research-article

Open access

Towards a Mobile-First Cross-Border eID Framework

Authors:

Christian Kollmann,

Blaz Podgorelec,

Bernd Prunster,

Thomas ZeffererAuthors Info & Claims

dg.o '23: Proceedings of the 24th Annual International Conference on Digital Government Research

Pages 526 - 535

https://doi.org/10.1145/3598469.3598562

Published: 11 July 2023 Publication History

All formats PDF

Abstract

The eIDAS technical framework has been successfully enabling cross-border e-government processes for many years. When initially conceived, today’s user habits and the prevalence and ubiquity of smartphones was nothing but a glimmer on the horizon. As a consequence, the concepts, technologies chosen, and technical standards used to carry out cross-border authentication were designed and chosen with browser-based user flows in mind. In this context, the network of eIDAS nodes and the interfaces defined to integrate them with all kinds of different national eID systems has stood the test of time. At the same time, however, transitioning these workflows to a mobile setting presents various significant challenges: Instead of using a single application (a web browser) to orchestrate the interaction of eID systems, eIDAS nodes and e-government service frontends (mostly using SAML), users are accustomed to using distinct native apps for every service and for interacting with eID systems. This work discusses different concepts essential for transitioning from such browser-based user flows to native app-to-app communication and combines them into a coherent concept. It presents a framework, which maintains browser compatibility, while at the same time providing all the benefits of native mobile apps, taking currently deployed eIDAS-based cross-border authentication to the next level by making it mobile-first, all without requiring invasive changes to existing infrastructure. As will be shown, a slew of technical constraints to overcome makes this a lofty goal, especially considering the heterogeneity of national eID systems which must obviously integrate well with the proposed concept.

References

[1]

Android Open Source Project. 2023. Create Deep Links to App Content. Retrieved January 19, 2023 from https://developer.android.com/training/app-links/deep-linking

[2]

Android Open Source Project. 2023. Verify Android App Links. Retrieved January 19, 2023 from https://developer.android.com/training/app-links/verify-android-applinks

[3]

Apple, Inc.2023. Allowing apps and websites to link to your content. Retrieved January 19, 2023 from https://developer.apple.com/documentation/xcode/allowing-apps-and-websites-to-link-to-your-content

[4]

Apple, Inc.2023. Supporting associated domains. Retrieved January 19, 2023 from https://developer.apple.com/documentation/Xcode/supporting-associated-domains

[5]

Sundas Choudry. 2021. Why You Wouldn’t Use SAML in a SPA and Mobile App. Retrieved January 19, 2023 from https://www.identityserver.com/articles/why-you-wouldn-t-use-saml-in-a-spa-and-mobile-app

[6]

T. Bray (Eds.). 2017. The JavaScript Object Notation (JSON) Data Interchange Format. Retrieved January 19, 2023 from https://www.rfc-editor.org/rfc/rfc8259

[7]

OpenID Foundation. 2014. Welcome to OpenID Connect. Retrieved January 19, 2023 from https://openid.net/connect/

[8]

IETF OAuth Working Group. 2012. OAuth 2.0. Retrieved January 19, 2023 from https://oauth.net/2/

[9]

IBM. 2021. SAML 2.0 bindings. Retrieved January 19, 2023 from https://www.ibm.com/docs/en/sva/9.0.4?topic=federations-saml-20-bindings

[10]

Mike Prechtl. 2022. options-api. Retrieved January 19, 2023 from https://git.ecsec.de/mike.prechtl/options-api

[11]

Christof Rath, Simon Roth, Manuel Schallar, and Thomas Zefferer. 2014. A Secure and Flexible Server-Based Mobile eID and e-Signature Solution. In The Eighth International Conference on Digital Society. ., 7–12. The Eighth International Conference on Digital Society ; Conference date: 23-03-2014 Through 27-03-2014.

