Extending eID authentication across Europe September 2013 Stork 2.0 is an EU co-funded project INFSO-ICT-PSP

WHAT IS E-AUTHENTICATION? Stork 2.0 is an EU co-funded project INFSO-ICT-PSP

What is eAuthentication? eAuthentication is an electronic process that allows the validation of the electronic identification of a natural or legal person. Authentication can be: Something you know Something you own Something you are Where you are Stork 2.0 is an EU co-funded project INFSO-ICT-PSP

What is eAuthentication? This combination of factors: Something you know Something you own Something provided to you generates trust among third parties. Trust PasswordID Card PKI Certificate Stork 2.0 is an EU co-funded project INFSO-ICT-PSP

EUROPEAN EID CONTEXT Stork 2.0 is an EU co-funded project INFSO-ICT-PSP

CENTRAL GOVERNMENT ONLINE SERVICES National online services today with eID LOCAL GOVERNMENT ONLINE SERVICES BUSINESS ONLINE SERVICES NON-PROFIT ORGANISATION ONLINE SERVICES CITIZEN Stork 2.0 is an EU co-funded project INFSO-ICT-PSP

All MS have their own eID infrastructure CITIZEN Stork 2.0 is an EU co-funded project INFSO-ICT-PSP

Borders will open & National online services will improve Opportunities for public and private sector CITIZEN Stork 2.0 is an EU co-funded project INFSO-ICT-PSP

EU political framework Regulation on electronic identification and trust services for electronic transactions eGovernment Action Plan ISA Work Programme Political framework addressing the need for a common, secure and interoperable eGovernment solution in Europe: Stork 2.0 is an EU co-funded project INFSO-ICT-PSP

EU support program Build, Connect, Grow: The European Commission’s ICT Policy support programme through Large Scale Pilots: Stork 2.0 is an EU co-funded project INFSO-ICT-PSP

STORK 2.0 PROJECT Stork 2.0 is an EU co-funded project INFSO-ICT-PSP

Overview 3 year project 2012 to countries involved 58 partners Stork 2.0 is an EU co-funded project INFSO-ICT-PSP

Background STORK ICT-PSP CEFeSENS STORK 2.0 ISA Sustainability Action Regulation on electronic identification and trust services for electronic transactions Stork 2.0 is an EU co-funded project INFSO-ICT-PSP

Enable interoperability of the identification of natural and legal persons and other sector identification. Explore possible ways to address a federated & trustworthy framework for cross-border eID services at European level. Build the basis for a future widespread use of eID solutions across borders, contributing to Europe’s leadership role of the eID market. Vision Facilitate digital living & mobility in the EU, envisioning eID as a Service Offering, with a strong commitment to open specifications and long-term sustainability. Stork 2.0 is an EU co-funded project INFSO-ICT-PSP

Benefits Economies of scale Greater security Standard trusted services Increased efficiency and cross-border integration Transaction costs savings Stork 2.0 is an EU co-funded project INFSO-ICT-PSP

eLEARNING and ACADEMIC QUALIFICATIONS eLearning: cross-border academic services. Academic Qualifications: use of academic information (titles, registers, qualifications) by governmental and private institutions. eBANKING Online banking services supporting national eIDs. Enable companies to open bank accounts and consult their daily procedures electronically and remotely. PUBLIC SERVICES for BUSINESSES Enable legal entities to use online public services in other Member States, with already existing procedures and applications. eHEALTH Secure online access to medical data. The patients rights to access to their personal medical data in cross-border health services. BUSINESS-ORIENTED STORK 2.0 Pilots Stork 2.0 is an EU co-funded project INFSO-ICT-PSP

Collaboration with LSPs Interaction with the other LSPs building on gained experience and lessons learned. Close liaisons foreseen with: eCODEX for legal aspects around eID for legal persons epSOS for integrating STORK 2.0 solutions for eID-based authentication with its eHealth infrastructure eSENS for an infrastructure for cross-border public services delivery in support of the Digital Single Market Stork 2.0 is an EU co-funded project INFSO-ICT-PSP

PLATFORM DEVELOPMENT Stork 2.0 is an EU co-funded project INFSO-ICT-PSP

Enhancements to STORK 1 It encompasses eID for secure electronic authentication of both legal and natural persons. It includes facilities for mandates, widely useable across the EU, providing strong data protection and secure ways of transferring attributes, all under user control. Its allows the use of STORK not only to private sector but also public sectors, in the first place banks. This increases the requirements on availability, security, and reliability. Stork 2.0 is an EU co-funded project INFSO-ICT-PSP

Platform built around the user centric approach. No data is being sent abroad unless the user allows the administration to do so. The user can give his consent in various different ways: Implicitly: By introducing his credential, he implicitly allows the data to be transferred to its destination SP. Explicitly for data types: Allows users to exclude attributes to be sent. Explicitly with data values: Eliminates data to be sent to SP. As data is signed, user may not exclude any item. User Consent Stork 2.0 is an EU co-funded project INFSO-ICT-PSP

Business Processes Authentication on behalf of: Allow access to an application with data of another legal/natural person. Powers (for digital signature) (as part of a contract, commercial proposal, etc.), and representation powers of signatory should be verified. Powers as stored by a service provider need to be updated / validated periodically. Stork 2.0 is an EU co-funded project INFSO-ICT-PSP

Representation powers Common situation in nearly all countries: General powers Sometimes limited in time and transaction value Most countries limitations in types of powers in text or image format Both in native language Stork 2.0 is an EU co-funded project INFSO-ICT-PSP Semantic limitations in some countries: E.g. ES: 2 powers tables Representation is complex and often too much focused on country specific details. We cannot expect them to be usable for cross-border standardisation

