Presentation is loading. Please wait.

Presentation is loading. Please wait.

The German eID and eIDAS

Published byAlexandrina Garrett Modified over 8 years ago

Similar presentations

Presentation on theme: "The German eID and eIDAS"— Presentation transcript:

1 The German eID and eIDAS
Jens Bender Federal Office for Information Security

2 Electronic Identification @ eIDAS
Notification of (existing) national eID schemes No „EU-eID“, but mutual recognition of national eIDs Notification is not mandatory Recognition of notified eIDs is mandatory eID schemes are only affected if notified eServices are always affected → „Interoperability“ instead of „harmonisation“

3 The German eID Governmental ID Card
Integrated (contactless) chip since 2010 ~ 40 Mill. issued Electronic functions Travel similar to ePassport Identification/authentication Qualified Signature

4 Can the service provider prove its identity?
The German eID Citizen: Can the service provider prove its identity? Citizen uses eID to prove identity Service Provider: Is the citizen able to prove his/her identity? Service provider proves identity using its access certifcate Both, the citizen and the service provider, have reliable proof of the identity of the other party

5 Background Infrastructure
The German eID Based on secure channel citizen ↔ SP As opposed to “document oriented” signatures Only valid in the moment of authentication Offline capable Citizen Web Browser eID-Client Service Provider Web Site Background Infrastructure Card Reader eID-Server

6 Background Infrastructure
The German eID No traditional “ID-Provider” No central IT security hot spot No central entitiy which could track citizens → privacy No Service Level Agreements necessary Citizen Web Browser eID-Client Service Provider Web Site Background Infrastructure Card Reader eID-Server

7 European Interoperability
Many different eID schemes Smartcard based, TAN based, server based, … Based on signature or secure channel or … Operated by government or private sector (or both) Interop. framework must deal with all of them

8 Proxy based eID scheme provides central “Proxy” all SPs can connect to
Well suited for eID schemes already having a central entity Pro SPs needs to implement only a single interface Con No end-to-end relationship between citizen and SP Which law to use? Who is the data controller? The proxy knows everything → Tracking Single Point of Failure → Availability?

9 Pure Middleware based eID scheme provides middleware to SPs Pro Con
Well suited for eID schemes having no central entity Pro End-to-end relationship (allows mutual auth.) No central component Con Service provider needs to deploy middleware

10 “Hybrid” Middleware based eID Central deployment at receiving MS
No central component in eID scheme necessary Central deployment at receiving MS As single interface towards Service Provider SP does not need to know if the citizen uses a MW or Proxy based scheme

11 Interoperability Framework
Defines common interface for Proxy and Middleware Notifying MS decides on Proxy- or Middleware based notification Receiving MS decides on centralized/decentralized deployment Also “semi decentralized”, e.g. one Connector per sector, is possible Criteria Does a central entity already exists What fits into security/data protection “philosophy” Scalability National eID scheme Proxy eIDAS Connector Service Provider(s) MW 1 National eID scheme MW 2

12 German eID is middleware based
DE & eIDAS : eID scheme German eID is middleware based Fits into the framework Middleware to be provided to other MSs under development/testing eIDAS only deals with “unique identification” No pseudonymous identification, age verification, … No authentication of SP → only part of the German eID scheme is covered

13 DE & eIDAS : Service Providers
Decentralized deployment for Service Providers SPs already operate “eID-Server” for German eID To be extended by Connector to eIDAS Interoperability Framework Less data available via eIDAS than from German eID Not all MSs deliver name at birth, place of birth expected by eGov Many processes require address not available from all MSs Service Provider need to understand concept of LoA → Adaption of business processes necessary!

14 Current Status / Way forward
Implementing Act for Interoperability Framework published in Official Journal Technical Specifications Drafted by Technical Subgroup of the Expert Group Opinion of the Cooperation Network and adoption Testing and Integration Sample Implementation by DIGIT under CEF Pilots … Support for MSs for (technical) integration via CEF calls Which Member State will notify first?

15 Long-term Hypothesis Currently: many different national eID schemes
Every MS does his own thing „Enforced“ interoperability via eIDAS regulation → Hypothesis: Convergence of eID schemes will happen Due to economic, not regulatory, pressure Common standard(s) Common data model(s) and „direct“ interoperability Cost and time-to-market reduction for industry and MS

16 ! – ?

