STORK 2.0: Breaking New Grounds on eID and Mandates - A-SIT

Transcription

STORK 2.0: Breaking New Grounds on eID and Mandates - A-SIT
STORK 2.0: Breaking New Grounds on
eID and Mandates
EuroID, Frankfurt, November 18th, 2014
Herbert.Leitold@a-sit.at
Stork 2.0 is an EU co-funded project INFSO-ICT-PSP-297263
Presentation Outlook
•
•
•
•
About eID and what’s missing
STORK Overview
STORK 2.0 and Mandates
How it works
Stork 2.0 is an EU co-funded project INFSO-ICT-PSP-297263
2
Government eID projects …
Early birds started late 1990’s early 2000
 Finish eID card:
December 1999
 Estonian eID card:
from January 2002
 Austrian citizen card: from 2003, mass-rollouts 2005
 Italian CIE / CNS:
test phase 2003 (CIE)
 Belgian eID card:
from 2nd half 2003
Stork 2.0 is an EU co-funded project INFSO-ICT-PSP-297263
3
Government eID projects …
Early birds started late 1990’s early 2000
 Finish eID card:
December 1999
 Estonian eID card:
from January 2002
 Austrian citizen card: from 2003, mass-rollouts 2005
 Italian CIE / CNS:
test phase 2003 (CIE)
 Belgian eID card:
from 2nd half 2003
Stork 2.0 is an EU co-funded project INFSO-ICT-PSP-297263
4
Government eID projects …
Early birds started late 1990’s early 2000
 Finish eID card:
December 1999
 Estonian eID card:
from January 2002
 Austrian citizen card: from 2003, mass-rollouts 2005
 Italian CIE / CNS:
test phase 2003 (CIE)
 Belgian eID card:
from 2nd half 2003
Stork 2.0 is an EU co-funded project INFSO-ICT-PSP-297263
5
Government eID projects …
Early birds started late 1990’s early 2000
 Finish eID card:
December 1999
 Estonian eID card:
from January 2002
 Austrian citizen card: from 2003, mass-rollouts 2005
 Italian CIE / CNS:
test phase 2003 (CIE)
 Belgian eID card:
from 2nd half 2003
Stork 2.0 is an EU co-funded project INFSO-ICT-PSP-297263
6
Legal entity eID
• IDABC Study on eID Interoperability for PEGS,
surveyed also mandates / representation:
„Mandate management … was still altogether rare.“ [October 2009]
„… 22 countries out of 32 (69%) have no form of mandate /
authorisation management, other than the allocation of certificates or
credentials to the representatives of a specific legal entity.“
„8 countries out of 32 (25%) have implemented an ad hoc form […]
covering specific applications or service types;
only two countries have […] which can be characterised as systematic:
• Austria (operational, also for STORK mobile eID)
• Belgium (busy to set up the solution)
Electr. Mandates Approaches (some)
• Signed unstructured text
 e-Transposition of paper mandate / register excerpt
• Registration of representative’s eID
 Application-specific registration; revocation?
• Attribute certificates
 Automatic processing for standard types
 Scalability with dynamics / complex mandates
• Structured mandates (XML)
 Automatic processing
 Simple and complex representation
 Chained mandates
Presentation Outlook
•
•
•
•
About eID and what’s missing
STORK Overview
STORK 2.0 and Mandates
How it works
Stork 2.0 is an EU co-funded project INFSO-ICT-PSP-297263
9
EC’s ICT Policy Support Programme
• Large Scale Pilots to support key policy areas
– Focus on cross-border aspects
– Pilots A: Driven by Member States
• STORK has
been the LSP on eID interoperability
Stork 2.0 is an EU co-funded project INFSO-ICT-PSP-297263
10
Any need of cross-border citizen
services?
Source: EC Study on Analysis of the Needs for Cross-Border Services … (2013)
Stork 2.0 is an EU co-funded project INFSO-ICT-PSP-297263
11
Any need of cross-border business
services?
