Achieving the eIDAS Vision Through the Mobile, Social and Cloud Triad
The new EU regulation on electronic identification and trust services for electronic transactions in internal market aims to overcome cross-border barriers regarding identity and signature services. According to the Head of the European Commission DG CONNECT Task Force “Legislation Team”, the eIDAS regulation sets out to “strengthen EU single market by boosting TRUST and CONVENIENCE in secure and seamless cross-border electronic transactions”.
Although the proposed regulation is technology-neutral, we believe that the technology used by the Mobile, Social and Cloud triad can greatly boost the deployment of applications and, therefore, may accelerate the achievement of the eIDAS vision. Mobile devices have become the something-you-have authentication factor that has been generally delegated to hardware tokens. Smartphones allow deploying highly-secure yet user-friendly mechanisms that can complement existing national eIDs and overcome user-experience drawbacks. Furthermore, identity services are not solely useful for backing up identities provisioned and managed by Member States but can also enhance services by federating and elevating trust on social and other consumer identities. Finally, light Web formats and modern user-centric and privacy-aware standards like OAuth and OpenID Connect make it easy for developers to combine identities and functionality and may revolutionize the quantity and quality of applications, owing both to the plethora of access devices and the advantages of Cloud computing delivery.
KeywordsCloud Provider Resource Server Electronic Signature Identity Service Electronic Transaction
Unable to display preview. Download preview PDF.
- [EU99] Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures. Official Journal L 013, 19/01/2000 P. 0012 – 0020Google Scholar
- [EU14] European Parliament legislative resolution of 3 April 2014 on the proposal for a regulation of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal marketGoogle Scholar
- [Google13] “Our Mobile Planet: Spain. Understanding the Mobile Consumer”, Google, May 2013, http://services.google.com/fh/files/misc/omp-2013-es-en.pdf, seen on July 10th 2014
- [ITU14] “The world in 2014. ICT Facts and Figures”, ICT Data and Statistics Division Telecommunication Development Bureau, ITU, April 2014Google Scholar
- [Cisco14] “Cisco Visual Networking Index: Forecast and Methodology, 2013–2018”, Cisco, June 2014Google Scholar
- [FB14] Statistic Brain – Facebook Statistics, January 2014, http://www.statisticbrain.com/facebook-statistics/,seen on July 10th 2014
- [Gartner13] E. Anderson et al., “Forecast Overview: Public Cloud Services, Worldwide, 2011-2016, 4Q12 Update”, Gartner Inc., February 2013Google Scholar
- [UKAuth00] “Authentication Framework v1.0”, Office of the e-Envoy, December 2000Google Scholar
- [NIST06] W. E. Burr, D. F. Dodson and W. T. Polk, “Electronic Authentication Guideline”, Special Publication 800-63, Version 1.0.2, National Institute of Standards and Technology, April 2006Google Scholar
- [OAuth12] D. Hardt, “The OAuth 2.0 Authorization Framework”, RFC 6749, IETF, October 2012Google Scholar
- [Connect14] N. Sakimura, J. Bradley, M. Jones, B. de Medeiros, C. Mortimore, “OpenID Connect Core 1.0”, February 2014Google Scholar
- [SAML05] S. Cantor et al., “Profiles for the OASIS Security Assertion Markup Language (SAML) V2.0”, OASIS SSTC, March 2005Google Scholar
- [PKCS03] J. Jonsson, B. Kaliski, “Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography. Specifications Version 2.1”, RFC 3447, IETF, February 2003Google Scholar
- [CEN13] Draft for publication of CEN/TS 419241 Security Requirements for Trustworthy Systems Supporting Server Signing, European Committee for Standardization, December 2013Google Scholar
- [MaBa12] Maler, Eve; Barton, Tom: The Future of Federated Identity or, Whither SAML? InCommon, July 2012Google Scholar
- [FIDO14] The FIDO Alliance, https://fidoalliance.org, seen on July 10th 2010
- [Pope13] N. Pope, J. C. Cruellas, I. Khan, J. Olnes, A. Tauber, “Rationalised Framework of Standards for Advanced Electronic Signatures in Mobile Environment”, SR 019 020 (Draft), ETSI, December 2013Google Scholar
- [OASIS14] OASIS Electronic Identity Credential Trust Elevation Methods (Trust Elevation)Google Scholar
- [SCIM14] K. Grizzle, P. Hunt, E. Wahlstroem, C. Mortimore, “System for Cross-Domain Identity Management: Core Schema”, Internet Draft, IETF, June 2014Google Scholar