=info:doi/10.1109/ACCESS.2021.3115853&rft_dat=%3Cproquest_cross%3E2579441067%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2579441067&rft_id=info:pmid/&rft_ieee_id=9548914&rft_doaj_id=oai_doaj_org_article_4c45c9b31d7845938603e632f8d782c9&rfr_iscdi=true |