Analysis Overview

We analyze different properties of the eID services: supported authentication mechanisms (username/password or smartcard), supported Single Sign-On protocols (e.g. SAML^[1], OpenID^[2], OpenID Connect^[3]), and supported/required devices (e.g. browser, mobile device, native application). Our analysis is conducted by investigating the eID service metadata as well as by testing the provided endpoints (if available).

In the following, we provide a generic overview regarding the different eID infrastructures and the supported authentication mechanisms. The results provide a common basis to compare the interoperability of different infrastructures, regarding their security and compatibility.

Table 1 gives a general overview of the authentication protocols used in eID services.

Country	SAML	OpenID	OpenID Connect	Other Protocols
Austria	Yes			OAuth
Belgium
Bulgaria	Yes		Yes
Croatia
Cyprus
Czech Republic
Denmark	Yes (eIDAS)	No	No	NemID
Estonia
Finland	Yes (eIDAS)	No	Yes
France			Yes
Georgia	No (eIDAS planned)	No (obsolete)	No
Germany	Yes	No (used in an obsolete eID project)		SOAP
Greece
Hungary
Ireland
Italy
Latvia
Lithuania
Luxembourg
Malta
Netherlands	Yes
Norway	Yes	No	No	No
Poland
Portugal	Yes	No	No	No
Romania
Slovakia
Slovenia
Spain
Sweden	Yes
Turkey
United Kingdom	Yes	No	No	SAML (Attribute Query)
eIDAS	Yes

Table 1: General overview of eID services

References

1. ^ SAML 2.0. (2005, March 15). OASIS Standard. Retrieved from Metadata for the OASIS Security Assertion Markup Language (SAML) V2.0: http://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf
2. ^ (OIDF), T. O. (2007, December). OpenID Authentication 2.0 - Final. Tech. rep. Retrieved from http://openid.net/specs/openid-authentication-2\_0.html
3. ^ (OIDF), T. O. (2014, February). OpenID Connect Core 1.0. Retrieved from http://openid.net/specs/openid-connect-core-1_0.html