Enhancing University Services by Extending the eIDAS European Speciﬁcation with Academic Attributes †

: The European electronic IDentiﬁcation, Authentication and trust Services (eIDAS) regulation makes available a solution to ensure the cross-border mutual recognition of electronic IDentiﬁcation (eID) mechanisms among Member States. However, the basic set of attributes currently provided by each country only contains citizens’ personal and legal attributes, preventing e-services to take full advantage of citizens’ domain-speciﬁc information, such as academic or medical data. In this article, we propose an extension of the eIDAS speciﬁcation to support academic attributes as part of citizens’ proﬁles. In addition, we present an architecture to enable the connection of eIDAS nodes to national attribute providers to enrich citizens’ proﬁles with additional academic attributes. We have deployed the eIDAS extension in the speciﬁc case of the Spanish eIDAS infrastructure, and we have connected it to an attribute provider of the Technical University of Madrid (UPM). We have also improved a set of institutional services of that university by enabling the connection to eIDAS and enhancing the features offered to students based on their academic proﬁles retrieved from the eIDAS extended infrastructure. Finally, we have evaluated the resulting services thanks to real students from two different countries, concluding that the widespread adoption of the proposed solution in the academic services of European universities will greatly improve their quality and usability.


Introduction
Secure electronic IDentification (eID) is one of the key factors that facilitates privacy, data protection, and prevention of online fraud [1]. It can guarantee the unequivocal identification of a person, ensuring that services are only delivered to individuals who are truly entitled to them. However, to date, the shortage of a common legal basis prevented European Member States from recognizing and accepting eIDs issued by other Member States, thus preventing citizens and companies from completely taking advantage from the digital single market [2].
The electronic IDentification, Authentication and trust Services (eIDAS) Regulation [3] solves the aforementioned problems by guaranteeing the cross-border reciprocal recognition of eIDs. In 2015, the Connecting Europe Facility (CEF) program published the technical specifications and reference implementations of the interoperability between eIDAS nodes for enabling the eID mechanisms (which have been updated to their last version recently [4]). The ultimate goal of this initiative is to allow citizens of any European Member State to use their national eIDs to gain access to public and private e-services provided by other Member States in a secure way.
Since 2017, the CEF program also aims to promote the use of nationally issued eIDs for cross-border student authentication, as well as the integration of eIDAS in existing e-services in the higher education sector in order to facilitate the mobility of students within the European Union (EU). However, the basic set of attributes provided by the Member States (known as the "minimum dataset", MDS) only contains citizens' personal and legal attributes. As a consequence, academic services cannot exploit the advantages of integrating students' eIDs to the same extent as though they included attributes related to their academic profile as well.
The objective of this research is to provide an extension of the eIDAS Regulation to support academic attributes. Thanks to this extension, academic e-services can guarantee the unequivocal identification of students and enhance the functionalities offered thanks to the integration of their academic profiles. Moreover, we provide details about how to modify the eIDAS reference code to include new attributes so the same methodology can be applied to services of other domains such as e-health, e-banking, etc.
Thus, in this article we extend our work from [5] by proposing an extension of the eIDAS specification to academic attributes, and by reporting on how this extension has been successfully implemented in Spain. Thanks to this extension, digital educational services can request students' information from the eIDAS nodes, including not only their personal profiles but also additional attributes related to their academic profiles, such as their field of study, the institution where they are pursuing their studies, and their language proficiency certificates among other relevant information. This sort of data is especially useful for enhancing higher education student mobility programs across Europe, which require students to use educational e-services in foreign universities that need to have access to their academic information.
For the eIDAS nodes to provide academic attributes to services, these attributes need to be procured by certified institutions beyond the national identity providers (e.g., the sending institution in the student mobility example). In this work, we also propose an architecture that allows the connection of the national eIDAS nodes to academic attribute providers to enrich the student MDS with academic attributes.
With the aim of validating our proposal, we have implemented and deployed the architecture necessary for making the solution compatible with the specific case of the Spanish eIDAS infrastructure and an attribute provider of the Technical University of Madrid (Universidad Politécnica de Madrid-UPM). Moreover, we have connected this infrastructure with other eIDAS nodes deployed in Portugal, Slovenia, Italy and Austria that also support the proposed extension. Finally, we have adapted a set of Spanish academic e-services offered by UPM to allow students' authentication through eIDAS-compliant national eID, as well as to exploit the students' academic profiles received from the eIDAS infrastructure. Taking advantage of this deployment, we have tested the proposal with two groups of users: (1) Spanish students who access foreign eIDAS-enabled services and whose academic profile is provided by the UPM attribute provider, and (2) foreign users who consume eIDAS-enabled services delivered by UPM which exploit their academic attributes.
After analyzing the results of the performed tests, we extract several conclusions about the implementation of the proposal in the case of Italian and Spanish academic e-services. Moreover, thanks to our proposal, we establish the base for extending the eIDAS regulation with extra attributes in other domains such as e-banking and e-health, in which the use of eID can improve security and confidentiality. On the other hand, the presented experience with the integration of external attribute providers to enrich the citizens profiles can be applied to those other domains using specific attribute providers.
The manuscript is structured as follows. In Section 2, we present an overview of the existing related works in the literature. Section 3 introduces the basis of the eIDAS regulation and the attributes currently provided. Then, in Section 4, we describe our extension proposal to support academic attributes and to connect the eIDAS infrastructure to attribute providers. The implementation, deployment and tests conducted with real users to validate the proposal are provided in Section 5. Finally, Section 6 concludes the work and suggests future lines of research.

