E-IDENTITIES AND TRUST SERVICES½užek-… · Access the web page, cheks if the website is really...
Transcript of E-IDENTITIES AND TRUST SERVICES½užek-… · Access the web page, cheks if the website is really...
![Page 1: E-IDENTITIES AND TRUST SERVICES½užek-… · Access the web page, cheks if the website is really WEB AUTHENTICATION linked to the authority 2. Identification and authentication with](https://reader033.fdocuments.in/reader033/viewer/2022050209/5f5c52932ab0bb1eeb404645/html5/thumbnails/1.jpg)
Operation is co-financed
by Republic of Slovenia and European Union
from European Regional Development Fund
SI-TRUST SERVICES
E-IDENTITIES AND TRUST SERVICES
Dr. Alenka Žužek Nemec
Ministry of Public Administration
![Page 2: E-IDENTITIES AND TRUST SERVICES½užek-… · Access the web page, cheks if the website is really WEB AUTHENTICATION linked to the authority 2. Identification and authentication with](https://reader033.fdocuments.in/reader033/viewer/2022050209/5f5c52932ab0bb1eeb404645/html5/thumbnails/2.jpg)
![Page 3: E-IDENTITIES AND TRUST SERVICES½užek-… · Access the web page, cheks if the website is really WEB AUTHENTICATION linked to the authority 2. Identification and authentication with](https://reader033.fdocuments.in/reader033/viewer/2022050209/5f5c52932ab0bb1eeb404645/html5/thumbnails/3.jpg)
Today‘s many challenges for public services
e-government
e-taxes
e-pension e-education
e-healthe-municipalities
…
DIGITALby default
REUSABLEby default INCLUSIVE and ACCESSIBLE
by default
CROSS BORDERby default
SECUREby default
INTEROPERABLEby default
PRIVACYby design
OPEN by default
![Page 4: E-IDENTITIES AND TRUST SERVICES½užek-… · Access the web page, cheks if the website is really WEB AUTHENTICATION linked to the authority 2. Identification and authentication with](https://reader033.fdocuments.in/reader033/viewer/2022050209/5f5c52932ab0bb1eeb404645/html5/thumbnails/4.jpg)
4
Trust and security!
![Page 6: E-IDENTITIES AND TRUST SERVICES½užek-… · Access the web page, cheks if the website is really WEB AUTHENTICATION linked to the authority 2. Identification and authentication with](https://reader033.fdocuments.in/reader033/viewer/2022050209/5f5c52932ab0bb1eeb404645/html5/thumbnails/6.jpg)
6
![Page 7: E-IDENTITIES AND TRUST SERVICES½užek-… · Access the web page, cheks if the website is really WEB AUTHENTICATION linked to the authority 2. Identification and authentication with](https://reader033.fdocuments.in/reader033/viewer/2022050209/5f5c52932ab0bb1eeb404645/html5/thumbnails/7.jpg)
7
E-Identities as key enablers
Misuse is in most cases related to the use of
usernames and passwords
71% accounts use common
passwords that are used for different purposes
600.000 sign ups to
Facebook is being disclosed daily
![Page 8: E-IDENTITIES AND TRUST SERVICES½užek-… · Access the web page, cheks if the website is really WEB AUTHENTICATION linked to the authority 2. Identification and authentication with](https://reader033.fdocuments.in/reader033/viewer/2022050209/5f5c52932ab0bb1eeb404645/html5/thumbnails/8.jpg)
8
e-Transactions workflow
WEB AUTHENTICATION1. Access the web page, cheks if the website is reallylinked to the authority
2. Identification and authentication with eID e-IDENTITY
AUTHENTICATION
✓
![Page 9: E-IDENTITIES AND TRUST SERVICES½užek-… · Access the web page, cheks if the website is really WEB AUTHENTICATION linked to the authority 2. Identification and authentication with](https://reader033.fdocuments.in/reader033/viewer/2022050209/5f5c52932ab0bb1eeb404645/html5/thumbnails/9.jpg)
