Analysis of the Use of OpenID Connect for Electronic Signatures

Abstract: The use of digital services has never been as important as it is today.It is possible to do everything from researching family history to banktransactions on the Internet. This creates a demand for secure servicesto ensure secure authentication of users. Electronic signatures havebecome an important part of e-identification over the last year due tothe the COVID-19 pandemic forcing many people to work remotely.OpenID Connect, or OIDC, is a framework that supports secureauthentication and authorization. But, it does not support electronicsignatures. The work done in this project has shown that an extensionof the OIDC framework is feasible for electronic signatures.A proof of concept has been built to analyse if an extension tothe OIDC framework was possible. The signature flow implementedis structured according to a proposal developed by an experiencedgroup of people working with e-identification. It extends the OIDCauthentication request with additional information to enable supportfor electronic signatures. The signature is done using BankID as an IDP.This work shows that it is possible to perform an electronic sig-nature, with an OpenID Connect authentication flow with signatureextension. The work has focuses on one model using an IDP thatperforms signing. An approach with a stand-alone signature service ispossible, but would be more complex for a limited proof of concept.