The EU is driving the introduction of an EU-wide electronic identity (eID) for its citizens with its electronic identification, authentication, and trust services (eIDAS) regulation. The objective is to provide them with a way to prove and verify their identity against online services both in the governmental context as well as in the private sector. While the first eIDAS proposal [1] has not been widely adopted, a new version - eIDAS 2.0 [2] - based on the concept of self-sovereign identity (SSI) promises to become more relevant in the near future. The new regulation even demands that 80% of EU citizens should have access to a digital identity solution by 2030. Therefore, more and more digital identity wallet apps appear that are compliant with eIDAS 2.0 and may soon be used increasingly by EU citizens to manage their attributes and present them to services to identify themselves.
One possible goal of this thesis could be to conduct an analysis of various eIDAS 2.0 compliant apps regarding their security and privacy. Similar ideas in that direction are welcome as well.
[1] http://data.europa.eu/eli/reg/2014/910/oj
[2] https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=CELEX:52021PC0281