9
3. e-Signing or e-sealing the application + time stamping
4. Registered e-delivery
e-DELIVERY
e-SIGNATURE
e-SEAL
TIME STAMP
e-Transactions workflow
![Page 10: E-IDENTITIES AND TRUST SERVICES½užek-… · Access the web page, cheks if the website is really WEB AUTHENTICATION linked to the authority 2. Identification and authentication with](https://reader033.fdocuments.in/reader033/viewer/2022050209/5f5c52932ab0bb1eeb404645/html5/thumbnails/10.jpg)
![Page 11: E-IDENTITIES AND TRUST SERVICES½užek-… · Access the web page, cheks if the website is really WEB AUTHENTICATION linked to the authority 2. Identification and authentication with](https://reader033.fdocuments.in/reader033/viewer/2022050209/5f5c52932ab0bb1eeb404645/html5/thumbnails/11.jpg)
EU Regulation on e-identification
andtrust services
eIDAS
№ 910/2014
✓
![Page 12: E-IDENTITIES AND TRUST SERVICES½užek-… · Access the web page, cheks if the website is really WEB AUTHENTICATION linked to the authority 2. Identification and authentication with](https://reader033.fdocuments.in/reader033/viewer/2022050209/5f5c52932ab0bb1eeb404645/html5/thumbnails/12.jpg)
12
National supervision of trust services providers
Cross-border interoperability
Mutual recognition of qualified trust services
Trusted reliable list of qualified trust service providers
Breach notification
Notification
Interoperability
framework
![Page 13: E-IDENTITIES AND TRUST SERVICES½užek-… · Access the web page, cheks if the website is really WEB AUTHENTICATION linked to the authority 2. Identification and authentication with](https://reader033.fdocuments.in/reader033/viewer/2022050209/5f5c52932ab0bb1eeb404645/html5/thumbnails/13.jpg)
13
Use your national eID cross-border
Mandatory cross-border recognition only to access
public services
![Page 14: E-IDENTITIES AND TRUST SERVICES½užek-… · Access the web page, cheks if the website is really WEB AUTHENTICATION linked to the authority 2. Identification and authentication with](https://reader033.fdocuments.in/reader033/viewer/2022050209/5f5c52932ab0bb1eeb404645/html5/thumbnails/14.jpg)
14
eIDAS DOES NOT CHANGE e-identities in the member states
BUT
builds on interoperability for cross-border recognition
![Page 15: E-IDENTITIES AND TRUST SERVICES½užek-… · Access the web page, cheks if the website is really WEB AUTHENTICATION linked to the authority 2. Identification and authentication with](https://reader033.fdocuments.in/reader033/viewer/2022050209/5f5c52932ab0bb1eeb404645/html5/thumbnails/15.jpg)
Two main conditions
MS decides WHEN andWHICH eID scheme
will notified for cross-border USE
1
Service providers mustbe able to offer
services that acceptnotified eID
2
![Page 16: E-IDENTITIES AND TRUST SERVICES½užek-… · Access the web page, cheks if the website is really WEB AUTHENTICATION linked to the authority 2. Identification and authentication with](https://reader033.fdocuments.in/reader033/viewer/2022050209/5f5c52932ab0bb1eeb404645/html5/thumbnails/16.jpg)
NOTIFIED
UNDER„PEER-REVIEW“
Notifications
MS decides WHEN andWHICH eID scheme
will notified for cross-border USE
1
![Page 17: E-IDENTITIES AND TRUST SERVICES½užek-… · Access the web page, cheks if the website is really WEB AUTHENTICATION linked to the authority 2. Identification and authentication with](https://reader033.fdocuments.in/reader033/viewer/2022050209/5f5c52932ab0bb1eeb404645/html5/thumbnails/17.jpg)
17
10 Sep 201926 Sep 2018 7 Nov 2019
Mandatory cross-border recognition only to access public services
27 Dec 2019…
MILESTONE29 September 2018
TODAY!
