The Dutch eNIK on Its Way Forward

8/14/2019 The Dutch eNIK on Its Way Forward

1/31

The Dutch eNIKon its way forward

Workshop Belgian eID

Katholieke Universiteit Leuven

September 16, 2009

TopForce B.V., Rotterdam www.topforce.com Elisabeth de Leeuw, September 2009 1


2/31

Objectives of the eNIK to be 1

Like passports, intended for use in public (G2C) and private (B2B, B2C)domain

Though expected to be used mostly in private domain (by some of us)

1http://digitaalbestuur.nl/nieuws/vooral-privaat-gebruik-enik-als-hij-er-komt

The DutcheNIK



3/31

Objectives

G2C (need doubted by government officials)

access to personal records (health database)

access to e-government

electronic signature

B2B, B2C (need strongly felt by the market)

access to workplace and tele working

physical security

access to schools and hospitals

access to chat boxes

car and video rentals

identification for financial transactions

The DutcheNIK



4/31

Introduction postponed

By decision of Staatsecretaris Bijleveld, Minister of the Interior andKingdom Relations d.d. 9 december 2008:

No short term need for High level DigID (read: eNIK)

Needed only for Health Database

No general need

The DutcheNIK



5/31

Context of the eNIK to be

eNIK is strongly linked to

DigID

Dutch Travel Documents

Dutch Identity Documents

The DutcheNIK



6/31

Context: eNIK vs DigID

DigID stands for Digital IDentity

Shared between cooperating governmental agencies

Digital authentication of person(s) who apply for a publictransaction service via internet

Used in G2G, G2B, G2C

The DutcheNIK



7/31


DigID security levels

1. High qualified eSignature compliant with EU legislation

2. Medium user name & password, SMS ticket /mobile phone

3. Basic user name & password

eNIK : High level DigID

The DutcheNIK



8/31

DigIDLevel

G2C

High eNIK level 3

Medium DigID - level 2 / 2+

Basic DigID - level 1 The DutcheNIK




9/31

NIK: Travel Document

Limited validity

NIK: Identity Document

Just as passport, driving licence (To be) used in G2C, G2B, B2B, B2C

The DutcheNIK


Context:(e)NIK vs Dutch ID Documents


10/31

Context: (e)NIK ~ Dutch Travel Document

Passport

NIK

The DutcheNIK



11/31

Context: (e)NIK ~ Dutch Passport

High security level

Compliant with

international traveldocument legislation

September 2009 TopForce B.V., Rotterdam

The DutcheNIK



12/31

Context: (e)NIK ~ Dutch Passport

Traveldocument, valid in 35 countries, mainly EC

Each citizen legally entitled:

Paspoortwet Artikel 16a - Iedere Nederlander die als ingezetene inde basisadministratie persoonsgegevens van een gemeente isingeschreven, of die woonachtig is in een land waarvoor deNederlandse identiteitskaart geldig is, heeft binnen de grenzen vandeze wet bepaald, recht op verstrekking van eenNederlandseidentiteitskaart, geldig voor vijf jaren

The DutcheNIK



13/31

Current developments

Passport

ConsumentenID

DigID level 2+

eHerkenning

The DutcheNIK



14/31

Current development: passport

Application of biometrics

Face (26.08.2006)

Fingerprint (21.09.2009)

Storage of biometric features in public database

The DutcheNIK



15/31

Current development: consumentenID

The DutcheNIK



16/31

Principles Open ID

Single sign on (single authentication)

Federation

Low level of trust High participation

Initiators

ecp.nl

diginotar.nl

holder.nl

evidos.nl

The DutcheNIK


Current development: consumentenID


17/31

Current development: DigID level 2+

DigID & SMS+Validation of cell phone number at location of identity provider

IDPa sends BSN to DigIDs

DigIDs sends unique code to CPn and IDPa IDPe validates CPn in IDPa for Digid level 2+

IDPa = IDP applicationIDPe = IDP employee

DigIDs = Digid server

CPn = Cell Phone number

The DutcheNIK



18/31

Authentication for Health Database1:a. Short term: DigID level 2+

b. Long term: eNIK

Sub a. DigID level 2+ DigID & SMS+

Face-to-face authentication of cell phone number used to receive SMS tickets

DigID & RTDA (Remote Travel Document Authentication)

Authentication by means of (e) travel documents

1 Beveiligingeisen ten aanzien van identificatie en authenticatie voor toegangzorgconsument tot het Elektronisch Patintendossier (EPD),http://www.minvws.nl/includes/dl/openbestand.asp?File=/images/meva-2899251b-_tcm19-176979.pdf