Related Work
The European Union has embarked upon several efforts to facilitate the mobility of citizens across Member States by improving the management of their digital identity. The European project STORK (Secure idenTity acrOss boRders linKed) focused on securing and providing cross-border authentication and established the basis of what would later be eIDAS. Several studies [6][7][8] have described the STORK architecture and brought some insights that should be taken into account in any deployment using the new eIDAS infrastructure, such as the need to preserve privacy.
There are some similarities between the eIDAS infrastructure and that of STORK (described in [6]). The main one lies in the fact that in both solutions, each Member State is in charge of deploying their own infrastructure, which is connected to those of other countries, thus enabling cross-border authentication. Nevertheless, in contrast with STORK, the new eIDAS regulation complies with some new critical security requirements, such as ciphering connections between peers to preserve the confidentiality of citizens.
The authors of [9] support the idea of eIDAS as the optimal way of addressing the new requirements regarding cross-border authentication for sectors such as e-banking [10] and e-Health [11]. They urge Member States to continue with the implementation of the eIDAS regulation due to the expected increase in mobility of European citizens among Member States.
From a technical point of view, in order to provide cross-border authentication, the eIDAS nodes of Member States are interconnected using the SAML 2.0 standard [12]. Although each Member State is free to decide how their services need to be connected to their national eIDAS node, these services are usually connected through SAML 2.0 as well. In this regard, it should be pointed out that this standard implies several limitations in the integration of services with eIDAS nodes [13].
On the other hand, OAuth 2.0 [14] is recognized as the most widespread protocol for delegated authentication [15][16][17], standing out over SAML 2.0 for its simplicity, scalability, ease of integration and lightness [18,19]. As can be seen in a recent study by some of the authors of the present article [20], service providers can delegate and ease the login process of the eIDAS infrastructure through an identity manager based on OAuth 2.0. The aforementioned study proposes an architecture based on a gateway, which is a single sign-on authentication point between services and eIDAS nodes. This gateway translates simple OAuth 2.0 requests made by services into more complex SAML requests towards eIDAS nodes.
The aforementioned work also reported on the integration of eIDAS with an access control architecture that allows services to manage access policies for their resources based on citizens' eID profiles. The authors of [21] faced the same topic, proposing a system based on the Extended Access Control (EAC) protocol and oriented to the German identity card that also provides strong cryptographic guarantees, including the privacy of the attributes against outsiders.
Regarding security and privacy, other approaches are trying to improve the eIDAS specification taking advantage of new concepts and technologies. The authors of [22] compared the way in which pseudonymization is addressed by eIDAS with respect to the General Data Protection Regulation (GDPR). They concluded that the two regulations employ different notions of the concept and opened a discussion to establish a common terminology. On the other hand, Abraham [23] proposed the connection of eIDAS nodes to a decentralized identity management system to provide a self-sovereign identity approach.
Some authors have proposed approaches for including human-related factors when designing innovative services and demonstrate how their performance can be improved [24,25] . In this sense, the eIDAS regulation for providing electronic identification to citizens has drawn the attention of educational institutions due to the potential benefits of integrating electronic identification in academic services [26]. In this regard, [27,28] outlined the benefits of integrating higher education services such as eAccess and eDiploma into the eIDAS infrastructure.
Meanwhile, the CEF Telecom program is promoting the use of eIDAS by funding several projects that aim to integrate eIDAS-compliant eID authentication in educational services. The two main concerns when integrating services into an eIDAS infrastructure are: (1) the definition of domain-specific attributes and (2) the improvement of e-services exploiting such attributes. In this sense, Stasis et al. [11] pointed out the need for including health attributes of patients for better management of healthcare. Likewise, in academic services, the set of attributes of citizens provided should be extended with student data such as language certificates and the degree name.
ESMO Project [29], one of the CEF Telecom financed projects, propose the deployment of proxies between the service providers and the eIDAS infrastructure to retrieve students' academic profiles from attribute providers. The main advantage of this design is that the eIDAS reference implementation, and consequently the implementation of the eIDAS nodes, remains unaltered. However, additional federation mechanisms between the attribute providers must be developed to ensure cross-border authentication.
Moreover, two additional CEF Telecom projects (TREATS and StudIES+) [30] have proposed several use cases in which the integration of eID authentication could definitively improve the user experience. One of these use cases is used to manage students' university credentials and the other one for administering research contracts. On the other hand, authors of [31,32] proposed the integration of the eIDAS regulation in the Erasmus registration process of the Agricultural University of Athens. However, any of these two works addressed the inclusion of academic attributes in the eIDAS specification.
Finally, eID4U project [33] proposes a solution for improving academic services in five Member States thanks to the inclusion of academic attributes into the eIDAS profile of citizens. In the scope of eID4U, the authors of this article together with professors and researchers from Politecnico di Torino, Universidade de Lisboa, Graz University of Technology, and Jozef Stefan Institute, have proposed a list of the most suitable academic attributes to be included in the extension of eIDAS profiles. Section 4 explains the details of this proposal. On the other hand, Lioy et al. [34][35][36] proposed the application of this extension to specific services provided by Politecnico di Torino as well as an architecture to obtain the new attributes from Italian certified sources. In the same line, Klobučar [37,38] showed the integration of the Slovenian higher education system with the extended eIDAS infrastructure.

