Giada Sciarretta Marco Pernpruner (Eds.) Proceedings of the 2nd International Workshop on Trends in Digital Identity TDI 2024 Rome, Italy April 9, 2024 Preface The “2nd International Workshop on Trends in Digital Identity” (TDI 2024) was held in the historic city of Rome, Italy, on April 9, 2024. Hosted within the Auditorium Antonianum, the workshop brought together a diverse group of experts and practitioners to explore the latest developments and challenges in digital identity. TDI 2024 was co-located with the “9th OAuth Security Workshop” (OSW 2024), which took place from April 10 to 12, 2024, fostering further opportunities for collaboration. Motivation In an era where digital services are rapidly expanding across sectors such as e-commerce, e- government, healthcare, and financial services, reliable identity management has become a critical necessity. The workshop aimed to address key issues in this space, including technical challenges like security and interoperability, as well as legal and regulatory considerations around data protection and privacy. The growing complexity of digital identity systems re- quires input from various disciplines, and this workshop sought to bring together diverse perspectives to foster cross-sector collaboration. Structure The workshop featured a blend of invited talks by national and international experts, along- side presentations of innovative research contributions, which were submitted in response to an open call for papers. This format allowed for a comprehensive exploration of both theoret- ical and practical aspects of digital identity, ensuring a rich exchange of ideas. The program was organized into five thematic sessions that reflected the multifaceted nature of digital identity: • Government and Public Administration: Examined the evolving role of digital iden- tities in the public sector, with particular attention to regulatory frameworks such as eIDAS 2 and the European Digital Identity (EUDI) Wallet. Government representatives shared their perspectives on the development, implementation, and future direction of digital identity solutions, examining the intersection of policy, technology, and user trust. The discussions highlighted the role of public institutions in driving the digital identity agenda, ensuring security, and fostering interoperability across national and international systems. • Industry: Speakers from the private sector presented insights into the practical chal- lenges and opportunities surrounding digital identity management in the industry. The talks explored the balance between security and usability, the role of trust services, and the technical frameworks that enable secure information exchange. The session also examined the growing need for interoperability between different identity systems and ecosystems, showcasing industry-driven innovations that are shaping the future of dig- ital identity. • Research and Innovation: Brought together researchers and innovators to discuss the latest advances in digital identity technologies. Topics included improving the trust and security of identity systems, automating identity processes, and exploring new models for decentralized and user-centric identity management. The speakers also addressed ii challenges related to interoperability, as well as novel cryptographic techniques that enhance privacy and control in digital identity solutions. This session highlighted the cutting-edge research in the digital identity field. • Specifications and Standards: Explored the crucial role of standards in creating se- cure, interoperable, and scalable identity solutions. The speakers discussed key stan- dards that underpin digital credentials, the ongoing push for broader adoption of digital identity wallets, and the importance of open standards in fostering innovation. The ses- sion emphasized the foundational role that well-developed standards play in enabling trusted digital identity frameworks. • Round Table: Featured a multi-disciplinary round-table discussion on eIDAS 2. The panel brought together key stakeholders from various sectors, including a representa- tive from government, a voice from the industry, and an expert in standards develop- ment. This diverse range of perspectives enriched the conversation, which focused on the practical challenges of adapting to the new regulatory landscape and strategies for ensuring effective cross-sector collaboration. The round table provided a comprehen- sive forum for sharing insights and identifying the next steps in the evolving digital identity ecosystem. To conclude the workshop, a Welcome Reception was hosted in conjunction with OSW 2024 at Palazzo Merulana. Attendees had the opportunity to engage in meaningful conver- sations, share experiences, and forge new connections in a relaxed atmosphere. Additionally, participants were invited to explore a temporary art exhibition housed within the palace. Call for Papers To collect and evaluate innovative research contributions, we released a public call for papers encouraging submissions on a range of topics, including but not limited to: • Access Control in IoT and Distributed Systems • Behavioral and Risk-based Authentication Mechanisms • Compliance with Regulations such as eIDAS (2), PSD2, NIS2 • Decentralized Identity and Self Sovereign Identity • Digital Wallets and Verifiable Credentials (e.g., selective disclosure and revocation) • Identification, Onboarding and Know Your Customer (KYC) Procedures • Identity for Web 3.0 and Metaverse • Identity Governance and Administration • Identity of Things and Cloud Security • Mobile and Strong Authentication • Passwordless