This paper is available on arxiv under CC 4.0 license.
Authors:
(1) Ayei E. Ibor, Trustworthy Digital Infrastructure for Identity Systems, The Alan Turing Institute, United Kingdom;
(2) Mark Hooper, Trustworthy Digital Infrastructure for Identity Systems, The Alan Turing Institute, United Kingdom;
(3) Carsten Maple, Trustworthy Digital Infrastructure for Identity Systems, The Alan Turing Institute, United Kingdom;
(4) Gregory Epiphaniou, WMG, University of Warwick, United Kingdom.
Conclusion and Future Work & References
The limitations of the current interoperability solutions, that is, eIDAS and X-Road show that there is a plethora of issues and complexities, which are yet to be addressed to achieve interoperability at the foundational level of identity management. Country-specific legislation and vendor-locked systems in developing countries add to these complexities.
From the findings, the main limitations of the current interoperability solutions can be summarised as follows:
i. Each registry implements its interfaces independently based on the use of a proprietary protocol equivalent to the technology in use. This results in the implementation of new interfaces, sometimes from scratch for new or evolving services.
ii. There are different trust levels based on the implemented security architecture for verifying the integrity and authenticity of the data.
iii. Incompatible certification authorities arise from different trust levels and legal systems of the trust service providers.
iv. Interoperability is based on the signing of bilateral agreements, which are non-trivial and can result in several discrepancies in regulations and policies.
v. There is no provision that the network must be accessible to private entities and as such may build inter-government competition on trust services e.g., eIDAS.
vi. There is differentiation in notified eID schemes and authentication mechanisms leading to re-identification for public services, healthcare, or financial transactions e.g., eIDAS.
These limitations imply that the interoperability of identity systems requires open standards with strong legal, regulatory, and governance structures. Also, there must be mechanisms to mitigate risks to the security and privacy of identification data including consent considerations for data use or sharing by the ID holder as outlined in Alamillo et al. (2023) and Srinivas, Das and Kumar (2019).
From the findings, developing countries must also make provisions for a single, consolidated, and standardized view of civil registrations and identification data that constitute a single source of truth. This will enhance the onboarding of citizens and create a robust verification and validation process that does not require several levels of authentication that may increase the overhead of the identity system.
Additionally, findings showed that the standardization of the structure and attributes of identity data such as name, date of birth, email, and several other relevant attributes to conform with the W3C recommendation should be a key consideration for interoperability. Enforcing the unicity and singularity of identification data will also ensure that ID holders do not have multiple identities that can hamper interoperability.
Similarly, to enable the secure exchange of data or identity assertions, it was also found that developing countries must establish trust relationships through federation protocols that can foster interoperability.
Interoperability portrays tremendous benefits to e-Government. We found that interoperability widens the dimensions of e-Government in cross-border identity management and data services. It also helps to provide open and accessible digital public services including systems and processes that allow people to move freely within the developing countries while also utilising public services outside their country of origin. Interoperability also helps to create sustainability, and economies of scale as demonstrated by X-Road and eIDAS (Hoffmann and Solarte-Vasquez, 2022; McBride et al., 2019; Schmidt and Krimmer, 2022).
We found that while X-Road provides trustworthy data exchange using security servers that allow its members to communicate directly, it does not perform the verification and validation of the identification data that is part of the data exchange. There are also concerns about the limited amount of notified eID schemes under eIDAS, which builds on the limited scope of the eID schemes and the lack of relevant public services.
These concerns underpin the need for the review of these interoperability solutions to underscore the notion of cross-border verification and validation of identification data for seamless data exchange.
Building on the evidence from various sources as discussed in the Literature, an architecture for trustworthy cross-border interoperability is proposed in this work. This architecture is represented in Figure 4.
From Figure 4, each citizen or prospective ID holder undergoes identity enrolment, which can include civil registration through online or offline capture procedures. The enrolment of the citizen is based on regulations and standards of the foundational identity system of the issuing country represented in Figure 4 as 𝑁𝐼𝐷𝑆௫.
At the issuance of the ID credential, the citizen or ID holder presents such a document for establishing and proofing his/her identity to a requesting service provider, identity provider or relying party. Authentication and authorisation services are then used to complete the identity proofing process to allow an ID holder access to a service or resource at the point of access.
In a cross-border use case, where a foundational identity system 𝑁𝐼𝐷𝑆௫ communicates with another system, say, in a federated identity ecosystem 𝐹𝑒𝑑ூ, or where an ID holder 𝑈ூ requests for a service from the latter, then the processes of verifying and validating the identity of 𝑈ூ should be an integral component of an interoperable identity system unlike in X-Road where such processes are the functions of the service provider/consumer.
Verification and validation ensure that the claimed identity is true and belongs to the claimant at the time of the request and throughout service delivery.
To achieve this, there is the need to have a trustworthy link that considers the representation of the data, semantics, binding, and the security and privacy of the identification data of 𝑈ூ. The relevance of the trust link at the interoperable layer is to ensure that the identity data as well as the requested resource or service maintains its integrity, security, privacy, and confidentiality throughout data exchange.
We propose that the representation of the identification data must be data format agnostic as obtainable in X-Road using simple object access protocol (SOAP) and representational state transfer (REST) (Halili and Ramadani, 2018; Krimmer et al., 2021; Priisalu and Ottis, 2017). Also, the representation of credentials on the Web should be in a way that is machineverifiable, private, and cryptographically secure.
The semantic interpretation of ID credentials must be unambiguous. That is, verifying credentials and presentations and cryptographically securing them both require predictable, bi-directional, and lossless processes.
To be processed in an interoperable manner, any verification of a credential or presentation must be deterministic. The resulting credential or presentation must be semantically and syntactically equivalent to the original construct (Sedlmeir et al., 2021; W3C Recommendation, 2022). Likewise, each verified credential of 𝑈ூ must be bound to its identity to a given level of assurance. This establishes an unbreakable link between the subject (𝑈ூ) and the credential to enforce identity disambiguation. Binding is relevant for the verification and validation of the claimed identity at cross-border entry/exit points.
Finally, the security and privacy of the identification data are significant as it forms the integral component of the required trustworthiness for interoperability. There are several approaches for implementing the security and privacy of identification data such as the use of Transport Layer Security (TLS), Security Assertion Markup Language (SAML), authentication keys, etc. (for security), secure computation mechanisms, trusted third party, differential privacy, etc. (for privacy) (Grassi, Garcia and Fenton, 2017; Kaaniche, Laurent and Belguith, 2020). We posit that the use of secure computation mechanisms, data minimisation, and differential privacy in a cross-border context can fulfil the required privacy requirements due to the multifaceted risks associated with the exchange of data between interoperating entities.
This paper is available on Arxiv under CC 4.0 license.