, 32nd International Conference of Data Protection and Privacy Commissioners: Resolution on privacy by design, 2010.

, ABC4Trust: Privacy-ABCs and the eID Regulation. Position paper, vol.4, 2014.

M. Arapinis, T. Chothia, E. Ritter, and M. Ryan, Analysing Unlinkability and Anonymity Using the Applied Pi Calculus, 23rd IEEE Computer Security Foundations Symposium, pp.107-121, 2010.

, Article 29 Data Protection Working Party: Statement on the role of a risk-based approach in data protection legal frameworks, WP, vol.218, 2014.

, Article 29 Data Protection Working Party: Guidelines on Data Protection Impact Assessment (DPIA) and determining whether processing is "likely to result in a high risk" for the purposes of Regulation, as last revised and adopted on 4 October, 2016.

F. Bieker, M. Friedewald, M. Hansen, H. Obersteller, M. Rost et al., A Process for Data Protection Impact Assessment Under the European General Data Protection Regulation, Privacy Technologies and Policy: 4th Annual Privacy Forum, pp.21-37, 2016.

M. Bishop, Introduction to Computer Security, 2004.

H. Burkert, Balancing informational power by informational power or Rereading Montesquieu in the internet age, Governance, Regulation and Powers on the Internet, book section 4, pp.93-111, 2012.

D. Castro, Explaining international leadership: Electronic identification systems, Tech. rep., ITIF, 2011.

A. Cavoukian, Laws of Identity: The Case for Privacy-embedded Laws of Identity in the Digital Age, 2006.

A. Cavoukian, Privacy by Design: The 7 foundational principles. Information and Privacy Commissioner of Ontario, 2009.

D. Chaum, A. Fiat, and M. Naor, Untraceable electronic cash, CRYPTO -Lecture Notes Computer Science, vol.403, pp.319-327, 1988.

D. L. Chaum, Untraceable electronic mail, return addresses, and digital pseudonyms, CNIL: Privacy Impact Assessment (PIA): Methodology (how to carry out a PIA), vol.24, pp.84-90, 1981.

, Conference of the Independent Data Protection Authorities of the Bund and the Länder: The standard data protection model, 2015.

R. Dhamija and L. Dusseault, The seven flaws of identity management: Usability and security challenges, IEEE Security & Privacy, vol.6, issue.2, pp.24-29, 2008.

, eIDAS Technical Sub-group: eIDAS -Interoperability Architecture, 2015.

, saml attribute profile v1.0 2.pdf 19. eIDAS Technical Sub-group: eIDAS Message Format. v, eIDAS Technical Sub-group: eIDAS SAML Attribute Profile, vol.11, 2015.

, ENISA: Privacy and Data Protection by Design, 2015.

, European Commission: Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions: EU eGovernment Action Plan 2016-2020 -Accelerating the digital transformation of government, COM, vol.179, pp.52016-0179, 2016.

, European Commission: eIDAS-Node Integration Package Service Offering Description, 2018.

, Federal Office for Information Security, Innovations for an eID Architecture in, 2011.

, Architecture electronic Identity Card and electronic Resident Permit, 2011.

, Federal Office for Information Security [BSI]: eIDAS Notification of the German eID, 2017.

, German eID based on Extended Access Control v2: Overview of the German eID system

, Government Digital Service: Gov.UK Verify Technical Guide: Architecture Overview, 2014.

M. Hansen, S. Fischer-hübner, P. Duquenoy, and A. Zuccato, Marrying transparency tools with user-controlled identity management, The Future of Identity in the Information Society, IFIP -The International Federation for Information Processing, vol.262, pp.199-220, 2008.

M. Hansen, M. Jensen, and M. Rost, Protection goals for privacy engineering, 2015 IEEE Security and Privacy Workshops, pp.159-166, 2015.

R. Hes, Privacy-Enhancing Technologies: The Path to Anonymity -Revised Edition. Registratiekamer, 2000.

G. Hornung and C. Schnabel, Data protection in Germany I: The population census decision and the right to informational selfdetermination, Computer Law & Security Review, vol.25, issue.1, pp.84-88, 2009.

