EID application guide

Allikas: eid.eesti.ee
Jump to navigation Jump to search

Electronic Identity (eID) Application Guide:
where, why, how.

El regionaal small.jpg
ID-kaart

Introduction

The Application Guide provides the basic knowledge required for planning and creating applications using ID-card, mobile ID and digital ID (summarized as eID) in the following.

The guide is divided into three main parts:

  • Overview of applications and scenarios where ID card is an option worth considering. We will bring examples and present analyzes of likely gain and amount of work.
  • Technical guides and software examples for employing eID in applications, starting from fairly simple and reaching rather complex applications.
  • Technological details and useful background information about eID.

The target audience for this work is everybody related to planning, procuring and developing information systems. The end users are not a target audience of this guide: for example, we do not explain how to give a digital signature to a document using eID.

The guide has been developed in several stages by the Estonian Information System's Authority and several companies within the framework of the EU structural funds programme "Raising Public Awareness about the Information Society".

With questions regarding the contents of the guide, contact help@ria.ee, regarding eID development contact abi@id.ee, regarding the programme visit www.ria.ee/programme.

Application scenarios: where and why eID

We divide the eID application scenarios into five broad scenarios:

  • Entrance card. ID card is a sensible alternative to the conventional RFID card in situations where (a) the number of users is big and the set of users changes fairly often (b) security aspects are relatively important (c) a card is typically not used for entrance tens of times per day. ID card is used as an entrance card mostly in schools and libraries.
  • Loyalty card. Id card can be successfully used in client loyalty programmes (shops, transport, libraries etc) as a loyalty card for quick identification of the client. Ease of use for ID card is better than for widely used magnet strip client cards and the clients prefer to carry a single card for all the shops.
  • Logging in. The main use of eID is logging into a web application. Using eID is more secure and easier to administer than logging in with Google or Facebook. eID can be also used as an additional option for loggin into a conventional desktop.
  • Payments. Due to the security of ID-card it can be employed for implementing several alternative payment methods in places where decreasing the duration of the payment process or decreasing the use of cash is important, or other payment methods can not be applied. The typical schema is to authenticate the user securely at the time of offering the services or selling the goods while conducting the actual payment later or in an alternative channel.
  • Digital signatures and paperless office. Using digital signatures instead of signed agreements and confirmations on paper has the greatest potential for savings.


Technical guides and examples

In short, eID can be used for authentication or digital signatures. Considering details, eID can be used in the following ways:

  • Authenticating in web applications: the simplest and the most widely used application. Requires both configuration and some development work. The web application reads the user data from the card in cooperation with the web server, guaranteeing at the same time, that the user has entered the correct PIN code. Relatively easy to implement: the first rough attempt takes ca one hour from the developer. Developing and actually usable system takes more time, roughly one day.
  • Kasutaja tuvastamine veebis: praktikas kõige olulisem ja samas pea kõige lihtsam rakendus, mis nõuab lisaks konfigureerimisele ka veidi arendustööd. Koostöös veebiserveriga loeb veebirakendus kaardilt kasutaja info, tagades samas, et kasutaja on sisestanud õige PIN-koodi. Peale digiallkirjastamise on see eID põhirakendus. Tehniliselt on kasutaja tuvastamist lihtne ja kiire realiseerida: esimese töötava katseni kulub arendajal ca üks tund. Reaalselt kasutusvalmis süsteem võtab loomulikult rohkem aega, kui üldjuhul mitte üle tööpäeva.
  • Securing e-mail, VPN-s and logging into the desktop: not very widely used, do not require developing a new application. In most cases it should be sufficient to configure existing systems. However, understanding the needs, requirements and configuration options is nontrivial. Expect ca week of work for these applications.


  • E-maili turvamine, privaatvõrgud ja arvutisse sisselogimine: tegu on harvem kasutatavate rakendustega, mille jaoks ei ole jällegi vaja enda rakendust ehitada, olemasolevate süsteemide seadistamisest piisab. Samas on reaalsetest vajadustest arusaamine ja seadistused ise mittetriviaalsed: nende kasutuselevõtuks tasub hinnata ca üks nädal tööd.
  • Allkirjastamise, kontrollimise, krüpteerimise väikesed käsurea-näiterakendused oma eriarenduste loomiseks: neid saad kasutada eeskätt keerukamate, digiallkirjastamist kasutavate rakenduste ehitamisel konkreetsete komponentidena. Näiterakendused on keeltes C++ ja Java.
  • Keerukam näiterakendus: täiskomplekt eID funktsioone, sh digiallkirjastamine ja krüpteerimine, avalduste loomise ja töötlemise rakenduses. Keeled: PHP, .NET, Javascript.

Näiterakenduste lähtekoodi saad oma arvutisse kõige lihtsamalt Githubist tammet/eid koodihoidlast.

Tehnoloogilised detailid ja taustinfo

Nii enne arendustööde planeerimist kui nende käigus on kindlasti kasulik tutvuda järgmiste tehnilist laadi taustmaterjalidega:

eelmine versioon juhendist