Analysis Overview - RUB-NDS/FutureTrust GitHub Wiki
We analyze different properties of the eID services: supported authentication mechanisms (username/password or smartcard), supported Single Sign-On protocols (e.g. SAML[1], OpenID[2], OpenID Connect[3]), and supported/required devices (e.g. browser, mobile device, native application). Our analysis is conducted by investigating the eID service metadata as well as by testing the provided endpoints (if available).
In the following, we provide a generic overview regarding the different eID infrastructures and the supported authentication mechanisms. The results provide a common basis to compare the interoperability of different infrastructures, regarding their security and compatibility.
Table 1 gives a general overview of the authentication protocols used in eID services.
Country | SAML | OpenID | OpenID Connect | Other Protocols |
---|---|---|---|---|
Austria | Yes | OAuth | ||
Belgium | ||||
Bulgaria | Yes | Yes | ||
Croatia | ||||
Cyprus | ||||
Czech Republic | ||||
Denmark | Yes (eIDAS) | No | No | NemID |
Estonia | ||||
Finland | Yes (eIDAS) | No | Yes | |
France | Yes | |||
Georgia | No (eIDAS planned) | No (obsolete) | No | |
Germany | Yes | No (used in an obsolete eID project) | SOAP | |
Greece | ||||
Hungary | ||||
Ireland | ||||
Italy | ||||
Latvia | ||||
Lithuania | ||||
Luxembourg | ||||
Malta | ||||
Netherlands | Yes | |||
Norway | Yes | No | No | No |
Poland | ||||
Portugal | Yes | No | No | No |
Romania | ||||
Slovakia | ||||
Slovenia | ||||
Spain | ||||
Sweden | Yes | |||
Turkey | ||||
United Kingdom | Yes | No | No | SAML (Attribute Query) |
eIDAS | Yes |
Table 1: General overview of eID services
1. ^ SAML 2.0. (2005, March 15). OASIS Standard. Retrieved from Metadata for the OASIS Security Assertion Markup Language (SAML) V2.0: http://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf
2. ^ (OIDF), T. O. (2007, December). OpenID Authentication 2.0 - Final. Tech. rep. Retrieved from http://openid.net/specs/openid-authentication-2\_0.html
3. ^ (OIDF), T. O. (2014, February). OpenID Connect Core 1.0. Retrieved from http://openid.net/specs/openid-connect-core-1_0.html