EID application guide

Allikas: eid.eesti.ee

Electronic Identity (eID) Application Guide:
where, why, how.

Eu regional small.jpg
ID-kaart

Introduction

The Application Guide provides the basic knowledge required for planning and creating applications using ID-card, mobile ID and digital ID (summarized as eID) in the following.

The guide is divided into three main parts:

  • Overview of applications and scenarios where ID card is an option worth considering. We will bring examples and present analyzes of likely gain and amount of work.
  • Technical guides and software examples for employing eID in applications, starting from fairly simple and reaching rather complex applications.
  • Technological details and useful background information about eID.

The target audience for this work is everybody related to planning, procuring and developing information systems. The end users are not a target audience of this guide: for example, we do not explain how to give a digital signature to a document using eID.

The guide has been developed in several stages by the Estonian Information System's Authority and several companies within the framework of the EU structural funds programme "Raising Public Awareness about the Information Society".

With questions regarding the contents of the guide, contact help@ria.ee, regarding eID development contact abi@id.ee, regarding the programme visit www.ria.ee/programme.

Application scenarios: where and why eID

We divide the eID application scenarios into five broad scenarios:

  • Entrance card. ID card is a sensible alternative to the conventional RFID card in situations where (a) the number of users is big and the set of users changes fairly often (b) security aspects are relatively important (c) a card is typically not used for entrance tens of times per day. ID card is used as an entrance card mostly in schools and libraries.
  • Loyalty card. Id card can be successfully used in client loyalty programmes (shops, transport, libraries etc) as a loyalty card for quick identification of the client. Ease of use for ID card is better than for widely used magnet strip client cards and the clients prefer to carry a single card for all the shops.
  • Logging in. The main use of eID is logging into a web application. Using eID is more secure and easier to administer than logging in with Google or Facebook. eID can be also used as an additional option for loggin into a conventional desktop.
  • Payments. Due to the security of ID-card it can be employed for implementing several alternative payment methods in places where decreasing the duration of the payment process or decreasing the use of cash is important, or other payment methods can not be applied. The typical schema is to authenticate the user securely at the time of offering the services or selling the goods while conducting the actual payment later or in an alternative channel.
  • Digital signatures and paperless office. Using digital signatures instead of signed agreements and confirmations on paper has the greatest potential for savings.


Technical guides and examples

In short, eID can be used for authentication or digital signatures. Considering details, eID can be used in the following ways:

  • In case there is a a real need for a specialized application, look into both command line applications and a complex PHP example. Browser JavaScript interface hwcrypto.js should be used for signing with hardware tokens. The component's API documentation along with usage sample can be found https://github.com/open-eid/hwcrypto.js/wiki/ModernAPI.
  • Authenticating in web applications: the simplest and the most widely used application. Requires both configuration and some development work. The web application reads the user data from the card in cooperation with the web server, guaranteeing at the same time, that the user has entered the correct PIN code. Relatively easy to implement: the first rough attempt takes ca one hour from the developer. Developing and actually usable system takes more time, roughly one day.
  • Securing e-mail, VPN-s and logging into the desktop: not very widely used, does not require developing a new application. In most cases it should be sufficient to configure existing systems. However, understanding the needs, requirements and configuration options is nontrivial. Expect ca week of work for these applications.
  • Command line applications for giving digital signatures, checking signatures, encryption. Use these as components for creating larger specialised applications for digital signatures. Examples are in C++ and Java.
  • a simple PHP library for digitally signing and verifying digital signatures using estonian id cards.
  • A complex PHP application: a full set of eID functions, including signatures, encryption, creating and managing forms. The example application used PHP, .NET, Javascript.

Get the source of the example applications from the Github address tammet/eid

Technological details and background

The following materials will be useful for both planning and conducting actual development work:


old version of the guide