2nd International Workshop on Trends in Digital Identity TDI 2024

Preface

The "2nd International Workshop on Trends in Digital Identity" (TDI 2024) was held in the historic city of Rome, Italy, on April 9, 2024. Hosted within the Auditorium Antonianum, the workshop brought together a diverse group of experts and practitioners to explore the latest developments and challenges in digital identity. TDI 2024 was co-located with the "9th OAuth Security Workshop" (OSW 2024), which took place from April 10 to 12, 2024, fostering further opportunities for collaboration.

Motivation

In an era where digital services are rapidly expanding across sectors such as e-commerce, egovernment, healthcare, and financial services, reliable identity management has become a critical necessity. The workshop aimed to address key issues in this space, including technical challenges like security and interoperability, as well as legal and regulatory considerations around data protection and privacy. The growing complexity of digital identity systems requires input from various disciplines, and this workshop sought to bring together diverse perspectives to foster cross-sector collaboration.

Structure

The workshop featured a blend of invited talks by national and international experts, alongside presentations of innovative research contributions, which were submitted in response to an open call for papers. This format allowed for a comprehensive exploration of both theoretical and practical aspects of digital identity, ensuring a rich exchange of ideas.

The program was organized into five thematic sessions that reflected the multifaceted nature of digital identity:

• Government and Public Administration: Examined the evolving role of digital identities in the public sector, with particular attention to regulatory frameworks such as eIDAS 2 and the European Digital Identity (EUDI) Wallet. Government representatives shared their perspectives on the development, implementation, and future direction of digital identity solutions, examining the intersection of policy, technology, and user trust. The discussions highlighted the role of public institutions in driving the digital identity agenda, ensuring security, and fostering interoperability across national and international systems.

• Industry: Speakers from the private sector presented insights into the practical challenges and opportunities surrounding digital identity management in the industry. The talks explored the balance between security and usability, the role of trust services, and the technical frameworks that enable secure information exchange. The session also examined the growing need for interoperability between different identity systems and ecosystems, showcasing industry-driven innovations that are shaping the future of digital identity.

• Research and Innovation: Brought together researchers and innovators to discuss the latest advances in digital identity technologies. Topics included improving the trust and security of identity systems, automating identity processes, and exploring new models for decentralized and user-centric identity management. The speakers also addressed challenges related to interoperability, as well as novel cryptographic techniques that enhance privacy and control in digital identity solutions. This session highlighted the cutting-edge research in the digital identity field.

• Specifications and Standards: Explored the crucial role of standards in creating secure, interoperable, and scalable identity solutions. The speakers discussed key standards that underpin digital credentials, the ongoing push for broader adoption of digital identity wallets, and the importance of open standards in fostering innovation. The session emphasized the foundational role that well-developed standards play in enabling trusted digital identity frameworks.

• Round Table : Featured a multi-disciplinary round-table discussion on eIDAS 2. The panel brought together key stakeholders from various sectors, including a representative from government, a voice from the industry, and an expert in standards development. This diverse range of perspectives enriched the conversation, which focused on the practical challenges of adapting to the new regulatory landscape and strategies for ensuring effective cross-sector collaboration. The round table provided a comprehensive forum for sharing insights and identifying the next steps in the evolving digital identity ecosystem.

To conclude the workshop, a Welcome Reception was hosted in conjunction with OSW 2024 at Palazzo Merulana. Attendees had the opportunity to engage in meaningful conversations, share experiences, and forge new connections in a relaxed atmosphere. Additionally, participants were invited to explore a temporary art exhibition housed within the palace.

Call for Papers

To collect and evaluate innovative research contributions, we released a public call for papers encouraging submissions on a range of topics, including but not limited to: In response to the call for papers, we received a total of 11 submissions. Each submission underwent a single-blind peer-review process conducted by at least two members of the Program Committee, who assessed the papers based on their technical quality, relevance, originality, significance, and clarity. As a result, 4 papers were accepted for publication in this volume (3 classified as regular papers and 1 as a short paper), while 2 papers were accepted solely for oral presentation at the workshop. Additionally, this volume includes invited papers derived from presentations given during the workshop.

Further details can be found on the official website of the event, available at the following link: https://st.fbk.eu/events/TDI2024/.