Representation powers Common desire to support powers’ constraints, ready for cross border use – Time (from, until) – Transaction value – Type of power Stork 2.0 is an EU co-funded project INFSO-ICT-PSP Implementation – Deposit this list at the “powers registration office” in each country, recommending its use – Support in common functionalities to promote it use – If accepted, list may be detailed List of types of powers – Designed to support both SMEs and large organisations – Easy mapping to their organisation

Business Processes Business Attributes Attributes proceeding from a certain business sector, often with a meaning limited to this sector, are to be retrieved from various Attribute providers Stork 2.0 is an EU co-funded project INFSO-ICT-PSP Need from pilots to interchange extended personal data (hasDegreewith diplomaSupplement, isHealthcareProfessional, etc.) As standardised as possible (for cross-border use) Multi-country attribute collection, MS specific which registers are connected and how they are accessed Business attributes are also available in first two business processes

Business Processes Business Attributes Attributes proceeding from a certain business sector, often with a meaning limited to this sector, are to be retrieved from various Attribute providers Stork 2.0 is an EU co-funded project INFSO-ICT-PSP Need from pilots to interchange extended personal data (hasDegreewith diplomaSupplement, isHealthcareProfessional, etc.) As standardised as possible (for cross-border use) Multi-country attribute collection, MS specific which registers are connected and how they are accessed Business attributes are also available in first two business processes User represents another person

Other Processes in STORK 2.0 Signatures Adoption of a common solution for creation and validation of signatures Based on existing open source software (e.g. PEPPOL) Covering standards adopted by the EC, especially PAdES and XAdES with most common versions Integration, packaging, examples, and revision of documentation Version control Control of software and configuration versions Procedure for automatic inclusion of renewed certificate Automatic inclusion of new MS Anonymity For anonymous eSurveys, eVoting, etc. Stork 2.0 is an EU co-funded project INFSO-ICT-PSP

Plans Common development and test Pilot integration and test Feb 2014 Mar 2014 Maintenance, bug fixes Packaging Pilot running and evaluation Mar 2015 Node integration and test Stork 2.0 is an EU co-funded project INFSO-ICT-PSP

E-SIGNATURE Stork 2.0 is an EU co-funded project INFSO-ICT-PSP

eSignature Authentication is not sufficient Authorisation is a step Signature may be mandatory, e.g. in Banking Based on LSP PEPPOL signature service

Signature-creation The signature-creation request allows a service provider to request the user signing a form (plain text or XML) or rich document (PDF). The signature request is issued to the SP’s adjacent STORK infrastructure component (S-PEPS or V-IDP) and gets routed to the citizen’s infrastructure component (C-PEPS or V-IDP). eSignature

Signature-verification The signature-verification request is an auxiliary service to allow a service provider (SP) to check if a signature is valid and if it conforms to the signature-quality requirement needed for the business process. The SP delegates signature-verification to its adjacent STORK infrastructure component (S-PEPS or V-IDP) which further delegates to a verification component. eSignature

SECURITY - QAA Stork 2.0 is an EU co-funded project INFSO-ICT-PSP

Attributes - QAA / AQAA As authentication levels for a given application may differ across Member States, the project defined attribute quality authentication assurance levels (AQAA) at a European scale to: Ensure interoperability between the different attribute standards that exist in Europe. Measure the quality of different attribute provider procedures. Stork 2.0 is an EU co-funded project INFSO-ICT-PSP

QAA level framework Allows for mapping national eID solutions to STORK QAA levels. Provides a means for mapping different member states levels onto each other. Similar to the “IDABC authentication levels report”. Compatible with the “Liberty Identity Assurance Framework”. STORK QAA level Description 1Minimal assurance 2Low assurance 3Substantial assurance 4High assurance Stork 2.0 is an EU co-funded project INFSO-ICT-PSP

QAA Accreditation Body STORK2.0 will analyse the need and possible mechanisms to set up a neutral accreditation body, verify compliance to the STORK QAA framework, take care of the contractual aspects regarding trusted eID interoperability. The requirements of such a body will be identified, its feasibility will be examined, and a business as well as a governance concept will be designed. Alternatives, like mutual recognition, are included in the analysis. Stork 2.0 is an EU co-funded project INFSO-ICT-PSP

SUPPORTING EU POLICIES Stork 2.0 is an EU co-funded project INFSO-ICT-PSP

At the forefront of EU Policy ECAS-STORK Integration: To enable access to European Union information systems using the user's national eID solution with minimal impact on the EU’s information systems themselves There are more than 110 Identity Providers on STORK already and strong support and commitment from MS for this to be a success. Stork 2.0 is an EU co-funded project INFSO-ICT-PSP

The EU’s ISA initiative has taken responsibility for governing and maintaining the STORK software. The ISA programme is managed by the European Commission in close cooperation with the EU Member States represented on the programme's management committee. This committee is expected to establish sub-groups of national experts to oversee and guide the implementation of the various actions while ensuring coordination and alignment with national initiatives. At the forefront of EU Policy Stork 2.0 is an EU co-funded project INFSO-ICT-PSP

HOW TO GET INVOLVED… Visit STORK 2.0 website ! Subscribe to STORK 2.0 Newsletter! Participate & “like” Stork eID Facebook page!Stork eID Facebook “Follow” us on Connect to Stork 2.0 EID LinkedIn page!Stork 2.0 EID LinkedIn Register in STORK 2.0 online groups! Contact us at Stork 2.0 is an EU co-funded project INFSO-ICT-PSP

Thank you for your attention! Stork 2.0 is an EU co-funded project INFSO-ICT-PSP