eIDAS Bases
CEF eID is one of the several building blocks [39] provided by the European Commission, whose principal mission is to help service providers to enable the use of their online services to citizens from other Member States, being these services compliant with the eIDAS regulation in terms of trust, security and interoperability. This last requirement is accomplished thanks to, among other factors, the reciprocal recognition of national eID schemes (including mobiles, smartcards and digital certificates) among Member States. As a result, all citizens of EU countries can use their nationally issued eID to access to European services in a secure way.
Not only public services can benefit from an eIDAS integration, but also private services in need for an extra security level regarding the identification of users. Moreover, all web public application and services requiring electronic identification assurance [40] corresponding to a 'substantial' or 'high' level must be able to accept the notified eID schemes of other EU countries.
Citizens from any Member State can be authenticated by services deployed in any other EU country by using their national eID. As can be seen in Figure 1, citizens from a Member State who want to access a service deployed in a foreign one, are redirected to the eIDAS node of their country of origin to perform the authentication process. This delegation can be accomplished thanks to the SAML 2.0-based specification, which is used to connect eIDAS nodes from Member States to one another. Afterwards, citizens are redirected to the corresponding Identity Provider (IdP) through which they will be able to identify themselves by means of an eID of their country of origin. Once citizens authenticate through the eIDAS infrastructure, a SAML response containing the attributes requested by the service is created, encrypted and sent to the service. As has been stated before, interoperability between eIDAS nodes is one of the key points to be addressed by the eIDAS regulation. Apart from the mutual recognition of national eID schemes, the definition of a common set of attributes of citizens' profiles in the eIDAS specification has been of crucial importance. These attributes can be of type Natural Person or Legal Person. The specification also describes the eidas namespace to unequivocally designate eIDAS attributes with the aim of avoiding ambiguity between identically named elements from other XML vocabularies [41]. Tables 1 and 2 show the attributes available in the eIDAS specification for each type of attribute. Mandatory attributes are marked with an asterisk. When a service provider tries to authenticate a citizen, it is mandatory to request an MDS composed by CurrentFamilyName, FirstName, DateOfBirth and PersonIdentifier from Natural Person and LegalPerson and LegalPersonIdentifier from Legal Person. However, as stated before, we detect an increasing need for a more complete profile to be used in public services in sectors such as education and health. Therefore, it becomes apparent that the integration of domain-specific attributes into the eIDAS infrastructure is of high relevance. The following section describes which specific attributes have been integrated and how.

