This deliverable summarizes the security evaluation of the FutureID project not only for the whole project but also for some of its selected parts. In particular, we performed this evaluation, based on the security requirements specified in D22.2 at three levels: reference architecture, implementation, and pilots.
The overall approach of the evaluation followed the design science methodology to organize and harmonize the multi-disciplinary evaluation approaches. In essence, this evaluation of security requirements provides a big picture security evaluation that includes an end-to-end security evaluation that covers the security requirements of the project as well as the results of the automated analysis for a selected set of eID protocols. This report includes also a timeline of the evaluation process and its general criteria as they emerged during the project work.
In summary, for this evaluation we considered several aspects and levels, and, for the scope of the FutureID project, we found that the current outputs, are not only developed with the state of the art technology for identity management systems, but also, for all the three levels considered, are in line with the security requirements defined in D22.2. This is a positive and remarkable result.
Moreover, based on the security evaluation of FutureID, we formulated several recommendations aimed at providing a guidance to fill the gap between the current status, reflected by the presence of “not applicable” requirements, and the technical challenges in the security area that need to be addressed in order to build a real infrastructure at continental level.