The paper proposes an architecture that combines eIDs and attribute-based credentials to provide a standardized, secure, and privacy-preserving way for data controllers to authenticate data subjects when enforcing their data subject rights (DSRs) under the GDPR.
The key highlights are:
The architecture includes User Devices (data subjects' eIDs), Service Providers (data controllers), Identity Providers, and Identity Issuers. This aligns with the roles defined in the European data strategy.
Two approaches are introduced - a self-sovereign identity (SSI) model and a federated identity management (FIM) model. The SSI model gives more control to the data subject, while the FIM model is better suited for scenarios where the data controller lacks the resources to reliably determine the authentication threshold.
The architecture enables data controllers to authenticate data subjects without requiring full ID documents or other insecure methods. Instead, data subjects can present selective attribute claims from their eID wallet, minimizing the data disclosed.
The involvement of trusted Identity Providers and Issuers helps ensure secure and reliable authentication, mitigating risks of impersonation and unauthorized access to data subject rights.
The proposed solution aligns with the European data strategy, as it can be integrated with data intermediaries to facilitate data subject rights enforcement across different data controllers and data spaces.
A otro idioma
del contenido fuente
arxiv.org
Consultas más profundas