March 29, 2021

FIDO Recognition for European Digital Identity Systems and eIDAS Grows

Contributed by Sebastian Elfors, Senior Solutions Architect, Yubico

Recognition of the value of FIDO in European digital identity systems and eIDAS continues to grow.  This month has featured two new updates in Europe on the FIDO front: the release of a landmark ENISA report that discusses the role FIDO2 plays in eIDAS, and the accreditation by the Czech government of a new eID solution using FIDO2.

In March 2021, the EU Cybersecurity Agency (ENISA) issued the report Remote ID Proofing, which describes the current regulatory landscape and supporting standards for the European countries’ remote identity proofing laws, regulations and practices. ENISA’s report is based on the ETSI TR 119 460 and ETSI TS 119 461 documents, which describe the policies and practices for remote identity proofing among trust service providers in the EU. Especially the eIDAS regulation, the AMLD5 directive to prevent money laundering, and EU directives on issuing ID-cards and exchanging identity information have been taken into account from a legal perspective.

Several methods for remote identification are proposed in the ENISA report: video recorded sessions, identification based on eID schemes or electronic signatures, bank identification, scanning of existing ID-cards, or a combination of several methods. In particular the option to identify a user with an eID scheme is of interest from a FIDO perspective. The following statement is written in section “2.2.4 Electronic identification means” of the ENISA report:

“A protocol used by several electronic identity means providers is OpenID connect. It is an authentication layer on top of OAuth 2.0 and is specified by the OpenID foundation. This protocol allows to verify the identity of the applicant based on the authentication performed by an Authorization Server, and by obtaining basic information about the applicant. Another technology that can be used in eID solutions is FIDO2. The FIDO Alliance explains in a whitepaper how FIDO2 can be used for eID means corresponding to eIDAS article 8.”

In the very same month, the Czech ministry of interior issued eIDAS accreditation for the Czech domain registry CZ.NIC, meaning that their identity provider mojeID can deploy FIDO2 as an eID scheme at eIDAS level of assurance High under the following conditions:

  • The FIDO2 authenticator is FIDO certified at Level 2 (or higher)
  • The FIDO2 authenticator is based on a secure element that is certified at FIPS 140-2 Level 3 or Common Criteria EAL4 + AVA_VAN.5
  • The FIDO2 authenticator has a PIN set and the PIN is required for all transactions at level of assurance High
  • Username and password are used in conjunction with FIDO2

Both ENISA’s report on remote identity proofing and the official approval of CZ.NIC’s FIDO-based eID scheme are great examples of how FIDO has been recognized as a viable authentication protocol for eIDAS compliant eID schemes in the EU.

MORE Building the Business Case

White Paper: Choosing FIDO Authenticators for Enterprise Use Cases

Secure access to online applications and services has evolved into...

September 21, 2021

World’s Largest Tech Companies Drive FIDO Alliance’s New User Experience Guidelines

By Andrew Shikiar, Executive Director and Chief Marketing Officer, FIDO...

June 23, 2021

FIDO Recognition for European Digital Identity Systems and eIDAS Grows

Contributed by Sebastian Elfors, Senior Solutions Architect, Yubico Recognition of...

March 29, 2021

White Paper: FIDO for SCA Delegation to Merchants or Wallet Providers

The authentication of consumers during remote transactions has undeniable benefits...

March 16, 2021
Download Authn Specs
Sign up for updates!Get news from FIDO Alliance in your inbox.

By submitting this form, you are consenting to receive communications from: FIDO Alliance, 3855 SW 153rd Drive, Beaverton, OR 97003, US, You can revoke your consent to receive emails at any time by using the unsubscribe link found at the bottom of every email.