The DutcheNIK




19/31

Sub a. DigID & RTDAAuthentication at website Health Database

Automatic link from HDw to DigIDW

Login at DigIDw level 2 (username, password, sms ticket)

Read eTD

travel document, chip inside, issue date > 26.08.2006, 100% proliferation > 26.08.2011

Write eTD number and valid through date to DigIDw

Authentication of eTD by DigIDw (BSN, eTD number, valid through date)

DigIDw authenticates for DigID level 3 The DutcheNIK


eTD = electronic Travel DocumentHDw = Health Database Web ApplicationDigIDw = DigID Web Application



20/31

Current development: eHerkenning

Primary goal: e-government G2Baccess to public e-services

electronic signature, non-repudiation

Primary requirements: based on Bedrijvenregister (authentieke registratie)

compatible with infrastructures abroad

The DutcheNIK



21/31


Functions

Authentication of a natural person (employee, civil servant)

Authentication of a legal entity (company, public organisation)

Authorization of a natural person representing a legal entity(direct or by delegation)

The DutcheNIK



22/31

The DutcheNIK


AuthorisationsAuthorisations

Government Business

Services


i d e n t i t y p r o v i d e r s i d e n t i t y p r o v i d e r s

OrganisationsOrganisations


23/31


Functions

Access / single sign on to public e-services

Advanced and qualified electronic signatures in accordance withEU legislation

Management of entitlements

Direct entitlements

Delegated entitlements

Assured time stamping

The DutcheNIK



24/31



Public private network

Multiple identity providers, multiple credentials

From both public (Ministry of Finance) and private sector

(banking and finance, telecom) Both new and existing

Agreement on frameworkby the end of 2009


25/31


DigIDLevel

G2C G2B

High eNIK level 3 eHerkenning

Medium DigID - level 2 / 2+ eHerkenning

Basic DigID - level 1 eHerkenning The DutcheNIK



26/31


Framework: public private cooperation, mutual consultation

Public domain

Launching customers: Antwoord voor Bedrijven (governmentcommunications), de Belastingdienst (Tax Office), Kamer van Koophandel

(Chambers of Commerce) Early adopters: Kadaster (Land Register), UWV (Unemployment Benefits),

MinLNV (Ministry of Agriculture), SenterNovem (Innovation)

Private domain

ECP- EPN Het CIO platform

VNO-NCW (Employers Federation)

MKB Nederland (Small and Medium Enterprises)

The DutcheNIK

TopForce B.V., Rotterdam www.topforce.com Elisabeth de Leeuw, September 2009


27/31


Roles NP Natural Person

PR PRivate party (companies and NGO's)

PU PUblic party: government organizations offering e-services

IB

Identity Broker: connection between PR, PU and EB EB Entitlement Broker: management and judgment of entitlements

CI Credential Issuer: issuing, management and verification of credentials

R Router: routing of requests from PR via EB to CI

Process sequence

NP > PR> PU > IB > EB > CI > PU > PR-> NPThe Dutch

eNIK



28/31

Considerations

Complex, multi (3*n) parties1, multi solutions, distributed ownership

Focus on government business case

Mixed focus, on both legal entitiesand natural persons

Authentication ofnaturalpersons

Authorization legalentities

(represented by natural persons)

Void: national eID (eNIK) for *2C postponed


The DutcheNIK


1 I.e. different instances of Services, Companies and Employees


29/31

Considerations

Secure life cycle management multiple credentials

Private initiatives might weaken business case

Public and private business cases not necessarily compatible (security andvalidity of -, entitlement to credentials)

Link between physical-, legal entity and credential

Complex, distributed, multi party infrastructure

Rgie


The DutcheNIK



30/31

Summary

The principal Dutch travel document Paspoort (passport), and it's little brother NederlandseIdentiteits Kaart or NIK, exist since the 19th century. For many years, the Dutch government hasbeen considering plans to turn the NIK into a so called eNIK, an electronic identity card, in orderto facilitate G2C and B2C transactions. However, no decision has been taken yet on theintroduction of the eNIK.

In this presentation, Elisabeth de Leeuw will outline the position of the eNIK-to-be in the futurepublic identity landscape. The eNIK is intended to fulfill the requirements of the Dutch DigitalIdentity Scheme or Digid. Yet being a travel document, the eNIK has also to comply with lawsand regulations on travel documents. Differences in the business cases for travel documents andelectronic identity cards are a potential cause of frictions.

Meanwhile, as time passes by, the urge for electronic identities is still

growing and private initiatives are on their way, which may have animpact on the role and position of the eNIK-to-be. The Dutch

eNIK



31/31

TopForce B V Rotterdam www topforce com Elisabeth de Leeuw September 2009 31

The Dutch eNIK

Thank you for listening!