Proposed Solution
In this section, we propose a solution for enabling the use of academic attributes in the eIDAS infrastructure. Currently, many academic e-services provided by universities or other higher education institutions offer their students the possibility of logging in by using their national eIDs. Thanks to our proposed solution, these services can be enhanced taking advantage of the students' extended profiles provided by the eIDAS nodes that include academic information such as their field of study, the institutions where they carried out their studies, and their language certificates.
To enable the use of academic attributes in services connected to the eIDAS infrastructure, two important challenges must be addressed. As explained earlier, the current eIDAS specification only supports a set of personal and legal attributes known as MDS. This implies that services can only request these attributes when authenticating users by means of their eID since, if an authentication response coming from an IdP contains attributes not belonging to the MDS, the corresponding eIDAS node will remove them before sending the response to the service. Therefore, the first challenge consists of extending the eIDAS specification to support new attributes, specifically the academic attributes we have identified as the most common ones in scholar services.
The second challenge is related to the way in which the academic attributes of a specific student are provided for being consumed by services. Currently, the MDS provided by the Member States' IdPs includes personal and legal attributes. The solution to enrich that profile with academic attributes consists of including connections to third-party attribute providers in the authentication flow. The solution we propose to address these two challenges is presented below.

eIDAS Extension to Support Academic Attributes
To define the list of academic attributes that are typically used by university services, we have analyzed several services of UPM, Politecnico di Torino, Universidade de Lisboa, Graz University of Technology, and Jozef Stefan Institute, together with professors and researchers from said institutions. As a result of this analysis, we have identified the list of attributes shown in Table 3. All of them correspond to the type NaturalPerson. We have reused the namespaces defined by eIDAS and Europass [42] when possible and defined new ones when not. Table 4 summarizes the used namespaces and XML schemas. To support the new academic attributes, we have modified the eIDAS sample implementation provided and maintained by CEF. The new version of the code has been published under the European Union Public License (EUPL) and it is publicly available at https://github.com/eID4U/eIDAS-node. The following changes have been introduced: • XSD (XML Schema Definition) schemes for the new academic attributes have been defined. These schemes can be found at the eID4U_commons/src/main/resources/schema/eid4u/ directory. • A sample configuration for the new version of the eIDAS components has been elaborated based on the sample configuration of the eIDAS sample implementation. This configuration has been included in the EIDAS-Config-eID4U directory. In addition to a sample configuration for the eIDAS components, samples of definitions for all the new academic attributes are provided in the server/idp/user.properties file.

•
The academic attributes have been added to the saml-engine-additional-attributes* files placed in the EIDAS-Config-eID4U/server directory and its subdirectories.
• The corresponding attribute marshallers have been developed and added in the files contained by the eID4U_commons/src/main/java/at/gv/egiz/eid4u/ directory.

