{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,16]],"date-time":"2026-06-16T11:03:04Z","timestamp":1781607784991,"version":"3.54.5"},"publisher-location":"Cham","reference-count":38,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783031893490","type":"print"},{"value":"9783031893506","type":"electronic"}],"license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-3-031-89350-6_6","type":"book-chapter","created":{"date-parts":[[2025,4,25]],"date-time":"2025-04-25T12:09:18Z","timestamp":1745582958000},"page":"89-106","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":6,"title":["Protecting Digital Identity Wallet: A Threat Model in\u00a0the\u00a0Age of\u00a0eIDAS 2.0"],"prefix":"10.1007","author":[{"given":"Amir","family":"Sharif","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Zahra Ebadi","family":"Ansaroudi","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Giada","family":"Sciarretta","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Daniela","family":"P\u00f6hn","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Majid","family":"Mollaeefar","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Wolfgang","family":"Hommel","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Silvio","family":"Ranise","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2025,4,16]]},"reference":[{"issue":"2","key":"6_CR1","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3502740","volume":"31","author":"S Ahmadjee","year":"2022","unstructured":"Ahmadjee, S., et al.: A study on blockchain architecture design decisions and their security attacks and threats. ACM Trans. Softw. Eng. Methodol. (TOSEM) 31(2), 1\u201345 (2022)","journal-title":"ACM Trans. Softw. Eng. Methodol. (TOSEM)"},{"key":"6_CR2","doi-asserted-by":"crossref","unstructured":"Ansaroudi, Z.E., et al.: Control is nothing without trust a first look into digital identity wallet trends. In: IFIP Annual Conference on Data and Applications Security and Privacy. Springer, Cham (2023)","DOI":"10.1007\/978-3-031-37586-6_7"},{"key":"6_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/978-3-030-35055-0_1","volume-title":"Secure IT Systems","author":"T Bisztray","year":"2019","unstructured":"Bisztray, T., Gruschka, N.: Privacy impact assessment: comparing methodologies with a focus on practicality. In: Askarov, A., Hansen, R.R., Rafnsson, W. (eds.) NordSec 2019. LNCS, vol. 11875, pp. 3\u201319. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-35055-0_1"},{"key":"6_CR4","unstructured":"Bundesministeriums des Innern und f\u00fcr Heimat. German Wallet Architecture Proposal (2024). https:\/\/gitlab.opencode.de\/bmi\/eudi-wallet\/eidas-2.0-architekturkonzept\/-\/tree\/main"},{"key":"6_CR5","unstructured":"Scott Cantor. SAML Version 2.0 Errata 05 (2012)"},{"key":"6_CR6","unstructured":"Dingle, P., et al.: Alice attempts to abuse a verifiable credential (2023)"},{"key":"6_CR7","unstructured":"ENISA. Digital Identity: Leveraging the SSI Concept to Build Trust (2022). https:\/\/www.enisa.europa.eu\/publications\/digital-identity-leveraging-the-ssi-concept-to-build-trust"},{"key":"6_CR8","unstructured":"EU. eIDAS Regulation (EU) 910\/2014 (2014). https:\/\/eur-lex.europa.eu\/eli\/reg\/2014\/910\/oj"},{"key":"6_CR9","unstructured":"EU. eIDAS Regulation (Eu) 2024\/1183 (2024). https:\/\/eur-lex.europa.eu\/legal-content\/EN\/TXT\/?uri=CELEX:32024R1183"},{"key":"6_CR10","unstructured":"EU. EUDI Wallet Reference Implementation (2024). https:\/\/github.com\/eu-digital-identity-wallet\/.github\/blob\/main\/profile\/reference-implementation.md"},{"key":"6_CR11","unstructured":"EU. The European Digital Identity Wallet (2024). https:\/\/eu-digital-identity-wallet.github.io\/eudi-doc-architecture-and-reference-framework\/1.4.0"},{"key":"6_CR12","unstructured":"FBK. Pilots for european digital identity wallet. https:\/\/st.fbk.eu\/projects\/POTENTIAL"},{"key":"6_CR13","unstructured":"Fett, D., et al.: Security and Trust in OpenID4VC Ecosystems (2024). https:\/\/openid.github.io\/OpenID4VC_SecTrust\/draft-oid4vc-security-and-trust.html"},{"key":"6_CR14","doi-asserted-by":"crossref","unstructured":"Gr\u00fcner, A., et al.: Analyzing and comparing the security of self-sovereign identity management systems through threat modeling. Int. J. Inf. Secur. (2023)","DOI":"10.1007\/s10207-023-00688-w"},{"key":"6_CR15","doi-asserted-by":"crossref","unstructured":"Hardt, D.: The OAuth 2.0 Authorization Framework (RFC6749). Internet Engineering Task Force (IETF) (2012)","DOI":"10.17487\/rfc6749"},{"key":"6_CR16","unstructured":"Hedberg, R., et al.: OpenID Federation 1.0 - draft 36 (2024). https:\/\/openid.net\/specs\/openid-federation-1_0.html#name-authors-addresses"},{"key":"6_CR17","unstructured":"IT Wallet. EUDI Wallet Technical Specifications (2024). https:\/\/github.com\/italia\/eudi-wallet-it-docs"},{"key":"6_CR18","doi-asserted-by":"crossref","unstructured":"Kersic, V., et al.: Orchestrating digital wallets for on-and off-chain decentralized identity management. IEEE Access (2023)","DOI":"10.1109\/ACCESS.2023.3299047"},{"key":"6_CR19","doi-asserted-by":"crossref","unstructured":"Kim, B.G., et