STORK 2.0: Breaking New Grounds on eID and Mandates - A-SIT
Transcription
STORK 2.0: Breaking New Grounds on eID and Mandates - A-SIT
STORK 2.0: Breaking New Grounds on eID and Mandates EuroID, Frankfurt, November 18th, 2014 Herbert.Leitold@a-sit.at Stork 2.0 is an EU co-funded project INFSO-ICT-PSP-297263 Presentation Outlook • • • • About eID and what’s missing STORK Overview STORK 2.0 and Mandates How it works Stork 2.0 is an EU co-funded project INFSO-ICT-PSP-297263 2 Government eID projects … Early birds started late 1990’s early 2000 Finish eID card: December 1999 Estonian eID card: from January 2002 Austrian citizen card: from 2003, mass-rollouts 2005 Italian CIE / CNS: test phase 2003 (CIE) Belgian eID card: from 2nd half 2003 Stork 2.0 is an EU co-funded project INFSO-ICT-PSP-297263 3 Government eID projects … Early birds started late 1990’s early 2000 Finish eID card: December 1999 Estonian eID card: from January 2002 Austrian citizen card: from 2003, mass-rollouts 2005 Italian CIE / CNS: test phase 2003 (CIE) Belgian eID card: from 2nd half 2003 Stork 2.0 is an EU co-funded project INFSO-ICT-PSP-297263 4 Government eID projects … Early birds started late 1990’s early 2000 Finish eID card: December 1999 Estonian eID card: from January 2002 Austrian citizen card: from 2003, mass-rollouts 2005 Italian CIE / CNS: test phase 2003 (CIE) Belgian eID card: from 2nd half 2003 Stork 2.0 is an EU co-funded project INFSO-ICT-PSP-297263 5 Government eID projects … Early birds started late 1990’s early 2000 Finish eID card: December 1999 Estonian eID card: from January 2002 Austrian citizen card: from 2003, mass-rollouts 2005 Italian CIE / CNS: test phase 2003 (CIE) Belgian eID card: from 2nd half 2003 Stork 2.0 is an EU co-funded project INFSO-ICT-PSP-297263 6 Legal entity eID • IDABC Study on eID Interoperability for PEGS, surveyed also mandates / representation: „Mandate management … was still altogether rare.“ [October 2009] „… 22 countries out of 32 (69%) have no form of mandate / authorisation management, other than the allocation of certificates or credentials to the representatives of a specific legal entity.“ „8 countries out of 32 (25%) have implemented an ad hoc form […] covering specific applications or service types; only two countries have […] which can be characterised as systematic: • Austria (operational, also for STORK mobile eID) • Belgium (busy to set up the solution) Electr. Mandates Approaches (some) • Signed unstructured text e-Transposition of paper mandate / register excerpt • Registration of representative’s eID Application-specific registration; revocation? • Attribute certificates Automatic processing for standard types Scalability with dynamics / complex mandates • Structured mandates (XML) Automatic processing Simple and complex representation Chained mandates Presentation Outlook • • • • About eID and what’s missing STORK Overview STORK 2.0 and Mandates How it works Stork 2.0 is an EU co-funded project INFSO-ICT-PSP-297263 9 EC’s ICT Policy Support Programme • Large Scale Pilots to support key policy areas – Focus on cross-border aspects – Pilots A: Driven by Member States • STORK has been the LSP on eID interoperability Stork 2.0 is an EU co-funded project INFSO-ICT-PSP-297263 10 Any need of cross-border citizen services? Source: EC Study on Analysis of the Needs for Cross-Border Services … (2013) Stork 2.0 is an EU co-funded project INFSO-ICT-PSP-297263 11 Any need of cross-border business services? Source: EC Study on Analysis of the Needs for Cross-Border Services … (2013) Stork 2.0 is an EU co-funded project INFSO-ICT-PSP-297263 12 High-level Overview • STORK: A common framework for cross-border federation of electronic identity – In online-processes – Between 18 EU/EEA Member States • Operated with 100+ token types – Respecting national infrastructure – Allowing different deployment models • Centralized (aka “PEPS”) • Decentralized (aka “middleware”) • Combined – Pilot in real-world environment • We did that from 2008 until Dec. 2011 – and will continue to do so in STORK 2.0 Stork 2.0 is an EU co-funded project INFSO-ICT-PSP-297263 Architecture Overview PEPS PEPS Cross-border eID Federation Decouples MS-specific eID through a common protocol (SAML 2.0 profile) V-IDP PEPS V-IDP Stork 2.0 is an EU co-funded project INFSO-ICT-PSP-297263 14 Overall principle STORK does not change the MS eID, but builds interoperability on top of it (eID federation) Stork 2.0 is an EU co-funded project INFSO-ICT-PSP-297263 15 Integration model “PEPS country” Service providers MS-specific connector MS-specific connector PEPS V-IDP STORK Layer (centralized) middleware PEPS Foreign eID Integration model “MW country” Service providers STORK Layer (decentralized) MS-specific connector V-IDP MS-specific connector V-IDP middleware Foreign eID PEPS Policy Input • Legal basis now provided by eIDAS … Stork 2.0 is an EU co-funded project INFSO-ICT-PSP-297263 18 Presentation Outlook • • • • About eID and what’s missing STORK Overview STORK 2.0 and Mandates How it works Stork 2.0 is an EU co-funded project INFSO-ICT-PSP-297263 19 New function: Attribute provision • Legal person identification – “Authentication” => “Authentication on behalf” – Derives mandates from authoritative source • E.g. query Business Registers for legal representatives – Assigns attribute quality assurance (AQAA) • Domain-specific attributes – e.g. in eHealth to identify health care providers – e.g. in eAcademia “isStudent”, “hasDegree”, … Stork 2.0 is an EU co-funded project INFSO-ICT-PSP-297263 20 A closer look at how STORK 2.0 works Austria STORK 2.0 infrastructure V-IDP MW Business & Mandates Registers ID Providers 4 PEPS 3 End-User Browser Italy Min. Health 1 eGov Portal 6 2 1. Request to access eGov Portal, impresa.gov 5 2. End-user asked the MS for eID authentication 3. IDP authenticates with national mechanism Min. Environ. 4. End-user indicates the represented company and STORK 2.0 retrieves the credentials 5. Access to portal granted ! 6. Access to Ministry services granted ! www.infocamere.it www.registroimprese.it 21 The STORK 2.0 Pilots Stork 2.0 is an EU co-funded project INFSO-ICT-PSP-297263 22 Presentation Outlook • • • • About eID and what’s missing STORK Overview STORK 2.0 and Mandates How it works Stork 2.0 is an EU co-funded project INFSO-ICT-PSP-297263 23 Demo – Mario Rossi goes to Austria www.infocamere.it www.registroimprese.it 24 Demo – Mario Rossi goes to Austria www.infocamere.it www.registroimprese.it 25 Demo – Mario Rossi goes to Austria 02313821007 www.infocamere.it www.registroimprese.it 26 Demo – Mario Rossi goes to Austria www.infocamere.it www.registroimprese.it 27 Conclusions • STORK demonstrated cross-border federation of national eID – Focused on natural person eID • Provided valuable technical basis for the eIDAS Regulation • STORK 2.0 continues with representation – Natural person representing a legal person – Natural person representing another natural pers. Stork 2.0 is an EU co-funded project INFSO-ICT-PSP-297263 28 Thank you for your attention! www.eid-stork2.eu Stork 2.0 is an EU co-funded project INFSO-ICT-PSP-297263