User Identification, Authentication and Record Matching - Q4 2022
Summary
In the execution of an electronic procedure, there are two situations in which the user has to be identified and authenticated:
- to use the procedure and;
- to use the Once-Only Technical System to retrieve a particular evidence for use in that procedure.
The Once-Only Technical System uses the eID Building Block, as it is today, to identify and authenticate the user. Should the eID building block change, the technical specifications would be adapted to support the changes. Specifically, it uses the assured eIDAS user identity attributes obtained from the user authentication in evidence requests. It may also be used by the Data Service if the user is asked to re-authenticate.
Besides the eIDAS attributes, additional attributes may be requested from the user for the purpose of identification of the relevant Evidence Provider. These attributes, should they be needed, are listed in the DSD and would be included in the evidence request. Both the DSD and the evidence request must make a clear distinction between the two different types of attributes.
The eIDAS attributes that are included in the evidence request are the mandatory attributes of the minimum data set, with the exception of the Unique Identifier when it is receiving Member State specific.
The Preview Space may choose to re-authenticate the user but would need to ensure that the person identification data received matches the one held by them.
The Data Service could rely on the person identification data received in combination with additional security features:
- An authentication verification service that a Data Service can use to verify that the user identity attributes in the evidence request link to a recent eIDAS authentication transaction.
- Authorisation of requests for evidence relating to represented persons.
Note that given the constraints of the current eIDAS regulation and its implementation, there are situations in which a user cannot be granted access to a service immediately. For example, some Member States have manual processes to match users that have not previously accessed their services using eIDAS. These Member States may be unable to process evidence requests dynamically in similar situations.
The chapter includes the following sub-chapters:
Change log
For this release, the changes for all chapters are combined at the top level.
License
The content of this chapter is licensed under European Union Public Licence (EUPL) version 1.2.