EID application guide
Electronic Identity (eID) Application Guide:
The guide is divided into three main parts:
- Overview of applications and scenarios where ID card is an option worth considering. We will bring examples and present analyzes of likely gain and amount of work.
- Technical guides and software examples for employing eID in applications, starting from fairly simple and reaching rather complex applications.
- Technological details and useful background information about eID.
The target audience for this work is everybody related to planning, procuring and developing information systems. The end users are not a target audience of this guide: for example, we do not explain how to give a digital signature to a document using eID.
The guide has been developed in several stages by the Estonian Information System's Authority and several companies within the framework of the EU structural funds programme "Raising Public Awareness about the Information Society".
Application scenarios: where and why eID
We divide the eID application scenarios into five broad scenarios:
- Entrance card. ID card is a sensible alternative to the conventional RFID card in situations where (a) the number of users is big and the set of users changes fairly often (b) security aspects are relatively important (c) a card is typically not used for entrance tens of times per day. ID card is used as an entrance card mostly in schools and libraries.
- Application example and guide: ID card as an entrance card
- Loyalty card. Id card can be successfully used in client loyalty programmes (shops, transport, libraries etc) as a loyalty card for quick identification of the client. Ease of use for ID card is better than for widely used magnet strip client cards and the clients prefer to carry a single card for all the shops.
- Logging in. The main use of eID is logging into a web application. Using eID is more secure and easier to administer than logging in with Google or Facebook. eID can be also used as an additional option for loggin into a conventional desktop.
- Application example: Case study of logging into the study portal and computers of the Tallinn Uni of Tech
- Application summary: eID for authentication in applications/desktop
- Payments. Due to the security of ID-card it can be employed for implementing several alternative payment methods in places where decreasing the duration of the payment process or decreasing the use of cash is important, or other payment methods can not be applied. The typical schema is to authenticate the user securely at the time of offering the services or selling the goods while conducting the actual payment later or in an alternative channel.
- Digital signatures and paperless office. Using digital signatures instead of signed agreements and confirmations on paper has the greatest potential for savings.
- Application example: SEB paperless office
- Application summary: Using eID for digital signatures and a paperless office.
Technical guides and examples
- Using standard eID software for digital signatures, as explained in the SEB paperless office. In most cases there is no need to create a new specialized application for digital signatures. In case there is a a real need for a specialized application, look into both command line applications and a complex PHP example.
- Authenticating in web applications: the simplest and the most widely used application. Requires both configuration and some development work. The web application reads the user data from the card in cooperation with the web server, guaranteeing at the same time, that the user has entered the correct PIN code. Relatively easy to implement: the first rough attempt takes ca one hour from the developer. Developing and actually usable system takes more time, roughly one day.
- Securing e-mail, VPN-s and logging into the desktop: not very widely used, does not require developing a new application. In most cases it should be sufficient to configure existing systems. However, understanding the needs, requirements and configuration options is nontrivial. Expect ca week of work for these applications.
- Command line applications for giving digital signatures, checking signatures, encryption. Use these as components for creating larger specialised applications for digital signatures. Examples are in C++ and Java.
- a simple PHP library for digitally signing and verifying digital signatures using estonian id cards.
Get the source of the example applications from the Github address tammet/eid
Technological details and background
The following materials will be useful for both planning and conducting actual development work:
- a set of guides for eID from AS Sertifitseerimiskeskus (the Estonian certification authority), for end users and for developers
- A short introduction to eID: ID card, digital ID, etc: what is what.
- Overview of the technical functionality of eID: how does authentication, signing etc work.
- Details of eID technology for creating new applications : inner workings of the functionality, plus an overview of useful tools.
- Cross-border eID, STORK and the European Citizen Card : eID and other countries.