Connection to Academic Attribute Providers
Thanks to the proposed extension of the eIDAS specification, service providers can make a request to an eIDAS node for retrieving the users' academic attributes included in the proposed list. However, IdPs used by Member States to authenticate citizens in the eIDAS network typically provide only personal and legal attributes. Therefore, when the eIDAS node of the users' country of origin makes an authentication request to the corresponding national IdP, this IdP will respond including only the MDS attributes. In order to enrich the users' profile with academic attributes, third-party attribute providers must be consulted and hence included in the authentication flow. With the aim of achieving this objective, we propose to make use of a proxy between the eIDAS nodes and the IdPs, which will be in charge of requesting the extra attributes to the attribute providers. Figure 2 shows an overview of the architecture we propose. Below, each component of the architecture is explained:

•
The Local Service Provider represents each of the Service Providers (SPs) deployed for offering a specific service for students, teachers and/or researchers. Each SP is registered and connected to the Local eIDAS Node of its country. Thus, it can send authentication requests for authenticating users by means of their eID.

•
The Local eIDAS node represents an eIDAS node in which the deployed SPs are registered. This node must include the extension to support academic attributes explained above. The node is connected to the rest of the eIDAS nodes of European Member States, so requests sent by SPs for authenticating foreign citizens are redirected to the corresponding eIDAS node. The local eIDAS node also receives authentication requests delegated from foreign eIDAS nodes when a local citizen tries to authenticate to a foreign SP. • Foreign eIDAS nodes receive authentication requests delegated from the local node when a foreign citizen tries to authenticate to a Local SP. On the other hand, foreign eIDAS nodes delegate authentication requests to the Local eIDAS node when a local citizen tries to authenticate to a foreign SP. • IdP Proxy and Attribute Provider Connectors. The IdP Proxy intercepts authentication requests sent from an eIDAS node to the IdP for checking the attributes requested by an SP. After the authentication success in the IdP and its responses to the eIDAS node, the IdP proxy intercepts the flow again to verify the attributes received and to calculate the difference between these attributes and the requested ones. If extra attributes are required, the IdP Proxy must request them to attribute providers (APs). Since many APs can be supported and the protocols to access them may be different, a specific connector (termed AP connector) must be used for each case. Therefore, each AP Connector is in charge of requesting attributes to a specific AP. If specific authentication methods are required by an AP, the corresponding AP Connector is also in charge of managing these methods (e.g., by showing authentication challenges and privacy consents directly to users). After receiving the requested attributes, an AP Connector is responsible for transforming them into the format imposed by the communication protocol between the eIDAS node and the Local IdP. If this protocol imposes the encryption or the signature of the messages, the IdP Proxy needs access to the corresponding certificates. When all the attributes provided by the APs have been included in the authentication response, the IdP Proxy sends the response back to the eIDAS node. • Attribute providers offer access to academic attributes of students. When connecting the IdP Proxy to a specific AP, the communication protocol and the list of available attributes must be configured in the corresponding AP Connector.

•
The Local IdP authenticates local citizens by means of their national eID. Depending on the protocol that each national IdP uses, both the connector module of the eIDAS node and the IdP Proxy, must be configured one way or another. Figure 3 illustrates the flow for authenticating a foreign user accessing a Local SP. As explained above, the Local SP sends an authentication request to the Local eIDAS node, which redirects the request to the corresponding eIDAS node of the citizen's country. If the SP has requested academic attributes and the foreign country implements the extension to support them and the connection to an AP, the authentication response would include the extra attributes in the user profile. In that case, the SP could use these attributes to improve the user experience of the service. Lastly, Figure 4 shows the authentication flow when a local user accesses an SP deployed in a foreign eIDAS infrastructure. In this case, when the foreign eIDAS node redirects the request to the local one, the authentication request sent to the Local IdP is intercepted by the IdP Proxy. The IdP Proxy analyzes the requested attributes and temporally saves a list with their keys. After authenticating the user in the Local IdP, the IdP Proxy calculates the difference between the list of attributes previously saved and the ones received in the authentication response. If extra attributes are required and some of the available APs provide them, the corresponding AP Connectors send a request to retrieve them. If any extra attribute is provided, the corresponding AP Connector parses it to the required format and the IdP Proxy includes the result in the authentication response. Once all extra attributes have been included in the authentication response, the IdP Proxy sends this response back to the local eIDAS node, which in turn forwards it to the foreign eIDAS node that finally sends it to the SP.
As mentioned before, the authentication response received by the IdP Proxy from the IdP can be encrypted and signed. If that is the case, the IdP Proxy requires access to the certificates or keys used by the eIDAS node and the IdP for ensuring security and privacy in the process.

