Secure identity proofing: ETSI delivers a missing block in the eIDAS framework

Secure identity proofing: ETSI delivers a missing block in the eIDAS framework

ETSI recently published a technical specification on identity proofing in the context of eIDAS trust services[1]. This document was prepared by its ESI technical committee, supported by a Specialist Task Force (STF 588).

This technical specification answers a security gap in the current eIDAS framework for trust services. It lays down requirements to guarantee the identity of a trust service user. Concretely, identity proofing takes place when the user registers to benefit from a trust service (e.g. when applying for an eSignature) where the trust service provider needs to verify the identity of the applicant/user. Currently, trust service providers implement very different ways of verifying identities, some being more secure than others. This is the security gap that ETSI addresses.

Eurosmart has been actively contributing to the preparation of this document within ETSI TC ESI. The technical specification envisages the use of several types of evidence: physical or digital identity documents, eID means or digital signature means. For each of those means, ETSI considers the corresponding risks and proposes safeguards.

“Identity fraud is a real threat in the world of trust services. This endangers the trust citizens can have in the entire eIDAS ecosystem. ETSI’s technical specification is much welcome in this respect. It is particularly timely with the ongoing revision of eIDAS, which introduces new trust services, in particular electronic attestation of attributes. These attributes will be fed into the European Digital Identity Wallets; hence identity proofing becomes even more crucial.”

Alban Feraud, President of Eurosmart

Eurosmart would like to thank the members of STF 588, ETSI TC ESI’s convenors and all members of the working group for the fruitful discussions.

This is only the first version of the document. Eurosmart will be pleased to work on further improving the technical specification.

Eurosmart believes that collaboration with CEN-CENELEC JTC13 WG1 is necessary for this work and the future ones related to eIDAS2. ETSI ESI and CEN-CENELEC JTC13 WG1 have complementary expertise on various aspects of eIDAS. It is important to create a bridge between these two working groups to leverage the full spectrum of expertise.

[1] ETSI TS 119 461, v1.1.1, Policy and security requirements for trust service components providing identity proofing of trust service subjects, July 2021.