Cross-border eID

Redaktsioon seisuga 23. november 2012, kell 11:04 kasutajalt Tiitpikma (arutelu | kaastöö) (→‎General: Täpsustused)
Jump to navigation Jump to search

Cross-border eID, STORK and the European Citizen Card


  • From 1 November 2008 the Business Register's Entrepreneur Portal is open to owners of Portuguese, Finnish, Belgian and Lithuanian ID cards, enabling them to establish a company in Estonia over the Internet.[1]
  • As of 22 December 2010 usage of the DigiDoc Portal is open to citizens of the countries that participate in the STORK project.[2]

RISO's Interoperability website[3] says: The eID mechanisms of other countries are acknowledged in Estonia if the certification service provider and certificate security is on the same level as with the Estonian ID card. At present, countries can only be evaluated separately, one by one. At the evaluation of certificates of other countries, the methods described in the document Principles For Evaluating The eID Of Other Countries [in Estonian] have been used.' The certificates of the following countries have been qualified:

  • Belgium:
    • Technically the identification certificate isn't marked as qualified, but since the certification procedure is the same as with the qualified signing certificate, then these certificates can be considered of equal quality.[4]
  • Spain: (closed source code)
  • Italy: ID card architecture, =~
  • Lithuania: Comparable information not available. The Personalisation of Identity Documents Centre webpage says that the ID card conforms to the specifications of the European Citizen Card and contains personal identification and digital signing certificates. Root certificates of the ID card and CRL can be found here: Useful technical information about the certificates can also be found at Certification policies and traditions.
    • Lithuania also uses Mobile-ID with certificates issued by SK and although the issuing procedure differs from Estonia, these certificates are still qualified.[5]
  • Portugal:
  • Slovenia: general information available here, but the impression is that development of eID has stopped in 2007. (There was a brief period of activity in 2008, but it passed.) E.g. a statement like this can be found from 2008: "Proposals to introduce a new eID card, incorporating several different functions on just one card, have met with opposition in Slovenia." [6]
    • Only identification certificates are issued. Although some applications also use these for signing documents, these signatures are not in accoradance with the Estonian DSA.[7]
    • Although the certificate is "qualified", the key is not kept in a hardware token, but in a software token, meaning that these certificates should be trusted with certain reservations.[7]
  • Finland: PKCS #15 compatible. Longer description here, additional information on the Electronic Identity and Certificates webpage.
    • Technically the identification certificate isn't marked as qualified, but since the certification procedure is the same as with the qualified signing certificate, then these certificates can be considered of equal quality.[8]


STORK (Secure Identity Across Borders Linked) is a framework program for enhancing competitiveness and innovation, co-funded by the European Union. STORK aims at developing an interoperability network in the EU, whose aim is to enable identification and authentication of electronic identity (eID), which in turn will enable entrepreneurs, citizens and state officials to use the electronic identities issued by their country in all EU countries. In other words, the aim is to create a system where the certification authority (CA) of one country acts as proxy to other countries' certification authorities. Estonia is represented in the STORK program by AS Sertifitseerimiskeskus.[9] The initial STORK program was followed by STORK 2.0.

STORK also handles authentication tools with lower security levels than the ID card. Therefore, for instance in Holland state-issued password cards are used and in England authentication is also based on passwords.[10]

Within the framework of this work, one of the important documents of STORK is "Smartcard eID Comparison" [11], which presents a technical comparison of smart card based authentication tools in the STORK countries. A thorough overview of the STORK project can be found at the page "Pilot 1 Cross-border authentication for e-services". In the context of Estonia, the following STORK projects are also useful:

  • Pilot project number 1 "Cross-border authentication for e-services". This pilot project gives citizens secure access to services, using the e-identity issued by their own country and retaining control over their data.
  • Pilot project number 4 "Cross-border e-delivery". This pilot project enables the citizen of one country to use the e-delivery portal of another country and receive documents using the e-identity of their own country.
  • Pilot project number 5 "Change of address". This makes it easier to inform the agencies concerned about change of address. A foreign citizen can log in with his/her e-identity and upload an Address Declaration or request and download it.
  • Pilot project number 6 "Services of the Commission". Because STORK is integrated with the European Commission Authentication System (ECAS), citizens can use their e-identities and access several e-services of the European Commission that are meant for officials, companies and organisations.

Validity confirmation proxying

AS Sertifitseerimiskeskus offers proxy OCSP, which makes it possible to request the certificate information of other countries' ID cards. The service enables requesting validity information about e.g. Finnish, Lithuanian, Belgian, Portuguese, Luxembourgian and Icelandic certificates and the list can be expanded on request.[12]

The service is accessible to all users of the ordinary validity confirmation service and the monthly fee depends on the standard validity confirmation plan.[12]

Using this service, it is possible to allow authentication of a person using an ID card of another country in your web service: a standard SSL/TLS handshake is carried out, where getting the signature from the card is solved on the client's side, after which SK's OCSP service is used to ensure certificate validity.

Using another country's ID card for more, e.g. signing documents (if it is supported by the card at all) can be complicated, because each card supports a different interface or a different standard: therefore, a separate solution will probably have to be created for each country's ID card.

European Citizen Card

There exists a European Citizen Card (ECC) standard. The idea is to create a pan-European ID card.[13] The latest news dates back to 2009, including the announcement that Oberthur Technologies has created a first, MS Windows 7-compatible ECC. Since then, there has been no news for the wider public about EEC status, but there exists an EEC technical specification standard:

In the context of STORK, the following may also be of interest:

Also, many card manufacturers offer ECC standard compatible smart cards:

It should be noted that on 19 September 2012 the World e-ID Congress was held, where one of the topics was an overview of ECC's status. At present, the relevant webpage says that the proceedings are only available to those that participated in the conference, and for others, for a fee of 115 EUR.

External links