eIDAS and e-ID … and Building a More Trusted World

The ambitious nature of the EU to create a common market place is something that few countries of the world could ever attempt. It is a…
Photo by krakenimages on Unsplash

eIDAS and e-ID … and Building a More Trusted World … Go Be Crazy!

The ambitious nature of the EU to create a common marketplace is something that few countries in the world could ever attempt. It is a grand vision of harmonizing the legal and governance infrastructures that we have created over the centuries. At the core of this must be the transformation of traditional legal approaches to the trustworthiness of documents towards verifiable digital methods.

Identity

Lykidis et al [1] define a wide range of ongoing blockchain-based e-Government applications including Authentication, e-Voting, Land Property Services, e-Delivery Services, Human Resources Management, and Government Contracting. A part of these infrastructures is the integration of an identity infrastructure, and which can involve the generation of identities by a trusted authority, or where entities can control their own identity. The method of creating and controlling our own identity is known as SSI (Self-sovereign Identity). With this, we typically use a key pair, and where transactions are digitally signed using a private key, and then this is proven with a public key. The private key can then be stored in a citizen wallet, and which cannot be accessed by any other entity.

Two major global initiates which aim to harmonize the usage of verifiable credentials and wallets are: the The Open Identity Exchange (OIX) and Trust over IP Foundation (ToIP). With ToIP we see a focus around decentralized digital identity projects, and where it issues global compatibility guidelines for Hyperledger Aries and Indy, and verifiable credentials [2].

The EU are now committed to rolling out a European e-ID system across the EU [here], and where each citizen should be able to use SSI to create their own wallet, and thus link this to their identity. As it is GDPR compliant, it breaks down many of the barriers that have been put in place by other national ID schemes.

Common European Framework

In 2018, 27 EU Member states, Norway and Liechtenstein signed up to the European Blockchain Partnership (EBP). This led to the creation of the European Blockchain Services Infrastructure (EBSI). There are currently four main use cases: Self-Sovereign Identity, Diploma, Document Traceability and Trust Data Sharing. Within the European Self-Sovereign Identity Framework (ESSIF) we have a trusted method of identifying citizens and thus allow them to create their own digital identity. There is thus no need for trusted third-party trust providers for identity checking. ESSIF aligns with the General Data Protection Regulation (GDPR) and the electronic IDentification and Authentication and trust Services (eIDAS).

Overall EBSI is a public permissioned blockchain and where digital credentials are stored in wallets that citizens own and control. This means that citizens have full control of their identities, and of their associated data. The blockchain does not store any personal information. Baldacci et al define that the core principles of EBSI are:

  • Public Permissioned: The identity of all participating nodes must be governed;
  • Decentralized: Each member should run its own node or set of nodes;
  • Scalable: Support of high-throughput and high number of nodes;
  • Open Specifications: EU Public License and free from IPR;
  • Sustainable: Energy-efficient consensus mechanism;
  • Interoperable: should foster interoperability via alignment with the work of standardization bodies such as ISO, CEN or ETSI.

In 2020, a number of proponents (DIZME, Findy, Lissi and MeineSichereID) outlined their collaboration within the Trust over IP Foundation and with a goal to focusing on achieving a European SSI Network. A key focus of their statement is related to the integration of EBSI with ToIP stack and ESSIF, and thus move towards a common single market for data across both private and public services.

eIDAS

At the core of digital systems is the implementation of digital signing. With this, a trusted entity has a key pair: a private key and a public key. The private key can be stored in a wallet, and then used to digitally sign transactions. The public key can then be used to prove the identity of the signer.

At the present time, qualified signatures (those in a written form) are typically seen as the core requirement for legal requirements. eIDAS aims to create both a technical and organisation infrastructure that can reach the trust levels of qualified signatures. Within an EU context, the eIDAS framework provides an enhanced method of supporting the legal requirements of digital signatures [3]. This also allows them to be compliant with GDPR regulations, along with being trusted by each of the EU members. With a digital signature, we have a cryptographic proof of the usage of the private key. eIDAS enhances this by authenticating documents created by legal persons. These are defined as electronic seals, and which confirms the existence of the document and of its origins. Overall, eIDAS does not actually define any strict rules for electronic signatures, apart from having a legal status and to be admissible as legal evidence.

The definition of the eIDAS framework for an advanced electronic signature is outlined in Article 26 of Regulation (EU) No 910/2014 [here] as:

  • it is uniquely linked to the signatory;
  • it is capable of identifying the signatory;
  • it is created using electronic signature creation data that the signatory can, with a high level of confidence, use under his sole control; and

it is linked to the data signed therewith in such a way that any subsequent change in the data is detectable.

Conclusions

An e-ID for every European citizen, and which is self-sovereign in its design, and the roll-out of eIDAS to give digital signatures the same standing as qualified signatures … it’s a winner if it can be done. If successful it will leave the rest of the world looking old and will build new governance and economic infrastructures, and with the citizen and their rights at the centre of this. In our GLASS project, we are building on e-ID and eIDAS, and aim to create a more trusted world for e-Governance. So, why not come and join us on this amazing path to building a world focused on citizens?

I advise any country in the world to look at the plans for e-ID and eIDAS, and perhaps look to integrate with it, as it might overcome many of the barriers that we currently face in rebuilding our world of trust. I personally hope that Scotland and the UK, especially, can build bridges back into the EU, and help build the systems of our future.

It’s a grand vision and which aims to break down the things that falsely seperate us, and builds bonds for the things that bind us together … go be crazy …

References

[1] Lykidis, I., Drosatos, G., & Rantos, K. (2021). The Use of Blockchain Technology in e-Government Services. Computers, 10(12), 168.

[2] Dizme, Position statement toward EBSI, https://https://lissi.id/about

[3] Kutyłowski, M., & Błaśkiewicz, P. (2023). Advanced Electronic Signatures and eIDAS–Analysis of the Concept. Computer Standards & Interfaces, 83, 103644.