Validation and Results
To validate our proposal, we have implemented and deployed the architecture necessary for achieving compatibility with the specific case of the Spanish eIDAS infrastructure and an attribute provider of UPM. We have also connected this infrastructure with other eIDAS nodes deployed in Portugal, Slovenia, Italy and Austria that also support the proposed extension to provide academic attributes to services. Furthermore, we have adapted a set of institutional e-services offered by our university (i.e., UPM) to exploit the connection to the eIDAS infrastructure and the new academic attributes. Thanks to this adaptation, students from any of the aforementioned Member States can now access such services using their national eIDs. Moreover, after the authentication, the available academic attributes of the students can be used by the services to enhance their functionalities and hence provide a better user experience. Lastly, we have tested the selected services with a set of Spanish and foreign (i.e., non-Spanish) students.
This section shows the details of the deployment we have carried out, the adapted e-services and the results of the tests with real students. Figure 5 shows how we have replicated the architecture shown in Figure 2 with the following components:

Implementation and Deployment
• Service Providers: We have deployed a total of four academic e-services and connected them to the Spanish eIDAS node. Details about these services are explained in the following subsection. In order to provide the single-sign-on feature, we have connected a subset of the services to the eIDAS node through an OAuth 2.0-based Identity Manager compliant with the eIDAS regulation [20]. • eIDAS node: We have deployed a testing instance of the Spanish eIDAS node running the new version of the eIDAS node sample implementation that we developed (whose code is available at https://github.com/eID4U/eIDAS-node). Therefore, this eIDAS node supports the transport of academic attributes. The node is connected to the eIDAS nodes of Italy, Portugal, Austria and Slovenia so requests sent by SPs for authenticating non-Spanish citizens are redirected to the corresponding foreign eIDAS node. The Spanish eIDAS node also receives authentication requests delegated from foreign eIDAS nodes when a Spanish citizen tries to authenticate to a foreign Service Provider. We have connected the node to an instance of the IdP Proxy that is connected to the official Spanish IdP and to the official UPM's AP. Therefore, real Spanish students' identities and academic attributes are used despite using a testing eIDAS node. • Foreign eIDAS nodes: The eIDAS nodes of Italy, Portugal, Austria and Slovenia are connected to the Spanish eIDAS node. They receive authentication requests delegated from the Spanish node when a non-Spanish citizen tries to authenticate to a Spanish Service Provider. Each of the foreign eIDAS nodes uses a custom mechanism to connect to the foreign IdPs and APs. On the other hand, foreign eIDAS nodes delegate authentication requests to the Spanish eIDAS node when a Spanish citizen tries to authenticate to a foreign Service Provider. • IdP Proxy and AP Connector. We have implemented and deployed an IdP Proxy compliant with the eIDAS specification and SAML 2.0. The IdP Proxy intercepts authentication requests sent from the Spanish eIDAS node to the Spanish IdP for checking the requested attributes. When the IdP authenticates a user and responses to the eIDAS node, the IdP proxy intercepts again the flow for checking the attributes received and calculating the difference with the requested ones. If extra attributes are required, the AP Connector asks the user for consent, including the list of attributes to be requested. Figure 6 shows an example of the consent form shown to the users.  After the acceptance of the consent, the AP Connector sends an HTTP request to the UPM AP. In order to identify a certain student, the AP Connector includes the student hashed eID number in the HTTP requests (using SHA1). To secure the HTTP requests when interchanging personal and academic attributes between AP Connectors and APs, the secure version of this protocol (HTTPS) should be used. Some sample requests for personal and academic attributes of a student with eID number 123456789A are the following: HTTP request for getting personal attributes GET /apRest/persona.php?token=be472353ac1c55ca42df82c73bd40a8ce8420a28 Host: ap-host.upm.es HTTP request for getting academic attributes GET /apRest/academico.php?token=be472353ac1c55ca42df82c73bd40a8ce8420a28 Host: ap-host.upm.es In our deployment, the AP only accepts requests from registered AP Connectors by means of their IP address and returns a list with all the attributes available for the student. The IdP proxy receives these attributes by means of a JSON object, filters them to select the requested attributes subset and transforms them into the format required for them to be included in the SAML Response. Then, the response is sent back to the Spanish eIDAS node. The IdP Proxy is in charge of decrypting, encrypting, and signing the SAML response to meet the security requirements of the data exchange.
• UPM Attribute Provider: It is a web server providing a REST API deployed by UPM, which allows retrieving personal and academic attributes of UPM students. The current version of the UPM AP offers the following personal attributes for a specific student: FamilyName, FirstName, DateOfBirth, CountryOfBirth, PlaceOfBirth, Gender, Email, and PhoneNumber. On the other hand, the AP provides the following academic attributes for a student: Degree, CurrentDegree, HomeInstitutionAddress, HomeInstitutionCountry, HomeInstitutionIdentifier, and HomeInstitutionName. • Spanish IdP: This system authenticates Spanish citizens by means of their national electronic card (DNIe) and provides their MDS attributes. The attributes provided by the IdP have priority over the ones provided by the AP. Therefore, attributes requested by an SP and provided by the IdP will not be requested to the AP.

