Electronic Identification for Universities: Building Cross-Border Services Based on the eIDAS Infrastructure

Berbecaru, Diana; Lioy, Antonio; Cameroni, Cesare

doi:10.3390/info10060210

Cited by 19 publications

(17 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Section 4 explains the details of this proposal. On the other hand, Lioy et al [34][35][36] proposed the application of this extension to specific services provided by Politecnico di Torino as well as an architecture to obtain the new attributes from Italian certified sources. In the same line, Klobučar [37,38] showed the integration of the Slovenian higher education system with the extended eIDAS infrastructure.…”

Section: Related Workmentioning

confidence: 99%

Enhancing University Services by Extending the eIDAS European Specification with Academic Attributes

et al. 2020

View full text Add to dashboard Cite

The European electronic IDentification, Authentication and trust Services (eIDAS) regulation makes available a solution to ensure the cross-border mutual recognition of electronic IDentification (eID) mechanisms among Member States. However, the basic set of attributes currently provided by each country only contains citizens’ personal and legal attributes, preventing e-services to take full advantage of citizens’ domain-specific information, such as academic or medical data. In this article, we propose an extension of the eIDAS specification to support academic attributes as part of citizens’ profiles. In addition, we present an architecture to enable the connection of eIDAS nodes to national attribute providers to enrich citizens’ profiles with additional academic attributes. We have deployed the eIDAS extension in the specific case of the Spanish eIDAS infrastructure, and we have connected it to an attribute provider of the Technical University of Madrid (UPM). We have also improved a set of institutional services of that university by enabling the connection to eIDAS and enhancing the features offered to students based on their academic profiles retrieved from the eIDAS extended infrastructure. Finally, we have evaluated the resulting services thanks to real students from two different countries, concluding that the widespread adoption of the proposed solution in the academic services of European universities will greatly improve their quality and usability.

show abstract

Section: Related Workmentioning

confidence: 99%

Enhancing University Services by Extending the eIDAS European Specification with Academic Attributes

et al. 2020

View full text Add to dashboard Cite

show abstract

“…In some cases, they are not sufficient and new ones need to be defined and supported in the eIDAS-Nodes. For example, in [15] new attributes needed to register the students in a visiting university have been enabled on the eIDAS-Nodes. In the services discussed here, we encountered two situations.…”

Section: Authentication Through Eidas and Spidmentioning

confidence: 99%

“…Once the SP Proxy receives the eIDAS-Auth-Res (step 14), it translates it to SPID format. Thus, the SP Proxy prepares the SPID-Auth-Res and sends it back through the user browser to the Login service (steps [15][16]. Finally, the Login Service extracts from the SPID-Auth-Res the value of the spidCode attribute, which contains an eIDAS PersonIdentifier value and checks it against the eIDAS PersonIdentifier value stored in the Polito user profile.…”

Section: Implementation Details A: Eidas (Person) Identifier Regismentioning

confidence: 99%

“…Even though several works [13] describe the eIDAS Network, the protocol, and its evolution, its integration with real services usable by the citizens is still an open task. Some previous works addressed the connection of generic FIWARE-based OAuth 2.0 services to the eIDAS infrastructure [14], or the registration of Erasmus students at visiting universities [15]. In general, as stated in [16], "current and future problem in integrating identity management systems is the myriad of service providers that are not willing (and/or not capable) to implement large modifications in their systems".…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Providing Login and Wi-Fi Access Services With the eIDAS Network: A Practical Approach

2020

Self Cite

View full text Add to dashboard Cite

The digital identity (or electronic identity) of a person is about being able to prove upon authentication who one is on the Internet, with a certain level of assurance, such as by means of some attributes obtained from a trustworthy Identity Provider. In Europe, the eIDAS Network allows the citizens to authenticate securely with their national credentials and to provide such personal attributes when getting access to Service Providers in a different European country. Although the eIDAS Network is more and more known, its integration with real operational services is still at an initial phase. This paper presents two eIDAS-enabled services, Login with eIDAS and Wi-Fi access with eIDAS, that we have designed, implemented, deployed, and validated at the Politecnico di Torino in Italy. The validation study involved several undergraduate students, who have run the above services with their authentication credentials and platforms and with minimal indications on their usage. The results indicate that the services were beneficial. Several advantages exist both for the users and for the Service Providers, such as resistance to some security attacks and the possibility to adopt the service without prior user registration (e.g. for short meetings, or in public places). However, some students expressed doubts about exploiting their national eID for Wi-Fi access, mainly in connection with usability and privacy issues. We discuss also these concerns, along with advantages and disadvantages of the proposed services. INDEX TERMS cross-border authentication, eIDAS Regulation, electronic identification, Login service, Wi-Fi access service.

show abstract

“…In such scenario exploiting the fiscal code (only) for attribute retrieval at national level, the citizen's fiscal code will not be transferred abroad, so its value is filtered when the response is sent back from the Italian eIDAS node to the eIDAS node in a foreign country. Additional details not only on the AP Connector implementation but also on the development of the proposed eIDAS‐enabled services may be found in the work of Berbecaru et al…”

Section: Attribute Retrieval Through the Eidas Infrastructurementioning

confidence: 99%

Providing digital identity and academic attributes through European eID infrastructures: Results achieved, limitations, and future steps

2019

Self Cite

View full text Add to dashboard Cite

Electronic identity is getting an increased importance nowadays since relentless digitalization and 24/7 connectivity continue to transform everyday life. To support the recognition of electronic identification cross-border within the European Union, the European Commission (EC) released the eIDAS Regulation, which became effective on September 2018. To put eIDAS in practice, the EC has supported the definition of the technical specification; it provides a sample implementation; and it coordinates the eIDAS Network composed of eIDAS nodes of various countries. Each eIDAS node has a generic part required for the communication with the other nodes, and a specific part that each country has to modify independently according to its legal, operational, and technical requirements. Although this specific part is very important because it affects the node flexibility and the interaction with the other actors at the national level, it is less known in practice. We describe the adaptation of this specific part in Italy to perform authentication and provision of attributes through the STORK and STORK 2.0 infrastructures (the predecessors of eIDAS), based on our experience in the homonym projects. Significant effort is spent currently to build real services exploiting the eIDAS infrastructure, eg, the eID4U project proposes eIDAS node extension with new attributes required by some common academic services, such as student registration at a foreign university. We describe the support for these new attributes in the eIDAS nodes and the modification of the specific part of the Italian eIDAS node to allow attributes retrieval from different authorities.

show abstract

Electronic Identification for Universities: Building Cross-Border Services Based on the eIDAS Infrastructure

Cited by 19 publications

References 14 publications

Enhancing University Services by Extending the eIDAS European Specification with Academic Attributes

Enhancing University Services by Extending the eIDAS European Specification with Academic Attributes

Providing Login and Wi-Fi Access Services With the eIDAS Network: A Practical Approach

Providing digital identity and academic attributes through European eID infrastructures: Results achieved, limitations, and future steps

Contact Info

Product

Resources

About