The session “PID Issuance for the eIDAS 2.0 Wallets: Do not throw the Baby with the Bathwater” has been accepted to the Italian Conference on Cybersecurity (ITASEC) 2023, which will take place in Bari, from May 3 to May 5, 2023. The session will be presented by Amir Sharif (FBK).
Here is the abstract:
The revised eIDAS regulation (eIDAS 2.0) advocates for a shift from federated identity manage- ment systems (such as SAML and OpenID Connect) to self-sovereign identity-based systems and defines the European Digital Identity Wallet as a key component. The main goal is to enhance pri- vacy by empowering citizens with the capability of selectively disclosing personal data in a controlled way. To use this wallet, citizens must first obtain and enroll their Person Identification Data. As a result, the secure issuance of this to the wallet is critical. By studying the OpenID for Verifiable Cre- dential Issuance specification, we proposed a general architecture for the secure issuance of Person Identification Data credentials. In addition, we present a related threat model and highlight potential countermeasures to mitigate identified threats.