,

M. Horsch, M. Tuengerthal, and T. Wich, SAML Privacy-Enhancing Profile, P237 -Open Identity Summit, pp.11-22, 2014.

D. Hühnlein, T. Frosch, J. Schwenk, C. M. Piswanger, M. Sel et al., Futuretrust -future trust services for trustworthy global transactions, P264 -Open Identity Summit, pp.27-41, 2016.

D. Hühnlein, G. Hornung, M. Kubach, V. Mladenov, H. Roßnagel et al., SkIDentity -Trusted Identities for the Cloud, 2015.

. Iso/iec, Information technology -security techniques -evaluation criteria for it security -part 1: Introduction and general model, International Organization for Standardization, 2009.

. Iso/iec, Information technology -security techniques -code of practice for information security controls, International Organization for Standardization, 2013.

. Iso/iec, Information technology -security techniques -guidelines for privacy impact assessment, International Organization for Standardization, 2017.

A. Khatchatourov, M. Laurent, C. Levallois-barth, E. Tambouris, M. Janssen et al., Privacy in digital identity systems: Models, assessment, and user adoption, 14th International Conference on Electronic Government (EGOV), pp.273-290, 2015.
URL : https://hal.archives-ouvertes.fr/hal-01283997

, Lecture Notes in Computer Science edn, 2015.

M. Koning, P. Korenhof, and G. Alpár, The abc of abc -an analysis of attributebased credentials in the light of data protection, privacy and identity, Internet, Law & Politics : A decade of transformations. Proceedings of the 10th International Conference on Internet, Law & Politics, pp.357-374, 2014.

L. Métayer and D. , Privacy by design: Formal framework for the analysis of architectural choices, Proceedings of the third ACM Conference on Data and Application Security and Privacy (CODASPY), 2013.

A. Pfitzmann and M. Hansen, Anonymity, Unlinkability, Unobservability, Pseudonymity and Identity Management -A Consolidated Proposal for Terminology. Version v0, vol.34, 2010.

A. Poller, U. Waldmann, S. Vowe, and S. Turpe, Electronic identity cards for user authentication -promise and practice, IEEE Security & Privacy, vol.10, issue.1, pp.46-54, 2012.

H. Roßnagel, J. Camenisch, L. Fritsch, D. Houdeau, D. Hühnlein et al., FutureID -Shaping the Future of Electronic Identity, Annual Privacy Forum, pp.10-11, 2012.

A. Servida, principles eid interoperability and guidance for online platforms 1.pdf 45. STORK: D4.11 final version of technical specifications for the cross-border interface, 2015.

N. Tsakalakis, K. O'hara, and S. Stalla-bourdillon, Identity assurance in the uk: Technical implementation and legal implications under the eidas regulation, Proceedings of the 8th ACM Conference on Web Science, pp.55-65, 2016.

N. Tsakalakis and S. Stalla-bourdillon, Documentation of the legal foundations of trust and trustworthiness, 2018.

N. Tsakalakis, S. Stalla-bourdillon, and K. O'hara, What's in a name: the conflicting views of pseudonymisation under eidas and the general data protection regulation, P264 -Open Identity Summit, pp.167-174, 2016.

M. Veeningen, B. De-weger, and N. Zannone, Data minimisation in communication protocols: a formal analysis framework and application to identity management, International Journal of Information Security, vol.13, issue.6, pp.529-569, 2014.

G. O. Yee, Privacy Protection Measures and Technologies in Business Organizations: Aspects and Standards, 2011.

H. Zwingelberg, S. Fischer-hübner, P. Duquenoy, M. Hansen, and R. Leenes, Necessary Processing of Personal Data: The Need-to-Know Principle and Processing Data from the New German Identity Card, vol.352, pp.151-163, 2011.
URL : https://hal.archives-ouvertes.fr/hal-01559451

H. Zwingelberg, M. Hansen, J. Camenisch, B. Crispo, S. Fischer-hübner et al., Privacy protection goals and their implications for eid systems, Privacy and Identity Management for Life, IFIP Advances in Information and Communication Technology, vol.375, pp.245-260, 2012.
URL : https://hal.archives-ouvertes.fr/hal-01517607