European digital identity: A missed opportunity?

• URL: http://arxiv.org/abs/2601.14503v1
• Date: Tue, 20 Jan 2026 21:55:24 GMT
• Title: European digital identity: A missed opportunity?
• Authors: Wouter Termont, Beatriz Esteves,
• Abstract summary: We identify several issues in the design of OpenID4VCI and OpenID4VP.<n>We debunk OpenID's 'paradigm-shifting' trust-model.<n>The legislation itself cannot accommodate the promise of self-sovereign identity.
• Score: 0.0
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Recent European efforts around digital identity -- the EUDI regulation and its OpenID architecture -- aim high, but start from a narrow and ill-defined conceptualization of authentication. Based on a broader, more grounded understanding of the term, in we identify several issues in the design of OpenID4VCI and OpenID4VP: insecure practices, static, and subject-bound credential types, and a limited query language restrict their application to classic scenarios of credential exchange -- already supported by existing solutions like OpenID Connect, SIOPv2, OIDC4IDA, and OIDC Claims Aggregation -- barring dynamic, asynchronous, or automated use cases. We also debunk OpenID's 'paradigm-shifting' trust-model, which -- when compared to existing decentralized alternatives -- does not deliver any significant increase in control, privacy, and portability of personal information. Not only the technical choices limit the capabilities of the EUDI framework; also the legislation itself cannot accommodate the promise of self-sovereign identity. In particular, we criticize the introduction of institutionalized trusted lists, and discuss their economical and political risks. Their potential to decline into an exclusory, re-centralized ecosystem endangers the vision of a user-oriented identity management in which individuals are in charge. Instead, the consequences might severely restrict people in what they can do with their personal information, and risk increased linkability and monitoring. In anticipation of revisions to the EUDI regulations, we suggest several technical alternatives that overcome some of the issues with the architecture of OpenID. In particular, OAuth's UMA extension and its A4DS profile, as well as their integration in GNAP, are worth looking into. Future research into uniform query (meta-)languages is needed to address the heterogeneity of attestations and providers.

