Analysis Overview - RUB-NDS/FutureTrust GitHub Wiki

We analyze different properties of the eID services: supported authentication mechanisms (username/password or smartcard), supported Single Sign-On protocols (e.g. SAML[1], OpenID[2], OpenID Connect[3]), and supported/required devices (e.g. browser, mobile device, native application). Our analysis is conducted by investigating the eID service metadata as well as by testing the provided endpoints (if available).

In the following, we provide a generic overview regarding the different eID infrastructures and the supported authentication mechanisms. The results provide a common basis to compare the interoperability of different infrastructures, regarding their security and compatibility.

Table 1 gives a general overview of the authentication protocols used in eID services.

Country SAML OpenID OpenID Connect Other Protocols
Austria Yes OAuth
Belgium
Bulgaria Yes Yes
Croatia
Cyprus
Czech Republic
Denmark Yes (eIDAS) No No NemID
Estonia
Finland Yes (eIDAS) No Yes
France Yes
Georgia No (eIDAS planned) No (obsolete) No
Germany Yes No (used in an obsolete eID project) SOAP
Greece
Hungary
Ireland
Italy
Latvia
Lithuania
Luxembourg
Malta
Netherlands Yes
Norway Yes No No No
Poland
Portugal Yes No No No
Romania
Slovakia
Slovenia
Spain
Sweden Yes
Turkey
United Kingdom Yes No No SAML (Attribute Query)
eIDAS Yes

Table 1: General overview of eID services

References

1. ^ SAML 2.0. (2005, March 15). OASIS Standard. Retrieved from Metadata for the OASIS Security Assertion Markup Language (SAML) V2.0: http://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf
2. ^ (OIDF), T. O. (2007, December). OpenID Authentication 2.0 - Final. Tech. rep. Retrieved from http://openid.net/specs/openid-authentication-2\_0.html
3. ^ (OIDF), T. O. (2014, February). OpenID Connect Core 1.0. Retrieved from http://openid.net/specs/openid-connect-core-1_0.html

⚠️ **GitHub.com Fallback** ⚠️