The University of Southampton
×
Filter your search:
University of Southampton Institutional Repository

Identity assurance in the UK: technical implementations and legal implications under the eIDAS regulation

Identity assurance in the UK: technical implementations and legal implications under the eIDAS regulation
Identity assurance in the UK: technical implementations and legal implications under the eIDAS regulation
The UK Government has been designing a new Electronic Identity Management (eIDM) system that, once rolled-out, will take over how citizens authenticate against online public services. This system, Gov.UK Verify, has been promoted as a state-of-the-art privacy-preserving system, tailored to meet the requirements of UK citizens and is the first eIDM interoperability in which the government does not act as an identity provider itself, delegating the provision of identity to competing third parties. According to the recently enacted EU eIDAS Regulation, member states can allow their citizens to transact with foreign services by notifying their national eID scheme. Once a scheme is notified, all other member states are obligated to incorporate it into their electronic identification procedures. The UK Government is contemplating at the moment whether it would be beneficial to notify. This article examines Gov.UK Verify 's compliance with the requirements set forth by the Regulation and the impact on privacy and data protection. It then explores potential interoperability issues with other national eID schemes, using the German nPA, an eIDM based on national identity cards, as a reference point. The article highlights areas of attention, should the UK decide to notify Gov.UK Verify. It also contributes to relevant literature of privacy-preserving eID management by offering policy and technical recommendations for compliance with the new Regulation and an evaluation of interoperability under eIDAS between systems of different architecture.
55-65
Tsakalakis, Niko
eae42e98-58b8-45b9-8c11-35a798cc9671
O'hara, Kieron
0a64a4b1-efb5-45d1-a4c2-77783f18f0c4
Stalla-Bourdillon, Sophie
c189651b-9ed3-49f6-bf37-25a47c487164
Tsakalakis, Niko
eae42e98-58b8-45b9-8c11-35a798cc9671
O'hara, Kieron
0a64a4b1-efb5-45d1-a4c2-77783f18f0c4
Stalla-Bourdillon, Sophie
c189651b-9ed3-49f6-bf37-25a47c487164

Tsakalakis, Niko, O'hara, Kieron and Stalla-Bourdillon, Sophie (2016) Identity assurance in the UK: technical implementations and legal implications under the eIDAS regulation. WebSci '16 ACM Web Science Conference, , Hannover, Germany. 22 - 25 May 2016. pp. 55-65 . (doi:10.1145/2908131.2908152).

Record type: Conference or Workshop Item (Paper)

Abstract

The UK Government has been designing a new Electronic Identity Management (eIDM) system that, once rolled-out, will take over how citizens authenticate against online public services. This system, Gov.UK Verify, has been promoted as a state-of-the-art privacy-preserving system, tailored to meet the requirements of UK citizens and is the first eIDM interoperability in which the government does not act as an identity provider itself, delegating the provision of identity to competing third parties. According to the recently enacted EU eIDAS Regulation, member states can allow their citizens to transact with foreign services by notifying their national eID scheme. Once a scheme is notified, all other member states are obligated to incorporate it into their electronic identification procedures. The UK Government is contemplating at the moment whether it would be beneficial to notify. This article examines Gov.UK Verify 's compliance with the requirements set forth by the Regulation and the impact on privacy and data protection. It then explores potential interoperability issues with other national eID schemes, using the German nPA, an eIDM based on national identity cards, as a reference point. The article highlights areas of attention, should the UK decide to notify Gov.UK Verify. It also contributes to relevant literature of privacy-preserving eID management by offering policy and technical recommendations for compliance with the new Regulation and an evaluation of interoperability under eIDAS between systems of different architecture.

Text
sig-alternate.pdf - Accepted Manuscript
Available under License Creative Commons Attribution Non-commercial No Derivatives.
Download (376kB)

More information

Submitted date: 18 February 2016
Accepted/In Press date: 23 March 2016
e-pub ahead of print date: May 2016
Venue - Dates: WebSci '16 ACM Web Science Conference, , Hannover, Germany, 2016-05-22 - 2016-05-25
Organisations: Web & Internet Science, Southampton Law School
Learn more about Web and Internet Science research Learn more about Southampton Law School research

Identifiers

Local EPrints ID: 393204
URI: http://eprints.soton.ac.uk/id/eprint/393204
DOI: doi:10.1145/2908131.2908152
PURE UUID: 8beb6bd3-e157-476b-9384-69a670b48ac2
ORCID for Niko Tsakalakis: ORCID iD orcid.org/0000-0003-2654-0825
ORCID for Kieron O'hara: ORCID iD orcid.org/0000-0002-9051-4456
ORCID for Sophie Stalla-Bourdillon: ORCID iD orcid.org/0000-0003-3715-1219

Catalogue record

Date deposited: 26 Apr 2016 15:37
Last modified: 15 Mar 2024 03:37

Export record

Altmetrics

Contributors

Author: Niko Tsakalakis ORCID iD
Author: Kieron O'hara ORCID iD
Author: Sophie Stalla-Bourdillon ORCID iD

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Library staff additional information
Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of http://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×