Authentication (including passkeys) • Privacy-Enhancing Technologies for Identity Management iii • Securing Identities for Financial, Governmental and Health Services • Session Management for Seamless and Continuous Authentication • Trust Frameworks for Identity Management Solutions • Video-based Identity Proofing (e.g., automated face comparison, impersonation attacks, document analysis) • Zero Trust Architectures In response to the call for papers, we received a total of 11 submissions. Each submis- sion underwent a single-blind peer-review process conducted by at least two members of the Program Committee, who assessed the papers based on their technical quality, relevance, originality, significance, and clarity. As a result, 4 papers were accepted for publication in this volume (3 classified as regular papers and 1 as a short paper), while 2 papers were accepted solely for oral presentation at the workshop. Additionally, this volume includes invited papers derived from presentations given during the workshop. Further details can be found on the official website of the event, available at the following link: https://st.fbk.eu/events/TDI2024/. Giada Sciarretta and Marco Pernpruner TDI 2024 Program Co-Chairs iv Committees Program Co-Chairs Giada Sciarretta Fondazione Bruno Kessler Marco Pernpruner Fondazione Bruno Kessler and University of Genoa Program Committee Francesco Buccafurri University of Reggio Calabria Daniel Fett Authlete Ralf Küsters University of Stuttgart Cecilia Pasquini Fondazione Bruno Kessler Amir Sharif Fondazione Bruno Kessler Luca Viganò King’s College London Nicola Zannone Eindhoven University of Technology Organizing Committee Roberto Carbone Fondazione Bruno Kessler Marco Pernpruner Fondazione Bruno Kessler and University of Genoa Silvio Ranise Fondazione Bruno Kessler and University of Trento Giada Sciarretta Fondazione Bruno Kessler Amir Sharif Fondazione Bruno Kessler v Program Opening Session • Introductory Remarks Giada Sciarretta, Marco Pernpruner (Program Co-Chairs) Session 1: Government and Public Administration Session Chair: Silvio Ranise • Demystifying the European Digital Identity Wallet: A Clear Insight Paolo De Rosa (European Commission) • Bridging Legal Requirements and Technical Solutions for the EUDI Wallet Giuseppe De Marco (Dipartimento per la Trasformazione Digitale, DTD), Francesco Anto- nio Marino (Poligrafico e Zecca dello Stato, IPZS) • User Binding and Wallet Attestations in the context of eIDAS 2 Paul Bastian (Bundesdruckerei GmbH) Session 2: Industry Session Chair: Paolo Campegiani • Healthy relationships: finding the right balance between trust and control when sharing confidential information through APIs on a national level Steinar Noem (Udelt AS) • GAIN Activity Report: Exploring Technical Feasibility for Inter-Ecosystem Inter- operability Takahiko Kawasaki (Authlete, Inc.) • Qualified Trust Service Providers as main Pillars of the EU Digital Economy Andras Barsi (Aruba PEC S.p.A.) • Wallet-like Proof Of Possession on SAML 2.0 Francesco Grauso, Pietro Stroia (PagoPA) Session 3: Research and Innovation Session Chair: Marco Pernpruner • Trust and Assurance in R&E Identity Federations Davide Vaghetti (GARR) • A-WAYF: Automated Where Are You From in Multilateral Federations Erwin Kupris, Tobias Hilbig, David Pierre Sugar, Thomas Schreck (Munich University of Applied Sciences) vi • Improve Wallet Interoperability and Federation in Blockchain-Based User-Centric Authentication for Healthcare Biagio Boi, Franco Cirillo, Marco De Santis, Christian Esposito (University of Salerno) • Aggregating Digital Identities through Bridging: An Integration of Open Authen- tication Protocols for Web3 Identifiers Ben Biedermann (University of Malta and acurraent UG), Joshua Ellul (University of Malta), Matthew Scerri (WIDE Consortium), Victoria Kozlova (acurraent UG) • Revocable Anonymous Credentials from Attribute-Based Encryption Giovanni Bartolomeo (CNIT) Session 4: Specifications and Standards Session Chair: Paul Bastian • Securing the Foundations of Verifiable Credential Ecosystems Daniel Fett (Authlete, Inc.) • Crossing the Chasm: Trusted and Seamless Digital Identity Wallets Going Main- stream Kristina Yasuda (SPRIND – Bundesagentur für Sprunginnovationen) • The role of standards in Open Source Software Development Torsten Lodderstedt (OpenWallet Foundation) • TLS 2.0 Adopting the OpenID Federation 1.0 Trust Chain: a New Paradigm for In- ternet Security Vladimir Dzhuvinov (Connect2id) Session 5: Round Table Session Chair: Silvio Ranise • eIDAS2: now that is final, how do we deal with it? Paolo Campegiani (Namirial SpA), Paolo De Rosa (European Commission), Daniel Fett (Authlete, Inc.) vii Sponsors We thank our sponsors for supporting the organization of TDI and OSW 2024. Main Sponsor Gold Sponsors Silver Sponsor Bronze Sponsor viii Table of Contents Invited Paper eIDAS Regulation: History, Key Success Factors, and Future Developments . . 1–5 Paolo Campegiani Regular Papers A-WAYF: Automated Where Are You From in Multilateral Federations . . . 6–17 Erwin Kupris, Tobias Hilbig, David Pierre Sugar, Thomas Schreck Bridging eIDAS 2.0 Legal Requirements and Technical Solutions . . . . . . 18–30 Giuseppe De Marco, Francesco Antonio Marino, Andrea De Maria Improve Wallet Interoperability and Federation in Blockchain-Based User- Centric Authentication for Healthcare . . . . . . . . . . . . . . . . 31–42 Biagio Boi, Franco Cirillo, Marco De Santis, Christian Esposito Short Paper Trust and Identity Assurance in Research and Education Identity Federations . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43–47 Davide Vaghetti ix