Academic e-Services
We have adapted the following four e-services deployed at UPM to allow students to authenticate using their eIDAS-compliant national eIDs, as well as to enhance their functionalities by making use of students' academic attributes. Table 5 summarizes the attributes used by each service. Table 5. Attributes used by services.

Attribute Registration portal ViSH Moodle WiFi Access Point
• Erasmus registration portal: The UPM Telecommunications School offers an online registration service that helps incoming students and administrative staff working in the international office in the mobility sign-up process. We have adapted this service to support the use of eIDAS-compliant eIDs in addition to the traditional email/password combination for logging in. In both cases, the registration service consists on a set of steps students must follow for filling their personal and academic data. However, in case a student selects the eID option, the personal and academic attributes provided by the eIDAS infrastructure are automatically filled in.

User Evaluation
To evaluate the infrastructure and e-services deployed in the scope of this work, we conducted a survey to gather students' opinions. We aimed to evaluate two main points: (1) whether Spanish UPM students consuming services provided by a foreign university are convinced that the use of their academic profile improves the user experience of such services, and (2) whether the incoming students notice an improvement in the UPM e-services thanks to the integration of their academic attributes in their profiles.
The requirement for accessing the services and then evaluating the proposal was to own a valid and up-to-date eID mechanism of the specific country. In the case of Spanish students, they used their electronic card (DNIe). Foreign students needed to make use of their own country's nationally issued eIDs. For instance, Italian students had to use the SPID (the Italian Public System of Digital Identity).
Before testing the services, students had to answer an initial question inquiring them about the convenience of including their academic profile provided by their national eID when accessing University e-services. Then, they were provided with instructions to consume each service, authenticate using their eID and explore how their digital identity and academic attributes were used for the enrichment of the services. After using the services, they had to answer four additional questions inquiring their opinion on each service and the application of the presented solution in other services and universities.
A total of 42 students volunteered to participate in the study. These students belonged to two different groups: (1) 21 Spanish students who have accessed a set of eIDAS-enabled services provided by the Politecnico di Torino (and also connected to the extended eIDAS infrastructure) with their academic profile provided by the UPM AP, and (2) 21 Italian students who have consumed eIDAS-enabled UPM services which exploit their academic attributes for enhancing their experience. Table 6 shows the results of the survey for both groups of students (Spanish and Italian). As explained earlier, the first question was answered before testing the services and the answers were clearly positive.
Regarding the services tested and in view of the survey results, we conclude that overall students noticed that the use of our solution for enhancing academic e-services thanks to their academic profiles improves the experience and facilitates the access. This becomes especially apparent in the case of the Erasmus registration service, in which students typically must provide a large amount of information and documents to the international office of the foreign institution. Based on the survey results, it can be concluded that thanks to this solution, students detect a simplification in the registration process.
However, in the case of the remaining university services as well as the WiFi access point, we see a difference in opinions provided by Italian and Spanish students. Several Italian students were not sure whether the integration of the eID authentication improves the ViSH and Moodle services. It is possible that in this case, they would feel more comfortable using their institutional username and password (provided when they are admitted in the university) to access the services, and that the functionalities added thanks to the integration of their academic profiles are not attractive enough to change their minds. On the other hand, we have detected that initiatives such as eduroam (education roaming) that provides free WiFi to academic staff (including students, professors and researchers) makes it unnecessary to offer alternative ways of providing wireless connections at universities like the ones proposed in this article. Nevertheless, the global opinion about the initiative was very positive and almost 100% of users would like the inclusion of this initiative in other European universities and academic services. It is also relevant to mention that the small number of users that responded negatively to the initiative prior to performing the test, changed their mind afterwards.
The strict requirements for using the eIDAS infrastructure presently is one of the reasons that justifies the number of students that have tested the deployed pilots. As explained before, for being able to test the services, students need to have an up-to-date eID card. On the other hand, only students interested on coursing their studies in the foreign university were asked to participate in the experiment. However, the validity of the proposed extension, the connection to the attribute providers, and the convenience of including the eID authentication in services to facilitate the students experience and the administration processes have been demonstrated thanks to the performed evaluation.