Source: EC Study on Analysis of the Needs for Cross-Border Services … (2013)
Stork 2.0 is an EU co-funded project INFSO-ICT-PSP-297263
12
High-level Overview
• STORK: A common framework for
cross-border federation of electronic identity
– In online-processes
– Between 18 EU/EEA Member States
• Operated with 100+ token types
– Respecting national infrastructure
– Allowing different deployment models
• Centralized (aka “PEPS”)
• Decentralized (aka “middleware”)
• Combined
– Pilot in real-world environment
• We did that from 2008 until Dec. 2011 –
and will continue to do so in STORK 2.0
Stork 2.0 is an EU co-funded project INFSO-ICT-PSP-297263
Architecture Overview
PEPS
PEPS
Cross-border eID Federation
Decouples MS-specific eID
through a common protocol
(SAML 2.0 profile)
V-IDP
PEPS
V-IDP
Stork 2.0 is an EU co-funded project INFSO-ICT-PSP-297263
14
Overall principle
STORK does not change the MS
eID, but builds interoperability
on top of it
(eID federation)
Stork 2.0 is an EU co-funded project INFSO-ICT-PSP-297263
15
Integration model “PEPS country”
Service providers
MS-specific
connector
MS-specific
connector
PEPS
V-IDP
STORK Layer (centralized)
middleware
PEPS
Foreign eID
Integration model “MW country”
Service providers
STORK Layer (decentralized)
MS-specific
connector
V-IDP
MS-specific
connector
V-IDP
middleware
Foreign eID
PEPS
Policy Input
• Legal basis now provided
by eIDAS …
Stork 2.0 is an EU co-funded project INFSO-ICT-PSP-297263
18
Presentation Outlook
•
•
•
•
About eID and what’s missing
STORK Overview
STORK 2.0 and Mandates
How it works
Stork 2.0 is an EU co-funded project INFSO-ICT-PSP-297263
19
New function: Attribute provision
• Legal person identification
– “Authentication” => “Authentication on behalf”
– Derives mandates from authoritative source
• E.g. query Business Registers for legal representatives
– Assigns attribute quality assurance (AQAA)
• Domain-specific attributes
– e.g. in eHealth to identify health care providers
– e.g. in eAcademia “isStudent”, “hasDegree”, …
Stork 2.0 is an EU co-funded project INFSO-ICT-PSP-297263
20
A closer look at how STORK 2.0 works
Austria
STORK 2.0
infrastructure
V-IDP
MW
Business &
Mandates
Registers
ID
Providers
4
PEPS
3
End-User
Browser
Italy
Min. Health
1
eGov Portal
6
2
1. Request to access eGov Portal, impresa.gov
5
2. End-user asked the MS for eID authentication
3. IDP authenticates with national mechanism
Min. Environ.
4. End-user indicates the represented company
and STORK 2.0 retrieves the credentials
5. Access to portal granted !
6. Access to Ministry services granted !
www.infocamere.it
www.registroimprese.it
21
The STORK 2.0 Pilots
Stork 2.0 is an EU co-funded project INFSO-ICT-PSP-297263
22
Presentation Outlook
•
•
•
•
About eID and what’s missing
STORK Overview
STORK 2.0 and Mandates
How it works
Stork 2.0 is an EU co-funded project INFSO-ICT-PSP-297263
23
Demo – Mario Rossi goes to Austria
www.infocamere.it
www.registroimprese.it
24
Demo – Mario Rossi goes to Austria
www.infocamere.it
www.registroimprese.it
25
Demo – Mario Rossi goes to Austria
02313821007
www.infocamere.it
www.registroimprese.it
26
Demo – Mario Rossi goes to Austria
www.infocamere.it
www.registroimprese.it
27
Conclusions
• STORK demonstrated cross-border federation
of national eID
– Focused on natural person eID
• Provided valuable technical basis for the
eIDAS Regulation
• STORK 2.0 continues with representation
– Natural person representing a legal person
– Natural person representing another natural pers.
Stork 2.0 is an EU co-funded project INFSO-ICT-PSP-297263
28
Thank you for your attention!
www.eid-stork2.eu
Stork 2.0 is an EU co-funded project INFSO-ICT-PSP-297263