Giada

•Access Control in IoT and Distributed Systems • Behavioral and Risk-based Authentication Mechanisms • Compliance with Regulations such as eIDAS (2), PSD2, NIS2 • Decentralized Identity and Self Sovereign Identity • Digital Wallets and Verifiable Credentials (e.g., selective disclosure and revocation) • Identification, Onboarding and Know Your Customer (KYC) Procedures • Identity for Web 3.0 and Metaverse • Identity Governance and Administration • Identity of Things and Cloud Security • Mobile and Strong Authentication • Passwordless Authentication (including passkeys) • Privacy-Enhancing Technologies for Identity Management • Securing Identities for Financial, Governmental and Health Services • Session Management for Seamless and Continuous Authentication • Trust Frameworks for Identity Management Solutions • Video-based Identity Proofing (e.g., automated face comparison, impersonation attacks, document analysis) • Zero Trust Architectures

Session 5: Round Table Session• Crossing the Chasm: Trusted and Seamless Digital Identity Wallets Going Mainstream Kristina Yasuda (SPRIND -Bundesagentur für Sprunginnovationen)• The role of standards in Open Source Software Development Torsten Lodderstedt(OpenWallet Foundation) Committees Program • Improve Wallet Interoperability and Federation in Blockchain-Based User-CentricAuthentication for HealthcareProgram Co-Chairs Opening Session Biagio Boi, Franco Cirillo, Marco De Santis, Christian Esposito (University of Salerno)Giada Sciarretta • Introductory Remarks Fondazione Bruno Kessler • Aggregating Digital Identities through Bridging: An Integration of Open Authen-Marco Pernpruner tication Protocols for Web3 Identifiers Fondazione Bruno Kessler and University of Genoa Giada Sciarretta, Marco Pernpruner (Program Co-Chairs) Ben Biedermann (University of Malta and acurraent UG), Joshua Ellul (University of Malta),Matthew Scerri (WIDE Consortium), Victoria Kozlova (acurraent UG) Session 1: Government and Public Administration Program Committee Session Chair: Silvio Ranise • Revocable Anonymous Credentials from Attribute-Based EncryptionFrancesco Buccafurri Giovanni Bartolomeo (CNIT) University of Reggio Calabria• Demystifying the European Digital Identity Wallet: A Clear InsightDaniel Fett Ralf Küsters Paolo De Rosa (European Commission) Authlete Session 4: Specifications and Standards University of Stuttgart • Bridging Legal Requirements and Technical Solutions for the EUDI Wallet Session Chair: Paul BastianCecilia Pasquini Giuseppe De Marco (Dipartimento per la Trasformazione Digitale, DTD), Francesco Anto-Fondazione Bruno Kessler Amir Sharif Fondazione Bruno Kessler • Securing the Foundations of Verifiable Credential Ecosystems nio Marino (Poligrafico e Zecca dello Stato, IPZS) Daniel Fett (Authlete, Inc.)• User Binding and Wallet Attestations in the context of eIDAS 2Luca Viganò Paul Bastian (Bundesdruckerei GmbH) King's College LondonNicola ZannoneEindhoven University of TechnologySession 2: IndustryOrganizing Committee Session Chair: Paolo CampegianiSciarretta and Marco PernprunerTDI 2024 Program Co-Chairs • Healthy relationships: finding the right balance between trust and control when Roberto Carbone Fondazione Bruno KesslerMarco Pernpruner sharing confidential information through APIs on a national level • TLS 2.0 Adopting the OpenID Federation 1.0 Trust Chain: a New Paradigm for In-Fondazione Bruno Kessler and University of Genoa Steinar Noem (Udelt AS) ternet SecuritySilvio Ranise Vladimir Dzhuvinov (Connect2id) Fondazione Bruno Kessler and University of Trento• GAIN Activity Report: Exploring Technical Feasibility for Inter-Ecosystem Inter-Giada Sciarretta operabilityFondazione Bruno KesslerAmir Sharif Takahiko Kawasaki (Authlete, Inc.) Fondazione Bruno Kessler• Qualified Trust Service Providers as main Pillars of the EU Digital EconomyAndras Barsi (Aruba PEC S.p.A.)• Wallet-like Proof Of Possession on SAML 2.0Francesco Grauso, Pietro Stroia (PagoPA)Session 3: Research and InnovationSession Chair: Marco Pernpruner• Trust and Assurance in R&E Identity FederationsDavide Vaghetti (GARR)• A-WAYF: Automated Where Are You From in Multilateral FederationsErwin Kupris, Tobias Hilbig, David Pierre Sugar, Thomas Schreck (Munich University ofApplied Sciences)v

Chair: Silvio Ranise • eIDAS2: now that is final, how do we deal with it? Paolo Campegiani (Namirial SpA), Paolo De Rosa (European Commission), Daniel Fett (Authlete, Inc.)