Like passports, intended for use in public (G2C) and private (B2B, B2C) domain. Though expected to be used mostly in private domain (by some of us)

Size: px

Start display at page:

Download "Like passports, intended for use in public (G2C) and private (B2B, B2C) domain. Though expected to be used mostly in private domain (by some of us)"

Harry Young
8 years ago
Views:

1 on it s way forward Workshop Belgian eid Katholieke Universiteit Leuven September 16, 2009 TopForce B.V., Rotterdam Elisabeth de Leeuw, September

2 Objectives of the to be 1 Like passports, intended for use in public (G2C) and private (B2B, B2C) domain Though expected to be used mostly in private domain (by some of us) 1 TopForce B.V., Rotterdam Elisabeth de Leeuw, September

3 Objectives G2C (need doubted by government officials) access to personal records (health database) access to e-government electronic signature B2B, B2C (need strongly felt by the market) access to workplace and tele working physical security access to schools and hospitals access to chat boxes car and video rentals identification for financial transactions TopForce B.V., Rotterdam Elisabeth de Leeuw, September

working physical security access to schools and hospitals access to chat boxes car and video rentals

4 Introduction postponed By decision of Staatsecretaris Bijleveld, Minister of the Interior and Kingdom Relations d.d. 9 december 2008: No short term need for High level DigID Needed only for Health Database No general need TopForce B.V., Rotterdam Elisabeth de Leeuw, September

5 Context of the to be is strongly linked to DigID Dutch Travel Documents Dutch Identity Documents TopForce B.V., Rotterdam Elisabeth de Leeuw, September

6 Context: vs DigID DigID stands for Digital IDentity Shared between cooperating governmental agencies Digital authentication of person(s) who apply for a public transaction service via internet Used in G2G, G2B, G2C TopForce B.V., Rotterdam Elisabeth de Leeuw, September

apply for a public transaction service via internet Used in G2G, G2B, G2C

7 Context: vs DigID DigID security levels 1. High qualified esignature compliant with EU legislation 2. Medium user name & password, SMS ticket /mobile phone 3. Basic user name & password : High level DigID TopForce B.V., Rotterdam Elisabeth de Leeuw, September

Medium user name & password, SMS ticket /mobile phone 3.

8 Context:(e)NIK vs Dutch Identity Documents NIK: Travel Document Limited validity NIK: Identity Document Just as passport, driving licence (To be) used in G2C, G2B, B2B, B2C TopForce B.V., Rotterdam Elisabeth de Leeuw, September

passport, driving licence (To be) used in G2C, G2B, B2B, B2C

9 Context: (e)nik = Dutch Travel Document Passport NIK TopForce B.V., Rotterdam Elisabeth de Leeuw, September

10 Context: (e)nik = Dutch Passport High security level Compliant with international travel document legislation September 2009 TopForce B.V., Rotterdam TopForce B.V., Rotterdam Elisabeth de Leeuw, September

September 2009 TopForce B.V., Rotterdam TopForce B.V., Rotterdam www.

11 Context: (e)nik = Dutch Passport Traveldocument, valid in 35 countries, mainly EC Each citizen legally entitled: Paspoortwet Artikel 16a - Iedere Nederlander die als ingezetene in de basisadministratie persoonsgegevens van een gemeente is ingeschreven, of die woonachtig is in een land waarvoor de Nederlandse identiteitskaart geldig is, heeft binnen de grenzen van deze wet bepaald, recht op verstrekking van een Nederlandse identiteitskaart, geldig voor vijf jaren TopForce B.V., Rotterdam Elisabeth de Leeuw, September

in een land waarvoor de Nederlandse identiteitskaart geldig is, heeft binnen de grenzen van deze wet bepaald, recht op verstrekking van

12 Current developments Passport ConsumentenID DigID level 2+ eherkenning TopForce B.V., Rotterdam Elisabeth de Leeuw, September

13 Current development: passport Application of biometrics Face ( ) Fingerprint ( ) Storage of biometric features in public database TopForce B.V., Rotterdam Elisabeth de Leeuw, September

2009) Storage of biometric features in public database

14 Current development: consumentenid TopForce B.V., Rotterdam Elisabeth de Leeuw, September

15 Current development: consumentenid Principles Open ID Single sign on (single authentication) Federation Low level of trust High participation Initiators ecp.nl diginotar.nl holder.nl evidos.nl TopForce B.V., Rotterdam Elisabeth de Leeuw, September

participation Initiators ecp.nl diginotar.nl holder.nl evidos.

16 Current development: DigID level 2+ DigID & SMS+ Validation of cell phone number at location of identity provider IDPa sends BSN to DigIDs DigIDs sends unique code to CPn and IDPa IDPe validates CPn in IDPa for Digid level 2+ IDPa IDPe DigIDs CPn = IDP application = IDP employee = Digid server = Cell Phone number TopForce B.V., Rotterdam Elisabeth de Leeuw, September

CPn in IDPa for Digid level 2+ IDPa IDPe DigIDs CPn = IDP application = IDP employee = Digid

17 Current development: DigID level 2+ Authentication for Health Database 1 : a. Short term: DigID level 2+ b. Long term: Sub a. DigID level 2+ DigID & SMS+ Face-to-face authentication of cell phone number used to receive SMS tickets DigID & RTDA (Remote Travel Document Authentication) Authentication by means of (e) travel documents 1 Beveiligingeisen ten aanzien van identificatie en authenticatie voor toegang zorgconsument tot het Elektronisch Patiëntendossier (EPD), b-_tcm pdf TopForce B.V., Rotterdam Elisabeth de Leeuw, September

Authentication by means of (e) travel documents 1 Beveiligingeisen ten aanzien van identificatie en authenticatie voor toegang zorgconsument tot het

18 Current development: DigID level 2+ Sub a. DigID & RTDA Authentication at website Health Database Automatic link from HDw to DigIDW Login at DigIDw level 2 (username, password, sms ticket) Read etd travel document, chip inside, issue date > , 100% proliferation > Write etd number and valid through date to DigIDw Authentication of etd by DigIDw (BSN, etd number, valid through date) DigIDw authenticates for DigID level 3 etd = electronic Travel Document HDw = Health Database Web Application DigIDw = DigID Web Application TopForce B.V., Rotterdam Elisabeth de Leeuw, September

travel document, chip inside, issue date > 26.08.

