Identity proofing: Opinion on ETSI’s draft technical specification

Identity proofing: Opinion on ETSI’s draft technical specification

ETSI TC ESI is currently drafting a technical specification on “Security and policy requirements for trust service components providing identity proofing for trust services subjects” (TS 119 461 V005). In this context, Eurosmart decided to draft recommendations for this document.

Eurosmart gives the following recommendations:

  • Clarify the intention and the scope of the document.
  • Rely on trustworthy identities for identity proofing, i.e. national identity documents and notified eIDs at level at least “Substantial” (pursuant to eIDAS).
  • Carefully study the impacts of the use of server signing in terms of security and trustworthiness.
  • Put in place safeguards for the use of digital signature means with certificate. The main safeguard here is to bring the primary identity proofing -performed to deliver the signature certificate- into the scope of the technical specification.
  • Clarify the steps of identity proofing and take into account other dimensions (device-credential binding, data freshness, holder authentication) for the assessment of confidence levels.

Please find below the full opinion of Eurosmart.