![Page 18: E-IDENTITIES AND TRUST SERVICES½užek-… · Access the web page, cheks if the website is really WEB AUTHENTICATION linked to the authority 2. Identification and authentication with](https://reader033.fdocuments.in/reader033/viewer/2022050209/5f5c52932ab0bb1eeb404645/html5/thumbnails/18.jpg)
18
eIDAS nodesMUST be
establishes in each MS
Service providers mustbe able to offer
services that acceptnotified eID
2
![Page 19: E-IDENTITIES AND TRUST SERVICES½užek-… · Access the web page, cheks if the website is really WEB AUTHENTICATION linked to the authority 2. Identification and authentication with](https://reader033.fdocuments.in/reader033/viewer/2022050209/5f5c52932ab0bb1eeb404645/html5/thumbnails/19.jpg)
19
e-IDAS node must be integrated into SP
eIDAS node
e-government
e-taxes
e-pension
e-education
e-health
e-public procurement
e-municipalities
![Page 20: E-IDENTITIES AND TRUST SERVICES½užek-… · Access the web page, cheks if the website is really WEB AUTHENTICATION linked to the authority 2. Identification and authentication with](https://reader033.fdocuments.in/reader033/viewer/2022050209/5f5c52932ab0bb1eeb404645/html5/thumbnails/20.jpg)
![Page 21: E-IDENTITIES AND TRUST SERVICES½užek-… · Access the web page, cheks if the website is really WEB AUTHENTICATION linked to the authority 2. Identification and authentication with](https://reader033.fdocuments.in/reader033/viewer/2022050209/5f5c52932ab0bb1eeb404645/html5/thumbnails/21.jpg)
TRUST SERVICES
DATA GATHERING
PLATFORM FOR E-SERVICES
…
Unified approach to information systems development in Slovenia
STATE CLOUD JEP
TRAY
![Page 22: E-IDENTITIES AND TRUST SERVICES½užek-… · Access the web page, cheks if the website is really WEB AUTHENTICATION linked to the authority 2. Identification and authentication with](https://reader033.fdocuments.in/reader033/viewer/2022050209/5f5c52932ab0bb1eeb404645/html5/thumbnails/22.jpg)
22
Central Authentication System
Central Server Based System for e-Signature
Central System for e-Delivery*
Qualified Time-Stamping
Central building blocks for trust services: “APP store” for developers and project managers
Cross-border Node (EU)
* In preparation
e-Documents
TSAizdajanje varnih časovnih žigov
centralni
strežniški e-podpis
centralni avtentikacijski sistem
centralno vozliščeeIDAS
PEPS
centralna platforma za e-pooblaščanje
CeP Central System for e-Mandates*
![Page 24: E-IDENTITIES AND TRUST SERVICES½užek-… · Access the web page, cheks if the website is really WEB AUTHENTICATION linked to the authority 2. Identification and authentication with](https://reader033.fdocuments.in/reader033/viewer/2022050209/5f5c52932ab0bb1eeb404645/html5/thumbnails/24.jpg)
24
1. Low Assurance Level
2. Substantial Assurance Level
3. High Assurance Level
e-Identities as the key element
0. Limited Assurance Level
![Page 25: E-IDENTITIES AND TRUST SERVICES½užek-… · Access the web page, cheks if the website is really WEB AUTHENTICATION linked to the authority 2. Identification and authentication with](https://reader033.fdocuments.in/reader033/viewer/2022050209/5f5c52932ab0bb1eeb404645/html5/thumbnails/25.jpg)
25
IdentityFederationModules
Service Provider A Service Provider B Service Provider N
SI-CAS Architecture
Person’s credentials provided by different Identity Providers
Username/password
Certificates ofSI citizens
eIDASidentity
Certificatersof non-SIcitizens
Mobile identity
... other identities
Central Register of Population
BusinessRegister
… other data sources
SI-CAS Hub supporting different Identity Providers, Attribute Providers and Identity Assertion Providers
(OASIS SAML 2.0, OpenID, Jasig CAS, ...)
Attribute Providers
![Page 26: E-IDENTITIES AND TRUST SERVICES½užek-… · Access the web page, cheks if the website is really WEB AUTHENTICATION linked to the authority 2. Identification and authentication with](https://reader033.fdocuments.in/reader033/viewer/2022050209/5f5c52932ab0bb1eeb404645/html5/thumbnails/26.jpg)
26
26
e-Signatures
![Page 27: E-IDENTITIES AND TRUST SERVICES½užek-… · Access the web page, cheks if the website is really WEB AUTHENTICATION linked to the authority 2. Identification and authentication with](https://reader033.fdocuments.in/reader033/viewer/2022050209/5f5c52932ab0bb1eeb404645/html5/thumbnails/27.jpg)
27
User holds the cretential of high level of assurance, e.g.
