Digital Deltaworks

Started in June 2024

The European Commission is working on a proposal for a secure European Digital Identity Wallet (EDIW), amending Regulation (EU) No 910/2014.The introduction of the EDIW will have great benefits for individuals and businesses in Europe. To name a few: it will open up the currently localized market for digital services in the EU, and it will enable individuals to interact fully digitally with organizations, replacing the current hybrid form where information with high assurances has to be supported with physical evidence (passports, qualifications, etc.). Furthermore, institutions will receive verified information about their customers, which will enable them to further digitalize processes, saving on operational costs and improving customer satisfaction. However, despite the obvious benefits, the introduction of the EDIW also raises some concerns.

https://pcsi.nl/uploads/projects/digital-deltaworks.png

Intro/relevance

Currently, different bindings are not part of the European Digital Identity Architecture and Reference Framework. They are considered the responsibility of the issuer of credentials and are subject to existing regulations. However, we have established that issuing credentials (such as passports) in the physical world is not foolproof and can be susceptible to collusion and manipulation. In the digital realm, this problem persists and may even be exacerbated if not carefully considered. The risk of making decisions based on credentials that do not truly belong to the entity you are in contact with lies with the verifier or relying party.

To address these challenges, the project 'Digital Deltaworks' aims to identify gaps in the anticipated exchange of digital credentials related to the binding of credentials to the correct entity. It will investigate the extent to which different existing solutions cover these risks and develop mitigating measures for any unaddressed risks.

Project Proposal

Fill in missing guidance in EIDAS2.0 on Device binding, Holder binding and Subject binding. Make an inventory of different ways of binding and the technical implementations for binding, implement a selection as PoC and assess how robust these are against attacks.

Expected benefits of the Digital Deltaworks project?

This result will solve these issues: verifiers are unable to confidently take decisions based on the current ideas in the ARF/eIDAS (because binding is insufficient)

Why do we want to work on this idea within the PCSI?

We want to work on this idea within the PCSI because it addresses our shared concerns and goals, allowing us to leverage our collective resources and expertise for greater impact.

Activities in Explore phase

  • Inventory of breadth of binding problems,

  • Inventory of mitigations + products

  • Inventory of remaining risks. Which scenarios are not yet covered?

  • Checklist for existing solutions

 

This project is part of the trend

22 Opportunity and threat March 2024

Growing importance of identity and access management

Beeldmerk PCSI
PCSI is een samenwerking van
    ABN-AMRO Achmea ASML Belastingdienst ING TNO