al.: A security analysis of blockchain-based did services. IEEE Access (2021)","DOI":"10.1109\/ACCESS.2021.3054887"},{"key":"6_CR20","doi-asserted-by":"crossref","unstructured":"Le, A., et al.: A comparative cyber risk analysis between federated and self-sovereign identity management systems. Data Policy (2023)","DOI":"10.1017\/dap.2023.41"},{"key":"6_CR21","unstructured":"LINDDUN. LINDDUN Privacy Threat Modeling Framework. https:\/\/linddun.org\/"},{"key":"6_CR22","doi-asserted-by":"crossref","unstructured":"Lodderstedt, T., et al.: OAuth 2.0 Pushed Authorization Requests (RFC9126). Internet Engineering Task Force (IETF) (2021)","DOI":"10.17487\/RFC9126"},{"key":"6_CR23","doi-asserted-by":"crossref","unstructured":"Lodderstedt, T., et al.: OAuth 2.0 Security Best Current Practice (draft-ietf-oauth-security-topics-25). Internet Engineering Task Force (IETF) (2024)","DOI":"10.17487\/RFC9700"},{"key":"6_CR24","unstructured":"Lodderstedt, T., et al.: OpenID4VCI (2024). https:\/\/openid.net\/specs\/openid-4-verifiable-credential-issuance-1_0.html"},{"key":"6_CR25","unstructured":"Mayrhofer, R., et al.: Towards Threat Modeling for Private Digital Authentication in the Physical World (2021). https:\/\/www.digidow.eu\/publications\/2021-mayrhofer-tr-digidowthreatmodeling\/Mayrhofer_2021_DigidowThreatModeling.pdf"},{"key":"6_CR26","unstructured":"Microsoft. STRIDE Threat Modeling Framework. https:\/\/learn.microsoft.com\/en-us\/azure\/security\/develop\/threat-modeling-tool"},{"key":"6_CR27","doi-asserted-by":"crossref","unstructured":"M\u00fchle, A., et al.: A survey on essential components of a self-sovereign identity. Comput. Sci. Rev. (2018)","DOI":"10.1016\/j.cosrev.2018.10.002"},{"key":"6_CR28","doi-asserted-by":"crossref","unstructured":"Naik, N., et al.: An attack tree based risk analysis method for investigating attacks and facilitating their mitigations in self-sovereign identity. In: 2021 IEEE Symposium Series on Computational Intelligence (SSCI) (2021)","DOI":"10.1109\/SSCI50451.2021.9659929"},{"key":"6_CR29","unstructured":"Pellegrino, D., et al.: Architecture for privacy-preserving brokerage of analytics using multi party computation, self sovereign identity and blockchain. University of Turku (2022)"},{"key":"6_CR30","unstructured":"P\u00f6hn, D., et al.: Modeling the threats to self-sovereign identities. Gesellschaft f\u00fcr Informatik eV (2023)"},{"key":"6_CR31","unstructured":"Sakimura, N., et al.: OpenID Connect Core 1.0 incorporating errata set 1. The OpenID Foundation, specification, 335 (2014)"},{"key":"6_CR32","unstructured":"Sharif, A.: Protecting digital identity wallet: A threat model in the age of eidas 2.0 (2024). https:\/\/sites.google.com\/view\/eu-digital-identity-wallet\/home"},{"key":"6_CR33","unstructured":"Singhal, A., Singapogu, S., et al.: Security ontologies for modeling enterprise level risk assessment. In: Proceedings of the 2012 Annual Computer Security Applications Conference, Orlando, FL, USA (2012)"},{"key":"6_CR34","unstructured":"SWISSCOMM. Swiss E-ID and Trust Infrastructure (2024). https:\/\/github.com\/e-id-admin\/open-source-community"},{"key":"6_CR35","unstructured":"Terbu, O., et al.: OpenID4VCP (2024). https:\/\/openid.github.io\/OpenID4VP\/openid-4-verifiable-presentations-wg-draft.html"},{"key":"6_CR36","unstructured":"Torongo, A.A., Toorani, M.: Blockchain-based decentralized identity management for healthcare systems. arXiv preprint arXiv:2307.16239 (2023)"},{"key":"6_CR37","doi-asserted-by":"crossref","unstructured":"Veseli, F., et al.: Engineering privacy by design: lessons from the design and implementation of an identity wallet platform. In: Proceedings of the 34th ACM\/SIGAPP Symposium on Applied Computing (2019)","DOI":"10.1145\/3297280.3297429"},{"key":"6_CR38","unstructured":"W3C. Threat modeling community group. https:\/\/www.w3.org\/community\/tmcg"}],"container-title":["Lecture Notes in Computer Science","Risks and Security of Internet and Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-89350-6_6","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,4,25]],"date-time":"2025-04-25T12:10:18Z","timestamp":1745583018000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-89350-6_6"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"ISBN":["9783031893490","9783031893506"],"references-count":38,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-89350-6_6","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025]]},"assertion":[{"value":"16 April 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"CRiSIS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Risks and Security of Internet and Systems","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Aix-en-Provence","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"France","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"26 November 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"28 November 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"crisis2024","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}