Cross-border eID

Allikas: eid.eesti.ee
Redaktsioon seisuga 7. detsember 2012, kell 11:44 kasutajalt Tiitpikma (arutelu | kaastöö) (→‎General: Parandused, märkus külmutamise kohta ja kontaktisik)
(erin) ←Vanem redaktsioon | Viimane redaktsiooni (erin) | Uuem redaktsioon→ (erin)
Jump to navigation Jump to search

Cross-border eID, STORK and the European Citizen Card

General

  • From 1 November 2008 the Business Register's Entrepreneur Portal is open to owners of Portuguese, Finnish, Belgian and Lithuanian ID cards, enabling them to establish a company in Estonia over the Internet.[1]
  • As of 22 December 2010 usage of the DigiDoc Portal is open to citizens of the countries that participate in the STORK project.[2]

Attention! The following is frozen since 2010, so some information may be out-dated. Since 2010 a new evaluation methodology is used, carried out by the Estonian Technical Surveillance Authority. But since the necessary changes to DSA have not been made yet, this new methodology does not have any legal meaning. For this reason, the methodology and any results thus far are unpublished. For the most accurate and current information, contact Uuno Vallner.

RISO's Interoperability website[3] says: The eID mechanisms of other countries are acknowledged in Estonia if the certification service provider and certificate security is on the same level as with the Estonian ID card. At present, countries can only be evaluated separately, one by one. At the evaluation of certificates of other countries, the methods described in the document Principles For Evaluating The eID Of Other Countries [in Estonian] have been used.' The certificates of the following countries have been qualified:

Notice: RISO's Interoperability website[3] also mentions the following countries, but these certificates are not qualified nor on the same level as the Estonian ID-card's certificate:

  • Italy: ID card architecture, http://www.opensc-project.org/opensc/wiki/ItalianEid =~ http://www.opensc-project.org/opensc/wiki/ItalianCNS
    • Two different types of cards with many different chip types and certification authorities are used -- as a result of this and many other factors, the situation with Italian certificates is very unclear and difficult to evaluate.[7]
  • Slovenia: general information available here, but the impression is that development of eID has stopped in 2007. (There was a brief period of activity in 2008, but it passed.) E.g. a statement like this can be found from 2008: "Proposals to introduce a new eID card, incorporating several different functions on just one card, have met with opposition in Slovenia." [8]
    • Only identification certificates are issued. Although some applications also use these for signing documents, these signatures are not in accoradance with the Estonian DSA.[9]
    • Although the identification certificate is "qualified", the key is not kept in a hardware token, but in a software token, meaning that these certificates should be trusted with certain reservations.[9]

STORK

STORK (Secure Identity Across Borders Linked) is a framework program for enhancing competitiveness and innovation, co-funded by the European Union. STORK aims at developing an interoperability network in the EU, whose aim is to enable identification and authentication of electronic identity (eID), which in turn will enable entrepreneurs, citizens and state officials to use the electronic identities issued by their country in all EU countries. In other words, the aim is to create a system where the certification authority (CA) of one country acts as proxy to other countries' certification authorities. Estonia is represented in the STORK program by AS Sertifitseerimiskeskus.[10] The initial STORK program was followed by STORK 2.0.

STORK also handles authentication tools with lower security levels than the ID card. Therefore, for instance in Holland state-issued password cards are used and in England authentication is also based on passwords.[11]

Within the framework of this work, one of the important documents of STORK is "Smartcard eID Comparison" [12], which presents a technical comparison of smart card based authentication tools in the STORK countries. A thorough overview of the STORK project can be found at the page "Pilot 1 Cross-border authentication for e-services". In the context of Estonia, the following STORK projects are also useful:

  • Pilot project number 1 "Cross-border authentication for e-services". This pilot project gives citizens secure access to services, using the e-identity issued by their own country and retaining control over their data.
  • Pilot project number 4 "Cross-border e-delivery". This pilot project enables the citizen of one country to use the e-delivery portal of another country and receive documents using the e-identity of their own country.
  • Pilot project number 5 "Change of address". This makes it easier to inform the agencies concerned about change of address. A foreign citizen can log in with his/her e-identity and upload an Address Declaration or request and download it.
  • Pilot project number 6 "Services of the Commission". Because STORK is integrated with the European Commission Authentication System (ECAS), citizens can use their e-identities and access several e-services of the European Commission that are meant for officials, companies and organisations.

Validity confirmation proxying

AS Sertifitseerimiskeskus offers proxy OCSP, which makes it possible to request the certificate information of other countries' ID cards. The service enables requesting validity information about e.g. Finnish, Lithuanian, Belgian, Portuguese, Luxembourgian and Icelandic certificates and the list can be expanded on request.[13]

The service is accessible to all users of the ordinary validity confirmation service and the monthly fee depends on the standard validity confirmation plan.[13]

Using this service, it is possible to allow authentication of a person using an ID card of another country in your web service: a standard SSL/TLS handshake is carried out, where getting the signature from the card is solved on the client's side, after which SK's OCSP service is used to ensure certificate validity.

Using another country's ID card for more, e.g. signing documents (if it is supported by the card at all) can be complicated, because each card supports a different interface or a different standard: therefore, a separate solution will probably have to be created for each country's ID card.

European Citizen Card

There exists a European Citizen Card (ECC) standard. The idea is to create a pan-European ID card.[14] The latest news dates back to 2009, including the announcement that Oberthur Technologies has created a first, MS Windows 7-compatible ECC. Since then, there has been no news for the wider public about EEC status, but there exists an EEC technical specification standard:

In the context of STORK, the following may also be of interest:

Also, many card manufacturers offer ECC standard compatible smart cards:

It should be noted that on 19 September 2012 the World e-ID Congress was held, where one of the topics was an overview of ECC's status. At present, the relevant webpage says that the proceedings are only available to those that participated in the conference, and for others, for a fee of 115 EUR.

External links

References