Conclusions and Future Work
This article proposes an extension of the eIDAS specification to support academic attributes. Thanks to this extension, e-services offered by higher education institutions can enhance their features by allowing students' identification through their eID and by exploiting their academic profiles. Furthermore, this extension ensures the veracity of the academic information and saves time in scenarios in which students must provide big amounts of data and documents (e.g., Erasmus students registration processes).
In addition to the definition of new attributes to be included in the eIDAS specification, this work presents an architecture that allows the connection of the eIDAS infrastructure to attribute providers of authorized institutions. Thanks to this architecture, citizens' eIDAS profiles can be dynamically extended to include attributes provided by third-party institutions of different sectors.
We have included the proposed extension in the Spanish eIDAS infrastructure, which is connected to the eIDAS nodes of other Member States that also support this extension. Moreover, we have deployed an instance of the proposed architecture to connect the eIDAS infrastructure to attribute providers, specifically, to an academic attribute provider of UPM. Finally, we have implemented new features in a set of UPM institutional services, to exploit the use of students' academic profiles to facilitate their use and enhance their features.
We have collected the opinions of a total of 42 Italian and Spanish students who have tested the services deployed by means of a survey. The feedback received was very positive, with more than 95% of the students in favor of including this initiative in the academic services of other European universities.
Once the proposal has been validated, it is important to take into account its limitations. The current status of the eIDAS regulation implies the coordination between all the member states to introduce changes and updates into the reference. Presently, there is not a common approach for managing the inclusion of extra attributes in the eIDAS profile of citizens. As explained before, several projects are being financed for proposing different solutions and the CEF Telecom is discussing the pros and cons of each of them to provide an agreed directive. However, until then, any improvement that implies a modification in the source code of the nodes is not going to be deployed my member states.
Regarding future works, being the proposed solution extensible to other areas, it opens the way to entirely new possibilities for public institutions and private companies to create more robust, secure, and easy-to-use services, not only in the academic sector but also in many others, such as e-health or smart cities. Further research is needed to identify domain-specific attributes that allow adapting the eIDAS specification to meet the requirements of different sectors and to evaluate the convenience of including them in the e-services offered to citizens.
Furthermore, it would be advisable to standardize the way in which attribute providers are connected to eIDAS nodes so as to have a common European framework for all Member States and fields of application. Using attribute mapping services like the one proposed in [48] could definitively facilitate this task. Finally, regarding security, our proposal permits the privacy preservation of the citizens' academic attributes thanks to the encrypted connections and the control they could exercise over them. However, other generic security aspects about the integration of the attribute providers into the eIDAS infrastructure should be analyzed in the future [49,50].