[12]

N. Sakimura, J. Bradley, and M. Jones. 2014. OpenID Connect Dynamic Client Registration 1.0 incorporating errata set 1. Retrieved January 19, 2023 from https://openid.net/specs/openid-connect-registration-1_0.html

[13]

N. Sakimura, J. Bradley, M. Jones, and E. Jay. 2014. OpenID Connect Discovery 1.0 incorporating errata set 1. Retrieved January 19, 2023 from https://openid.net/specs/openid-connect-discovery-1_0.html

[14]

OASIS Security Services TC. 2008. Security Assertion Markup Language (SAML) V2.0 Technical Overview. Retrieved January 19, 2023 from http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0.html

[15]

Thomas Zefferer. 2014. A Server-Based Signature Solution for Mobile Devices. In The 12th International Conference on Advances in Mobile Computing and Multimedia. ., 175–184. 12th International Conference on Advances in Mobile Computing & Multimedia (MoMM2014) ; Conference date: 08-12-2014 Through 10-12-2014.

Digital Library

[16]

Thomas Zefferer, Fabian Golser, and Thomas Lenz. 2013. Towards Mobile Government: Verification of Electronic Signatures on Smartphones. In Technology-Enabled Innovation for Democracy, Government and Governance. ., 140–151. International Conference on Electronic Government and the Information Systems Perspective ; Conference date: 26-08-2013 Through 30-08-2013.

Cited By

Prünster BCzerny RCorici AWich T(2024)Implementation and System IntegrationFrom Electronic to Mobile Government10.1007/978-3-031-64471-9_5(63-91)Online publication date: 13-Jul-2024
https://doi.org/10.1007/978-3-031-64471-9_5
Podgorelec BCzerny RZefferer TPrünster BCorici AWich THühnlein D(2024)Design and Architecture of Mobile Cross-Border Services Building BlocksFrom Electronic to Mobile Government10.1007/978-3-031-64471-9_4(45-62)Online publication date: 13-Jul-2024
https://doi.org/10.1007/978-3-031-64471-9_4

Index Terms

Towards a Mobile-First Cross-Border eID Framework
1. Applied computing
  1. Computers in other domains
    1. Computing in government
      1. E-government
2. Human-centered computing
  1. Ubiquitous and mobile computing
    1. Ubiquitous and mobile devices
      1. Mobile phones

Recommendations

Enhancing cross-border mobility by adopting a user journey approach for digital public services
dg.o '23: Proceedings of the 24th Annual International Conference on Digital Government Research

European Union (EU) policies often state that public services must focus on users' needs. However, cross-border services in the EU are still not widely user-centred. One reason is that the development of these services may not have involved sufficient ...
Enhancing European Interoperability Frameworks to Leverage Mobile Cross-Border Services in Europe
dg.o '22: Proceedings of the 23rd Annual International Conference on Digital Government Research

In times where personal contacts must be reduced and in-person meetings and appointments have become difficult, electronic services are continuously gaining relevance. This especially applies to the public-sector domain, where e-government services have ...
Developing Cross-border E-Governance: Exploring Interoperability and Cross-border Integration
Electronic Participation
Abstract
The recent policy and regulatory initiatives of the EU, such as Digital Single Market Strategy, Single Digital Gateway, European Interoperability Framework and eIDAS, identify the need for digital cross-border integration in the EU. The ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

dg.o '23: Proceedings of the 24th Annual International Conference on Digital Government Research

July 2023

711 pages

ISBN:9798400708374

DOI:10.1145/3598469

Copyright © 2023 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 11 July 2023

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

dg.o 2023

dg.o 2023: Digital government and solidarity

July 11 - 14, 2023

Gda?sk, Poland

Acceptance Rates

Overall Acceptance Rate 150 of 271 submissions, 55%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
280
Total Downloads

Downloads (Last 12 months)163
Downloads (Last 6 weeks)15

Reflects downloads up to 17 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Prünster BCzerny RCorici AWich T(2024)Implementation and System IntegrationFrom Electronic to Mobile Government10.1007/978-3-031-64471-9_5(63-91)Online publication date: 13-Jul-2024
https://doi.org/10.1007/978-3-031-64471-9_5
Podgorelec BCzerny RZefferer TPrünster BCorici AWich THühnlein D(2024)Design and Architecture of Mobile Cross-Border Services Building BlocksFrom Electronic to Mobile Government10.1007/978-3-031-64471-9_4(45-62)Online publication date: 13-Jul-2024
https://doi.org/10.1007/978-3-031-64471-9_4

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Figures

Tables

Media

View Table of Conten