19 Current development: eherkenning Primary goal: e-government G2B access to public e-services electronic signature, non-repudiation Primary requirements: based on Bedrijvenregister (authentieke registratie) compatible with infrastructures abroad TopForce B.V., Rotterdam Elisabeth de Leeuw, September

Bedrijvenregister (authentieke registratie) compatible with infrastructures

20 Current development: eherkenning Functions Authentication of a natural person (employee, civil servant) Authentication of a legal entity (company, public organisation) Authorization of a natural person representing a legal entity (direct or by delegation) TopForce B.V., Rotterdam Elisabeth de Leeuw, September

organisation) Authorization of a natural person representing a legal entity (direct

21 Current development: eherkenning i d e n t i t y p r o v i d e r s i d e n t i t y p r o v i d e r s Authorisations Authorisations Organisations Organisations Government Services Business TopForce B.V., Rotterdam Elisabeth de Leeuw, September

22 Current development: eherkenning Functions Access / single sign on to public e-services Advanced and qualified electronic signatures in accordance with EU legislation Management of entitlements Direct entitlements Delegated entitlements Assured time stamping TopForce B.V., Rotterdam Elisabeth de Leeuw, September

23 Current development: eherkenning Public private network Multiple identity providers, multiple credentials From both public (Ministry of Finance) and private sector (banking and finance, telecom) Both new and existing Agreement on framework by the end of 2009 TopForce B.V., Rotterdam Elisabeth de Leeuw, September

24 Current development: eherkenning DigID Level G2C G2B High level 3 eherkenning Medium DigID - level 2 / 2+ eherkenning Basic DigID - level 1 eherkenning TopForce B.V., Rotterdam Elisabeth de Leeuw, September

25 Current development: eherkenning Framework: public private cooperation, mutual consultation Public domain Launching customers: Antwoord voor Bedrijven (government communications), de Belastingdienst (Tax Office), Kamer van Koophandel (Chambers of Commerce) Early adopters: Kadaster (Land Register), UWV (Unemployment Benefits), MinLNV (Ministry of Agriculture), SenterNovem (Innovation) Private domain ECP- EPN Het CIO platform VNO-NCW (Employers Federation) MKB Nederland (Small and Medium Enterprises) TopForce B.V., Rotterdam Elisabeth de Leeuw, September

26 Current development: eherkenning Roles NP Natural Person PR PRivate party (companies and NGO's) PU PUblic party: government organizations offering e-services IB Identity Broker: connection between PR, PU and EB EB Entitlement Broker: management and judgment of entitlements CI Credential Issuer: issuing, management and verification of credentials R Router: routing of requests from PR via EB to CI Process sequence NP > PR > PU > IB > EB > CI > PU > PR -> NP TopForce B.V., Rotterdam Elisabeth de Leeuw, September

27 Current development: eherkenning Considerations Complex, multi (3*n) parties 1, multi solutions, distributed ownership Focus on government business case Mixed focus, on both legal entities and natural persons Authentication of natural persons Authorization legal entities (represented by natural persons) Void: national eid for *2C postponed 1 I.e. different instances of Services, Companies and Employees TopForce B.V., Rotterdam Elisabeth de Leeuw, September

28 Current development: eherkenning Considerations Secure life cycle management multiple credentials Private initiatives might weaken business case Public and private business cases not necessarily compatible (security and validity of -, entitlement to credentials) Link between physical person and credential Complex, distributed, multi party infrastructure Régie TopForce B.V., Rotterdam Elisabeth de Leeuw, September

29 Summary The principal Dutch travel document Paspoort (passport), and it's little brother Nederlandse Identiteits Kaart or NIK, exist since the 19th century. For many years, the Dutch government has been considering plans to turn the NIK into a so called, an electronic identity card, in order to facilitate G2C and B2C transactions. However, no decision has been taken yet on the introduction of the. In this presentation, Elisabeth de Leeuw will outline the position of the -to-be in the future public identity landscape. The is intended to fulfill the requirements of the Dutch Digital Identity Scheme or Digid. Yet being a travel document, the has also to comply with laws and regulations on travel documents. Differences in the business cases for travel documents and electronic identity cards are a potential cause of frictions. Meanwhile, as time passes by, the urge for electronic identities is still growing and private initiatives are on their way, which may have an impact on the role and position of the -to-be. TopForce B.V., Rotterdam Elisabeth de Leeuw, September

30 Thank you for listening! TopForce B.V., Rotterdam Elisabeth de Leeuw, September

Effective use of Digital Identities and ID cards in a Government Environment

Effective use of Digital Identities and ID cards in a Government Environment Bavo De Ridder Principal Information Security Consultant Competence Leader IAM Erik R. van Zuuren Principal Information Security