Konferenzbeitrag
Qualified Electronic Signatures with the EU Digital Identity Wallet
Lade...
Volltext URI
Dokumententyp
Text/Conference Paper
Zusatzinformation
Datum
2024
Autor:innen
Zeitschriftentitel
ISSN der Zeitschrift
Bandtitel
Quelle
Verlag
Gesellschaft für Informatik e.V.
Zusammenfassung
Art. 5a of the amended eIDAS-Regulation (EU) 2024/1183 establishes the European Digital Identity Framework and introduces the European Digitial Identity Wallet (EUDIW), which will meet the requirements of assurance level “high” for identity proofing and authentication (see Art. 5a Nr. 11) and is envisioned to be able to create Qualified Electronic Signatures (QES) free of charge for non-professional purposes (see Art. 5a Nr. 4 (e) and Nr. 5 (g)). As it will not be feasible in practice to certify the secure elements of all smartphones in the market as Qualified Signature Creation Device (QSCD), one needs to look at remote signature solutions along the lines of ETSI TS 119 432 and the specification developed within the Cloud Signature Consortium (CSC) . The Architecture and Reference Framework (ARF) makes it clear that the EUDIW will support Verifiable Credentials (VCs) for the purpose of strong identification and authentication and the only missing step to enable QES in the EUDIW seems to be the integration of Verifiable Credentials and Verifiable Presentations according to W3C with the remote signature protocol of the CSC-API. The present paper shows how to integrate the two worlds to enable QES in the EUDIW using emerging standards, such as Selective Disclosure JSON Web Tokens (SD-JWT) and OpenID for Verifiable Presentations (OID4VP).