The Swiss E-ID & Trust Infrastructure technical roadmap has now been published on GitHub, offering a look at the technical underpinnings of one of Europe’s forthcoming national ID systems.
The plan aims to make the Swiss digital ID compatible with systems in the European Union and other countries. The Swiss government will decide on the specific technology for issuing the E-ID by the end of 2024, allowing more time to evaluate costs and ensure the system meets various needs.
One key aspect of the roadmap is the use of “Decentralized Identifiers” (DIDs). DIDs are a type of digital ID recommended by the World Wide Web Consortium (W3C) that can be verified by users and not easily changed by central authorities. The specific method proposed is “did:tdw”, which offers additional security features like data integrity and the ability to recover control if a private key is compromised.
The roadmap also discusses “Status Mechanisms,” which are ways to manage and update the status of these digital IDs. Two options are being considered: the “Statuslist” for compatibility with the EU and “Accumulators” for better privacy by preventing linking of user activities. These mechanisms ensure that digital IDs remain up-to-date and can be revoked or verified as needed.
For trust and communication protocols, the roadmap considers using “OpenID Federation” or a Swiss-specific solution. OpenID Federation is a well-established standard that could help the Swiss system interact smoothly with other systems. If this isn’t feasible, a simplified Swiss solution could be developed to meet legal requirements while maintaining security and ease of use.
The roadmap also looks at “Verifiable Credentials” (VCs), which are digital versions of traditional credentials like ID cards or certificates. Two types are proposed: one using “SD-JWT” (Selective Disclosure JSON Web Tokens) with ECDSA/EdDSA signatures for EU compatibility, and another using “JSON-LD” (JavaScript Object Notation for Linked Data) with BBS (Boneh-Boyen-Shacham) signatures for privacy. These VCs ensure that digital IDs can be securely verified while protecting user privacy.
Another important aspect is “Holder Binding,” which ensures that the E-ID is securely linked to its rightful owner. This involves using the security features of smartphones, like the cryptographic processors in Apple and Android devices. This is meant to ensure that only the authorized user can access and use the E-ID.
The roadmap also aims to protect user privacy through “Privacy-Preserving Holder Binding,” which involves combining conventional cryptographic methods, like ECDSA, with privacy-focused methods, like BBS, to ensure that user activities can’t be easily linked or tracked.
In the broader European context, the Swiss E-ID aims to be interoperable with the EU’s digital identity systems. The Swiss roadmap’s focus on compatibility with EU standards, such as using SD-JWT and OpenID protocols, aligns with the EUDI wallet’s goals of facilitating seamless cross-border digital interactions and providing a trusted, user-controlled identity solution.
Source: GitHub
–
June 19, 2024 – by Cass Kennedy
Follow Us