qualified digital certificiates on the smart card, OTP device,
mobile phone
SI-CeS concept
+
Users‘ private keys are kept safely inside hardware security module (HSM)
![Page 28: E-IDENTITIES AND TRUST SERVICES½užek-… · Access the web page, cheks if the website is really WEB AUTHENTICATION linked to the authority 2. Identification and authentication with](https://reader033.fdocuments.in/reader033/viewer/2022050209/5f5c52932ab0bb1eeb404645/html5/thumbnails/28.jpg)
28
AUTHENTICATION AND E-SIGNATURE SERVICE
PEPS
eIDAS node
![Page 29: E-IDENTITIES AND TRUST SERVICES½užek-… · Access the web page, cheks if the website is really WEB AUTHENTICATION linked to the authority 2. Identification and authentication with](https://reader033.fdocuments.in/reader033/viewer/2022050209/5f5c52932ab0bb1eeb404645/html5/thumbnails/29.jpg)
29List of e-services integrated with SI-PASSMinistrstvo za javno upravo: • eUprava, eVEM & EUGO (SPOT), e-Javna naročila, DU-AD, KrpanMinistrstvo za finance:• MFERACMinistrstvo za kulturo:• SARK, eJR, RMSNUprava RS za pomorstvo:• STCWSlužba vlade RS za razvoj in kohezijsko politiko: • eMANacionalni inštitut za javno zdravje: • zVEMAgencija RS za javnopravne evidence in storitve• Portal AJPESLokalna samouprava: • eObčina
In the preparation• FURS (eDavki)• GURS (eProstor)• MZI (eVozovnice, Tahografi)• MIZŠ (eVŠ)• MKGP• Arhiv RS• AKTRP• AKOS• Direkcija za vode• Vrhovno sodišče• Zavod za zaposlovanje• Zavod za pokojninsko in invalidsko zavarovanje• Zavod za zdravstveno zavarovanje
![Page 30: E-IDENTITIES AND TRUST SERVICES½užek-… · Access the web page, cheks if the website is really WEB AUTHENTICATION linked to the authority 2. Identification and authentication with](https://reader033.fdocuments.in/reader033/viewer/2022050209/5f5c52932ab0bb1eeb404645/html5/thumbnails/30.jpg)
30
Number of users
107.027Number of authentications
1.739.781Number of e-signatures
117.741*28.2.2019
![Page 31: E-IDENTITIES AND TRUST SERVICES½užek-… · Access the web page, cheks if the website is really WEB AUTHENTICATION linked to the authority 2. Identification and authentication with](https://reader033.fdocuments.in/reader033/viewer/2022050209/5f5c52932ab0bb1eeb404645/html5/thumbnails/31.jpg)
31
E-IDENTITIES IN SLOVENIA
Number of citizens ~25% (2017)
![Page 32: E-IDENTITIES AND TRUST SERVICES½užek-… · Access the web page, cheks if the website is really WEB AUTHENTICATION linked to the authority 2. Identification and authentication with](https://reader033.fdocuments.in/reader033/viewer/2022050209/5f5c52932ab0bb1eeb404645/html5/thumbnails/32.jpg)
32
Going mobile….
Everybody carries her/his mobile phone!
It is more than a phone!
Trully personal device
![Page 33: E-IDENTITIES AND TRUST SERVICES½užek-… · Access the web page, cheks if the website is really WEB AUTHENTICATION linked to the authority 2. Identification and authentication with](https://reader033.fdocuments.in/reader033/viewer/2022050209/5f5c52932ab0bb1eeb404645/html5/thumbnails/33.jpg)
33
Mobile basedauthenticationand e-signature
16 April 2018
![Page 34: E-IDENTITIES AND TRUST SERVICES½užek-… · Access the web page, cheks if the website is really WEB AUTHENTICATION linked to the authority 2. Identification and authentication with](https://reader033.fdocuments.in/reader033/viewer/2022050209/5f5c52932ab0bb1eeb404645/html5/thumbnails/34.jpg)
Register or associate a citizen‘smobile phone
Two-factor security:• PIN code• One-Time-Password (OTP)
SIMPLE – One phone, one PINSECURE – OTP via SMSCONVENIENT – No need for multiple password
![Page 35: E-IDENTITIES AND TRUST SERVICES½užek-… · Access the web page, cheks if the website is really WEB AUTHENTICATION linked to the authority 2. Identification and authentication with](https://reader033.fdocuments.in/reader033/viewer/2022050209/5f5c52932ab0bb1eeb404645/html5/thumbnails/35.jpg)
What about the future eID?New legislation is under preparation
ZEISZ
![Page 36: E-IDENTITIES AND TRUST SERVICES½užek-… · Access the web page, cheks if the website is really WEB AUTHENTICATION linked to the authority 2. Identification and authentication with](https://reader033.fdocuments.in/reader033/viewer/2022050209/5f5c52932ab0bb1eeb404645/html5/thumbnails/36.jpg)
36
![Page 37: E-IDENTITIES AND TRUST SERVICES½užek-… · Access the web page, cheks if the website is really WEB AUTHENTICATION linked to the authority 2. Identification and authentication with](https://reader033.fdocuments.in/reader033/viewer/2022050209/5f5c52932ab0bb1eeb404645/html5/thumbnails/37.jpg)
37
![Page 38: E-IDENTITIES AND TRUST SERVICES½užek-… · Access the web page, cheks if the website is really WEB AUTHENTICATION linked to the authority 2. Identification and authentication with](https://reader033.fdocuments.in/reader033/viewer/2022050209/5f5c52932ab0bb1eeb404645/html5/thumbnails/38.jpg)
Operation is co-financed
by Republic of Slovenia and European Union
from European Regional Development Fund
Alenka Žužek Nemec
[email protected]@gov.si
All invited, especially the service providersfrom public sector!