Upload
others
View
6
Download
0
Embed Size (px)
Citation preview
e-ID and Mobile IDA Dutch Perspective
Salah BohoudiEnterprise Security Architect, Europol
15 June 2016
2
Agenda
• Introduction
• Business context
• EU policy context
• eID in the Netherlands
• Closing Remarks
3
Mission of Europol
“Europol’s competence shall cover organised crime, terrorism and other forms of serious crimeaffecting two or more Member States in such way as to require a common approach by the
Member States owing to the scale, significance and consequences of the offences.”
4
Europol’s competences
5
Europol National Units (ENU)Europol Liaison Bureaux (LB)
6
Europol Strategic Objectives
- EU centre for law enforcement expertise
- EU criminal information hub
- EU support centre for law enforcement operation
Identity and Access Management solutions are key strategic business enabler
7
Agenda
• Introduction
• Business context
• EU policy context
• eID in the Netherlands
• Closing Remarks
Policy Context
• Limitations current eID solutions• Dutch policy ambitions for full electronic
service delivery in 2017• National Cyber Security Strategy (NCSS I)• Clear and ambitious government objectives
for state of the art e-ID/Mobile-ID systems• Boosting economy, fostering innovation,
creating jobs and saving costs
NetherlandseGovernment state of play 2015
9
10
Agenda
• Introduction
• Business context
• EU Policy context
• eID in the Netherlands
• Closing Remarks
EU Policy Context
• Actions 8 and 83 of the Digital Agenda propose a revision of the eSignature Directive with a view to provide a legal framework for cross-borderrecognition and interoperability of secure eAuthentication systems.
• European Action Plan 2011-2015 on eGOV in action 37 declares that Member States should apply and rollout the eID solutions, based on the results of STORK and other eID-related projects.
• eIDAS regulation objective: Strengthen EU Single Market by boosting Trust and convenience in secure and seamless cross-border electronic transactions
11
eIDAS
Main objectives
6
Source: European Commission
Other initiatives
• FIDO: It defines an open, scalable and interoperable set of mechanisms with the aim of reducing the use of passwords for the authentication of users
• GSMA Mobile Connect: online identity solution from Mobile Network Operators and defined by GSMA
• Trusted Identities in Cyberspace (USA) may create a set of industry standards
• ICAO 9303 for travel documents (worldwide)• e-Driving License: ISO/IEC JTC 1 SC17 WG10
focuses on a mobile driving license
14
15
Agenda
• Introduction
• Business context
• EU Policy drivers
• eID in the Netherlands
• Closing Remarks
Dutch new e-ID system
• Replaced outdated e-ID systems• Standardize eID means/scheme for citizens (DigiD)
and businesses (eRecognition) • Foster public-private partnerships• Enable citizens to authenticate with a high
assurance and reliable eID• Enable user consent and right to choose the
authentication means• Cover all user cases
Use cases
Citizen-to-Government
Tax Collection
Social Welfare Program Access
Population Registrar
Enterprise-to-Government
Part of government
strategy
From business start-up, running,
taxation to termination
eHealth
Patient Record Tracking
Patient Information
Sharing
Patient Declaration
Insurance
Finance
Electronic banking
Commercial
Support all online
transactions with enterprises
17
Dutch “eID stelsel”
The Netherlands is unique in the way it is handling eID’s:
• Modern and flexible legislative instruments
• Customer choice and public-privatepartnership
• Government managesthe links in the “chain and leaves”
• Private sector to drive the leaves
• Foster innovation
Dutch eID landscape
• Root identity• Dutch Municipal
Personal Records Database.
BSN
• eGoverment• Municipalities, tax
and customs administration, police, pension funds and health insurers.
DigiD
• Authentication service for companies
• Trust framework and certified providers
eHerkenning
• New eID system/ stelsel
• DigiD+eHerkenning• eIDAS compliant• Pilot mode
Idensys
• Online payment through your bank
• Banking Agreements
• Most popular payment method
iDEAL
• Bank ID• oversight of Central
bank• Digital transaction
management • Pilot ongoing
iDIN
The year of e-ID
Comparison
Idensys IDINOrganisation Public-private PrivateDomain BSN domain
Non BSN domainNon BSN domain
(limited BSN domain support)
Identifier BSN or pseudonym Bankidentification-codeAssurance level Stork 2,2+, 3, 4 Stork 2, 3ID means Public ID cards
Private means(existing) banking
authentication meansCross border support EiDAS compliantFunctions Authentication
Attribute managementTimestampingE-signature
Authentication
Scope Citizens, enterprises Citizens
21
Closing remarks
• eID solutions must limit the footprint of the user on the Internet.
• Privacy Impact Assessment and privacy by design is a key requirement. Still some work to do on idensys and IDIN
• Technology neutrality is a principle that enables innovation and avoids monopolistic market situations.
• The “Root of Digital Identity” is and will be provided by Member States and the eIDAS, and “Know Your Customer”
• Low assurance “virtual ID” will emerge for online services• Chain of eID for different purposes, one core National eID for
high assurance transactions