Session "PID Issuance for the eIDAS 2.0 Wallets: Do not throw the Baby with the Bathwater" at ITASEC 2023

Published: Mar 30, 2023

The session “PID Issuance for the eIDAS 2.0 Wallets: Do not throw the Baby with the Bathwater” has been accepted to the Italian Conference on Cybersecurity (ITASEC) 2023, which will take place in Bari, from May 3 to May 5, 2023. The session will be presented by Amir Sharif (FBK).

Here is the abstract:

The revised eIDAS regulation (eIDAS 2.0) advocates for a shift from federated identity manage- ment systems (such as SAML and OpenID Connect) to self-sovereign identity-based systems and defines the European Digital Identity Wallet as a key component. The main goal is to enhance pri- vacy by empowering citizens with the capability of selectively disclosing personal data in a controlled way. To use this wallet, citizens must first obtain and enroll their Person Identification Data. As a result, the secure issuance of this to the wallet is critical. By studying the OpenID for Verifiable Cre- dential Issuance specification, we proposed a general architecture for the secure issuance of Person Identification Data credentials. In addition, we present a related threat model and highlight potential countermeasures to mitigate identified threats.

Involved People

Sharif Amir

Amir Sharif

Carbone Roberto

Roberto Carbone

Sciarretta Giada

Giada Sciarretta

Marino Francesco Antonio

Francesco Antonio Marino

Ranise Silvio

Silvio Ranise