Related papers

• Achieving Flexible and Secure Authentication with Strong Privacy in Decentralized Networks [13.209703999398805]
  IRAC is a flexible credential model that unifies credentials from heterogeneous issuers.<n>We design a secure decentralized revocation mechanism where holders prove non-revocation by demonstrating their credential's revocation within a gap in the issuer's sorted list.
  arXiv  Detail & Related papers  (2025-12-23T10:49:05Z)
• Beyond Inference Intervention: Identity-Decoupled Diffusion for Face Anonymization [55.29071072675132]
  Face anonymization aims to conceal identity information while preserving non-identity attributes.<n>We propose textbfIDsuperscript2Face, a training-centric anonymization framework.<n>We show that IDtextsuperscript2Face outperforms existing methods in visual quality, identity suppression, and utility preservation.
  arXiv  Detail & Related papers  (2025-10-28T09:28:12Z)
• Evaluating Language Model Reasoning about Confidential Information [95.64687778185703]
  We study whether language models exhibit contextual robustness, or the capability to adhere to context-dependent safety specifications.<n>We develop a benchmark (PasswordEval) that measures whether language models can correctly determine when a user request is authorized.<n>We find that current open- and closed-source models struggle with this seemingly simple task, and that, perhaps surprisingly, reasoning capabilities do not generally improve performance.
  arXiv  Detail & Related papers  (2025-08-27T15:39:46Z)
• ChatReID: Open-ended Interactive Person Retrieval via Hierarchical Progressive Tuning for Vision Language Models [49.09606704563898]
  Person re-identification is a crucial task in computer vision, aiming to recognize individuals across non-overlapping camera views.<n>We propose a novel framework ChatReID, that shifts the focus towards a text-side-dominated retrieval paradigm, enabling flexible and interactive re-identification.<n>We introduce a hierarchical progressive tuning strategy, which endows Re-ID ability through three stages of tuning, i.e., from person attribute understanding to fine-grained image retrieval and to multi-modal task reasoning.
  arXiv  Detail & Related papers  (2025-02-27T10:34:14Z)
• 2FA: Navigating the Challenges and Solutions for Inclusive Access [55.2480439325792]
  Two-Factor Authentication (2FA) has emerged as a critical solution to protect online activities.<n>This paper examines the intricacies of deploying 2FA in a way that is secure and accessible to all users.<n>An analysis was conducted to examine the implementation and availability of various 2FA methods across popular online platforms.
  arXiv  Detail & Related papers  (2025-02-17T12:23:53Z)
• Aggregating Digital Identities through Bridging. An Integration of Open Authentication Protocols for Web3 Identifiers [0.8999666725996974]
  Web3's decentralised infrastructure has upended the standardised approach to digital identity protocols like OpenID Connect.<n>Web2 and Web3 currently operate in silos, with selective disclosure web tokens (SD-JWTs) and Web3 dApps being reliant on verifiable-chain data.<n>This paper explores the integration of Web3 within the OpenID Connect framework, scrutinising established authentication protocols for their adaptability to decentralised identities.
  arXiv  Detail & Related papers  (2025-01-23T15:48:49Z)
• Distributed Identity for Zero Trust and Segmented Access Control: A Novel Approach to Securing Network Infrastructure [4.169915659794567]
  This study assesses security improvements achieved when distributed identity is employed with ZTA principle.<n>The study suggests adopting distributed identities can enhance overall security postures by an order of magnitude.<n>The research recommends refining technical standards, expanding the use of distributed identity in practice, and its applications for the contemporary digital security landscape.
  arXiv  Detail & Related papers  (2025-01-14T00:02:02Z)
• A Universal System for OpenID Connect Sign-ins with Verifiable Credentials and Cross-Device Flow [4.006745047019997]
  Self-Sovereign Identity (SSI) is a new and promising identity management paradigm. We propose a comparatively simple system that enables SSI-based sign-ins for services that support the widespread OpenID Connect or OAuth 2.0 protocols.
  arXiv  Detail & Related papers  (2024-01-16T16:44:30Z)
• Disentangle Before Anonymize: A Two-stage Framework for Attribute-preserved and Occlusion-robust De-identification [55.741525129613535]
  "Disentangle Before Anonymize" is a novel two-stage Framework(DBAF)<n>This framework includes a Contrastive Identity Disentanglement (CID) module and a Key-authorized Reversible Identity Anonymization (KRIA) module.<n>Extensive experiments demonstrate that our method outperforms state-of-the-art de-identification approaches.
  arXiv  Detail & Related papers  (2023-11-15T08:59:02Z)
• AI and Democracy's Digital Identity Crisis [0.0]
  Privacy-preserving identity attestations can drastically reduce instances of impersonation and make disinformation easy to identify and potentially hinder. In this paper, we discuss attestation types, including governmental, biometric, federated, and web of trust-based. We believe these systems could be the best approach to authenticating identity and protecting against some of the threats to democracy that AI can pose in the hands of malicious actors.
  arXiv  Detail & Related papers  (2023-09-25T14:15:18Z)
• FedSOV: Federated Model Secure Ownership Verification with Unforgeable Signature [60.99054146321459]
  Federated learning allows multiple parties to collaborate in learning a global model without revealing private data. We propose a cryptographic signature-based federated learning model ownership verification scheme named FedSOV.
  arXiv  Detail & Related papers  (2023-05-10T12:10:02Z)
• Reinforcement Learning on Encrypted Data [58.39270571778521]
  We present a preliminary, experimental study of how a DQN agent trained on encrypted states performs in environments with discrete and continuous state spaces. Our results highlight that the agent is still capable of learning in small state spaces even in presence of non-deterministic encryption, but performance collapses in more complex environments.
  arXiv  Detail & Related papers  (2021-09-16T21:59:37Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.