Baltic IT&T
Articles

ICT Events

E-government

E-society

ICT Market

Communications

Archive

News   

Baltic IT&T 2011

ICT Calendar

Contacts








Hosted by:
SigmaNet



 
   
About journalSite Map
Home > News

News266

ENISAs Activities on Electronic Identity (eID) an Update

Ingo Naumann, Seconded National Expert at ENISA

Interoperability even the word is difficult to pronounce seems to be a ubiquitous problem in all areas of technology. This seems to be particularly true when it comes to applications and services relating to electronic identity.


The idea in this article originally appeared in the ENISA Quarterly Review, 3rd Quarter 2008
www.enisa.europa.eu/eq

Interoperability even the word is difficult to pronounce seems to be a ubiquitous problem in all areas of technology. This seems to be particularly true when it comes to applications and services relating to electronic identity. It starts with the definition of identity: which set of data defines your identity? Name and date of birth? These might not be enough. Name and address? These might change over the years. Serial number of your ID card? Some countries do not have one; in others unique identifiers are even prohibited by law. Then comes technology: which data structure shall we use for that (undefined) set of data? Which protocols to exchange information? What information do we actually want to exchange? Then another factor enters the equation: legislation. Which services require what kind of information? And, of course, the other way around data protection: what kind of information are we not allowed to communicate, store or process? In a nutshell, eID interoperability is complex.
How does all this relate to IT security? Security issues, as well as privacy considerations and data protection, play an important role when it comes to achieving interoperability. The process of finding common specifications very often involves the question Is this approach secure (enough)?. That is why ENISAs current Work Programme includes the following activity Supporting the faster take-up of interoperable eIDs in Europe.
Our work focuses on:
Mobile eID
Assurance levels for Electronic Authentication
The STORK project and the European eID Roadmap
Privacy features of eID cards.
The results of this work are aimed at political decision-makers and network and information security stakeholders in Europe. All deliverables will be made publicly available.

Mobile eID
ENISAs forthcoming Position Paper on Security Issues of Mobile Electronic Identity (Authentication) will summarise the contributions of an international expert group of independent researchers and industry experts from Europe, the US and Asia.
Mobile devices such as smart phones and PDAs play an increasingly important role in the digital environment. Besides their primary use, these devices offer the possibility of electronically authenticating their owner to a service. In the near future we might use our phone to buy metro tickets or open bank accounts on a regular basis. The Asian region is the forerunner in applying these technologies, with Hong Kong, Singapore and Taipei being the most mobile-penetrated territories on the planet (KPMG: Mobile payments in Asia Pacific, 2007). It is expected that there will be a growing demand for these services in Europe in the near future.
However, as is the case with many new technologies, the pervasive use of mobile devices also brings new risks to security and privacy. In the Position Paper, by looking at different use-cases such as Near Field Communication (NFC) payments and trustworthy viewing, we will identify the security risks which must be overcome. We will give an opinion about their relevance and describe mechanisms that help mitigate these risks. Used correctly, mobile devices constitute a huge opportunity when it comes to secure, sophisticated authentication mechanisms needed for future applications.

Assurance levels for electronic authentication
One of the concepts of eID interoperability is the idea of Authentication Assurance Levels. A report conducted by the IDABC (Interoperable Delivery of European eGovernment Services to public Administrations, Businesses and Citizens), an initiative launched in 2004 by the European Commission, defines four authentication levels (eID Interoperability for PEGS http://ec.europa.eu/idabc/en/document/6484/5644). The aim of ENISAs work is to map these authentication levels to a machine readable format using the OASIS Security Assertion Markup Language (SAML) v2.0 standard. A gap analysis will provide documented technical information and guidance on how to implement the IDABC authentication levels in eGovernment applications using SAML context classes.

Revisiting the European eID roadmap where are we now?
ENISA will conduct a study analysing the current state of affairs in relation to policy and implementation issues for electronic identity in Europe. The idea is to revisit the Roadmap for a pan-European eIDM Framework by 2010 which was drafted by the European Commission in 2006 in the light of developments over the last two years. Since then, a range of activities at European and national levels have been undertaken in order to support the enhancement of pan-European eID interoperability. One of the initiatives is the STORK project (www.eid-stork.eu/), funded by the ICT Policy Support Programme (ICT PSP) under the Competitiveness and Innovation Programme (CIP). The STORK consortium, which consists of 29 members including 14 European government institutions, aims to implement real-world cross-border applications in order to enhance European eID interoperability.
The study will evaluate whether the milestones of the roadmap have been achieved and reassess major risks and objectives; it will identify noteworthy obstacles, give an independent opinion concerning the need of eID interoperability for a successful implementation of the services directive (Directive 2006/123/EC on Services in the Internal Market and Handbook on Implementation of the Services Directive http://ec.europa.eu/internal_market/services/docs/services-dir/guides/handbook_en.pdf) and conclude with recommendations for changes in European strategy.

Privacy features in European eID card specifications
There is a clear tendency by governments all over the world to engage in the introduction of national electronic ID Cards. Some EU governments, amongst them those of Austria, Belgium, Estonia, Finland, Italy, the Netherlands, Spain and Sweden, are already issuing electronic ID cards to their citizens. Others, including Germany, France and the UK, are currently drafting technical specifications for their future ID card schemes. Electronic ID cards, as well as electronic health cards or chip and signature cards, contain sensitive information and might therefore infringe the holders privacy. The forthcoming ENISA Position Paper will explore privacy-enhancing technologies (Privacy Features) which can be found in existing technical specifications and European standards. It will also list different types of privacy features, explain them and provide an overview of existing European eID specifications.
The results of these activities will be available at the end of 2008 on ENISAs website (www.enisa.europa.eu).

Ingo Naumann, Seconded National Expert, ENISA


My comment:
Name: 
E-mail: 
366: 
Web site owners do not carry responsibility for materials submitted by commentators and reserve rights to delete ones violating legal regulations and breaching of the decencies. Thank you for understanding!

eBaltics
29.03.2024


Top news
Instantly online - 17 golden rules to combat online risks and for safer surfing mobile social networks [3]
Experts Warn of ICT Labour Shortage and Loss of Competitive Edge in Europe by 2015
Lithuanian organisations has been active to participate in CIP ICT PSP third call

Question for readers
How secure you evaluate your information and data?
Highly secure
  6%
Quite secure, but some security improvements are needed
  1%
Security is insufficient
  0%
No security at all
  93%