The University of Southampton
University of Southampton Institutional Repository

Identity assurance in the UK: technical implementations and legal implications under the eIDAS regulation

Identity assurance in the UK: technical implementations and legal implications under the eIDAS regulation
Identity assurance in the UK: technical implementations and legal implications under the eIDAS regulation
The UK Government has been designing a new Electronic Identity Management (eIDM) system that, once rolled-out, will take over how citizens authenticate against online public services. This system, Gov.UK Verify, has been promoted as a state-of-the-art privacy-preserving system, tailored to meet the requirements of UK citizens and is the first eIDM interoperability in which the government does not act as an identity provider itself, delegating the provision of identity to competing third parties. According to the recently enacted EU eIDAS Regulation, member states can allow their citizens to transact with foreign services by notifying their national eID scheme. Once a scheme is notified, all other member states are obligated to incorporate it into their electronic identification procedures. The UK Government is contemplating at the moment whether it would be beneficial to notify. This article examines Gov.UK Verify 's compliance with the requirements set forth by the Regulation and the impact on privacy and data protection. It then explores potential interoperability issues with other national eID schemes, using the German nPA, an eIDM based on national identity cards, as a reference point. The article highlights areas of attention, should the UK decide to notify Gov.UK Verify. It also contributes to relevant literature of privacy-preserving eID management by offering policy and technical recommendations for compliance with the new Regulation and an evaluation of interoperability under eIDAS between systems of different architecture.
55-65
Tsakalakis, Niko
7d9c7129-d04e-4ed6-aefa-12371a007b95
O'hara, Kieron
0a64a4b1-efb5-45d1-a4c2-77783f18f0c4
Stalla-Bourdillon, Sophie
c189651b-9ed3-49f6-bf37-25a47c487164
Tsakalakis, Niko
7d9c7129-d04e-4ed6-aefa-12371a007b95
O'hara, Kieron
0a64a4b1-efb5-45d1-a4c2-77783f18f0c4
Stalla-Bourdillon, Sophie
c189651b-9ed3-49f6-bf37-25a47c487164

Tsakalakis, Niko, O'hara, Kieron and Stalla-Bourdillon, Sophie (2016) Identity assurance in the UK: technical implementations and legal implications under the eIDAS regulation. WebSci '16 Proceedings of the 8th ACM Conference on Web Science, , Hannover, Germany. 22 - 25 May 2016. pp. 55-65 . (doi:10.1145/2908131.2908152).

Record type: Conference or Workshop Item (Paper)

Abstract

The UK Government has been designing a new Electronic Identity Management (eIDM) system that, once rolled-out, will take over how citizens authenticate against online public services. This system, Gov.UK Verify, has been promoted as a state-of-the-art privacy-preserving system, tailored to meet the requirements of UK citizens and is the first eIDM interoperability in which the government does not act as an identity provider itself, delegating the provision of identity to competing third parties. According to the recently enacted EU eIDAS Regulation, member states can allow their citizens to transact with foreign services by notifying their national eID scheme. Once a scheme is notified, all other member states are obligated to incorporate it into their electronic identification procedures. The UK Government is contemplating at the moment whether it would be beneficial to notify. This article examines Gov.UK Verify 's compliance with the requirements set forth by the Regulation and the impact on privacy and data protection. It then explores potential interoperability issues with other national eID schemes, using the German nPA, an eIDM based on national identity cards, as a reference point. The article highlights areas of attention, should the UK decide to notify Gov.UK Verify. It also contributes to relevant literature of privacy-preserving eID management by offering policy and technical recommendations for compliance with the new Regulation and an evaluation of interoperability under eIDAS between systems of different architecture.

Text
sig-alternate.pdf - Accepted Manuscript
Download (376kB)

More information

Submitted date: 18 February 2016
Accepted/In Press date: 23 March 2016
e-pub ahead of print date: May 2016
Venue - Dates: WebSci '16 Proceedings of the 8th ACM Conference on Web Science, , Hannover, Germany, 2016-05-22 - 2016-05-25
Organisations: Web & Internet Science, Southampton Law School

Identifiers

Local EPrints ID: 393204
URI: http://eprints.soton.ac.uk/id/eprint/393204
PURE UUID: 8beb6bd3-e157-476b-9384-69a670b48ac2
ORCID for Niko Tsakalakis: ORCID iD orcid.org/0000-0003-2654-0825
ORCID for Kieron O'hara: ORCID iD orcid.org/0000-0002-9051-4456

Catalogue record

Date deposited: 26 Apr 2016 15:37
Last modified: 27 Oct 2020 19:59

Export record

Altmetrics

Contributors

Author: Niko Tsakalakis ORCID iD
Author: Kieron O'hara ORCID iD

University divisions

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of http://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×