120 likes | 233 Views
KSZ-CBSS. Towards a common European electronic identity (eID) framework. Frank Robben Crossroads Bank for Social Security Federal Public Service for ICT frank.robben@ksz.fgov.be www.law.kuleuven.be/icri/frobben. Ministerial Declaration 24/11/2005.
E N D
KSZ-CBSS Towards a common Europeanelectronic identity (eID) framework Frank Robben Crossroads Bank for Social Security Federal Public Service for ICT frank.robben@ksz.fgov.be www.law.kuleuven.be/icri/frobben
Ministerial Declaration 24/11/2005 “By 2010 European citizens and business shall be able to benefit from secure means of electronic identification that maximise user convenience while respecting data protection regulations. Such means shall be made available under the responsibility of the Member States but recognised across the EU.” MUMOK Vienna, Austria
Ministerial Declaration - Related actions • Member States will, during 2006, agree a process and roadmap for achieving the electronic identity objectives and address the national and European legal barriers to the achievement of the electronic identity objectives; work in this area is essential for public administrations to deliver personalised electronic services with no ambiguity as to the user’s identity • Member States will, over the period 2006-2010, work towards the mutual recognition of national electronic identities by testing, piloting and implementing suitable technologies and methods MUMOK Vienna, Austria
Roadmap • breaking down into key areas of work • user awareness and acceptance • validation and key applications • European interoperability (semantic/organisational/technical) • mutual recognition • eID management at national level • legal certainty • common terminology, common principles, minimal norms • real implementation depends on the existence of measurable objectives and a reporting mechanism MUMOK Vienna, Austria
User awareness and acceptance Identify user benefits, awareness, promotion formulate vision Wide awareness campaign Use Cases (eProcurement,, migrant workers) Validation and key applications Testbeds / pilots, e.g. in CIP e-procurement, health info networks CEC as ‘lead user’ eTEN, IDABC testbeds specifications European inter-operability Semantic IST R&D for federated, multi-level, secure eIDM Common eIDM Framework Federated eID Management Organisational CEN eIDM standardisation link to ECC Technical IDABC business attestations study eID management at national level IDABC e-sign studies eIDM at national level Explain role of e-sign Directive Legal certainty Authentication Model & Levels Equal Treatment of national eIDs EU provisions: Recognition of national eIDs Modinis study Common principles, minimal norms Definition of eID eID Role Management Personal Data Ownership Model eID Terminology & Objectives 2006 2007 2008 2009 2010 country inputs Network and IT security Authentication levels overview (ENISA) MUMOK Vienna, Austria
Conclusion of the panel discussion • roadmap seems to address the correct issues • need for • a common terminology conform to international standards • common high level objectives and basic principles, taking into account the specific situation of the government sector MUMOK Vienna, Austria
Conclusion of the panel discussion • need for • coordination with regard to authentication levels • acceptance of pluralism of different eID technologies • cross-fertilization with the private sector (solutions should not be limited to government) • a consistent risk management methodology MUMOK Vienna, Austria
Conclusion of the panel discussion • need for • a federated system, with interoperability and based on « loose coupling » • a model for the inheritance of trust in eID between Member States, that is transparent for the citizen • a pivotal role for the use of privacy enhancing technologies as a basis for well-founded trust MUMOK Vienna, Austria
Conclusion of the panel discussion • need for • relevance for the citizen and business customers • identifying sample PEGS by surveying citizen and business customers to see what they would find useful MUMOK Vienna, Austria
Conclusion of the panel discussion • in order to meet the common objectives, Member States should have the ability to build an eID services that correspond to their culture and legal environment, especially with regard to privacy protection • a good cooperation between authorities responsible for eID management and privacy commissions can be very useful MUMOK Vienna, Austria
Conclusion of the panel discussion • a proposal for moving personal data from multitude of large databases into secure, private, personal storage spaces owned by individuals, who can give a license for access to selected personal data items by third parties has been presented, but questions have been put about the general applicability of the proposal in the relation between individuals and the government MUMOK Vienna, Austria
KSZ-CBSS Thank you for your attention ! Frank Robben Crossroads Bank for Social Security Federal Public Service for ICT frank.robben@ksz.fgov.be www.law.kuleuven.be/icri/frobben