Content

Conecting an eIDAS Node to a Decentralized IdM System

In order to use qualified eID attributes in a distributed ledger (DL) based identity management (IdM) system, we have defined a concept to import national eID attributes into a dezentralized IdM system. This project shows the feasibility of the concept by implementing a proof-of-concept (PoC).

The outcome of this project is a PoC that connects two IdM systems, an existing traditional IdM system with an SSI system. The eIDAS network represents the traditional IdM system whereas the Hyperledger-Indy serves the SSI network. We have extended the Hyperledger-Plenum, a redundant byzantine fault tolerance (RBFT) protocol implementation, in order to support our eID attribute import. Additionally, the eIDAS node service provider (SP) reference implementation was used to implement the eIDAS agent.

Our PoC implements an eIDAS agent, acting as an interface between eIDAS and the SSI system. Additionally, our setup consists of own SSI network consisting of four validator nodes. These nodes run the extended RBFT protocol that is used to perform the eID attribute transformation requested by the eIDAS agent and triggered by a user. The transformation itself consists of the following three steps:

  1. The eIDAS SAML 2 identity assertion is verified
  2. Next, the transformation of the eID attributes from XML to JSON is performed
  3. Finally, the nodes create a multi-signature on success

The PoC is available at http://importdemo.iaik.tugraz.at/SP/. An Austrian mobile phone signature is required in order to try the PoC. For additional information, please check out the concept for Importing National eID Attributes into a Decentralized IdM System.

Scroll forward