Download ppt "The German eID and eIDAS"

Similar presentations

1 Proposal for a Regulation on Electronic identification and trust services for electronic transactions in the internal market (COM(2012 238 final) {SWD(2012)

1 Proposal for a Regulation on Electronic identification and trust services for electronic transactions in the internal market (COM( final) {SWD(2012)
Steps towards E-Government in Syria

Steps towards E-Government in Syria
Siemens IT Solutions and Services - 2007 Porvoo 12 – Grosseto, October 2007 Update on EU Common Specifications.

Siemens IT Solutions and Services Porvoo 12 – Grosseto, October 2007 Update on EU Common Specifications.
Digital Identity Group May 2012. GIXEL  GIXEL is the professional association of electronic component and system industries in France. It brings together.

Digital Identity Group May GIXEL  GIXEL is the professional association of electronic component and system industries in France. It brings together.
CEF Building Blocks Joao RODRIGUES FRADE

CEF Building Blocks Joao RODRIGUES FRADE
ETen E-Poll ID – Strasbourg COE meeting 23-24 November, 2006 Slide 1 E-TEN 29332 E-POLL Project Electronic Polling System for Remote Operation Strasbourg.

ETen E-Poll ID – Strasbourg COE meeting November, 2006 Slide 1 E-TEN E-POLL Project Electronic Polling System for Remote Operation Strasbourg.
TDL Meeting 7-8 April 2014 //Vienna Sprint Proposal The key of a legal on line signature The key of a legal on line signature: The inseparable link between.

TDL Meeting 7-8 April 2014 //Vienna Sprint Proposal The key of a legal on line signature The key of a legal on line signature: The inseparable link between.
Setting Processes for Electronic Signature 1 The ”W-SPES Project” and the “Leuven Report on the Electronic Signatures Directive” – Putting the Project.

Setting Processes for Electronic Signature 1 The ”W-SPES Project” and the “Leuven Report on the Electronic Signatures Directive” – Putting the Project.
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
European Electronic Identity Practices Country Update of …………… Speaker: Date:

European Electronic Identity Practices Country Update of …………… Speaker: Date:
EForms and Service Delivery through State Portal & SSDG Kavita Bhatia.

EForms and Service Delivery through State Portal & SSDG Kavita Bhatia.
Respecting Privacy in Global Networks/ Guernsey, Wednesday 11 th April,2007 1 Paula Ortiz López Spanish Data Protection Agency.

Respecting Privacy in Global Networks/ Guernsey, Wednesday 11 th April, Paula Ortiz López Spanish Data Protection Agency.
Page 1 Issues in and perspectives on electronic authentication of health professionals Pascal POITEVIN Marketing and Communication manager GIP-CPS e-Health.

Page 1 Issues in and perspectives on electronic authentication of health professionals Pascal POITEVIN Marketing and Communication manager GIP-CPS e-Health.
1 ARPA A regional infrastructure for secure role-based access to RTRT services Ing. Laura Castellani Tuscany Region.

1 ARPA A regional infrastructure for secure role-based access to RTRT services Ing. Laura Castellani Tuscany Region.
2-Jun-15 1 ACCESSING ON LINE SERVICES PROTECTED BY THE ITALIAN EID GIOVANNI MANCA National Center for Information technology in Public Administration (CNIPA)

2-Jun-15 1 ACCESSING ON LINE SERVICES PROTECTED BY THE ITALIAN EID GIOVANNI MANCA National Center for Information technology in Public Administration (CNIPA)
E-region Gabrovo Document interchange between regional administration, municipalities within the region and de-concentrated state administrations for administrative.

E-region Gabrovo Document interchange between regional administration, municipalities within the region and de-concentrated state administrations for administrative.
Federal Information Processing Standard (FIPS) 201, Personal Identity Verification for Federal Employees and Contractors Tim Polk May.

Federal Information Processing Standard (FIPS) 201, Personal Identity Verification for Federal Employees and Contractors Tim Polk May.
Designing and Implementing Secure ID Management Systems: BELGIUM’s Experience Washington - September 27 th, 2010 Frank LEYMAN © fedict 2010. All rights.

Designing and Implementing Secure ID Management Systems: BELGIUM’s Experience Washington - September 27 th, 2010 Frank LEYMAN © fedict All rights.
Infrastructure for Electronic Government, An Overview

Infrastructure for Electronic Government, An Overview
E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean

E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean

Similar presentations

Ads by Google