The revision of the eIDAS Regulation proposes the implementation of a European digital identity wallet for citizens to authenticate themselves across the EU. The process to decide if a person already has an account at the service where they seek to authenticate themselves is call
...
The revision of the eIDAS Regulation proposes the implementation of a European digital identity wallet for citizens to authenticate themselves across the EU. The process to decide if a person already has an account at the service where they seek to authenticate themselves is called identity matching. Regulated and public Dutch Relying Parties and the Dutch government are not always able to assess whether a citizen authenticating themselves has a pre-existing record at the Relying Party or in the Dutch national registry. Moreover, the current dependency on the Dutch central identity matching service creates a Single Point of Failure. Besides these reliability problems, privacy issues such as profiling data minimization must be accounted for. To this end, this research proposes three possible solution directions for solving these problems: a government-centric, wallet provider-centric, and a hybrid solution direction. The design of the solution directions follows a design science research methodology. The possible solution directions are evaluated by experts in focus groups to elicit the benefits and the barriers which these experts identify as relevant factors for accepting a solution direction. These factors are categorized using the TOE model, which is adapted to suit the current context. Expert evaluations during the focus groups have resulted in factors which relate to the organizational, technological, and external environment of the solution directions. The evaluation uncovered tradeoffs which the Dutch Ministry of the Interior must make to choose between one of the proposed solution directions: reuse of infrastructure at the cost of citizen privacy, or more privacy for citizens at the cost of additional logic requirements needed for the identity wallet. Based on the privacy and reliability requirements and the objective of the Dutch government to give citizens more control over their personal data, the wallet provider-centric solution direction is the most fitting choice of the three proposed solution directions. The explication of the problem, requirements, and solution directions can be used as a starting point in the exploration of new solution directions for the identity matching problems. More research is needed on other possible solution directions than are proposed in this research and their viability to meet the objectives of the Dutch government and deadlines set by the European Commission.