EIDAS: current state of play and the Luxembourgish approach.
-
Upload
lisa-casey -
Category
Documents
-
view
224 -
download
2
Transcript of EIDAS: current state of play and the Luxembourgish approach.
![Page 1: EIDAS: current state of play and the Luxembourgish approach.](https://reader036.fdocuments.in/reader036/viewer/2022081514/5697bfd91a28abf838caf87c/html5/thumbnails/1.jpg)
eIDAS: current state of play and the Luxembourgish approach
![Page 2: EIDAS: current state of play and the Luxembourgish approach.](https://reader036.fdocuments.in/reader036/viewer/2022081514/5697bfd91a28abf838caf87c/html5/thumbnails/2.jpg)
2
• Overview, state of play, next steps
• The Luxembourgish approach for eIDAS deployment
Agenda
![Page 3: EIDAS: current state of play and the Luxembourgish approach.](https://reader036.fdocuments.in/reader036/viewer/2022081514/5697bfd91a28abf838caf87c/html5/thumbnails/3.jpg)
2
• Overview, state of play, next steps
• The Luxembourgish approach for eIDAS deployment
Agenda
![Page 4: EIDAS: current state of play and the Luxembourgish approach.](https://reader036.fdocuments.in/reader036/viewer/2022081514/5697bfd91a28abf838caf87c/html5/thumbnails/4.jpg)
Before eIDAS…
3
• Electronic signatures (eSignature Directive (1999), Services Directive (2006))
However:‐ Different interpretations of SSCDs‐ “Appropriate” supervision of TSPs‐ No distinction between natural and legal persons‐ Outdated technical standards
• Authentication ? Technical PoCs (STORK, …) and many national solutions
• Other Trust Services ?No legal basis
TOO SMALL
TOO WEAK
TOO OLD
![Page 5: EIDAS: current state of play and the Luxembourgish approach.](https://reader036.fdocuments.in/reader036/viewer/2022081514/5697bfd91a28abf838caf87c/html5/thumbnails/5.jpg)
4
The eIDAS regulation
Too small
Too Weak
Too old
Goal: strengthen EU Single Market by boosting trust and convenience in secure and seamless cross-border electronic transactions.
→ Larger scope to cover eID and all relevant trust services
→ Regulation directly enforceable in all MS→ Some eSig "gray areas" have been clarified (Supervision, QSCD,…)
→ New use-cases and technologies have been taken into account→ Technology-neutral and outcome-based approach
![Page 6: EIDAS: current state of play and the Luxembourgish approach.](https://reader036.fdocuments.in/reader036/viewer/2022081514/5697bfd91a28abf838caf87c/html5/thumbnails/6.jpg)
5
Scope
eIDAS Regulation
eID
Mutual recognition
Notification process
Levels of Assurance
Interoperability framework
Trust services
eSignatures
Trusted lists
eSeals
QSCD
Time stamp
Liability
Website authen-tication
TSP supervision
Electronic registered delivery
Trust mark
eSig/eSeals validation
and preservation
Breach notification
+ electronic documents
![Page 7: EIDAS: current state of play and the Luxembourgish approach.](https://reader036.fdocuments.in/reader036/viewer/2022081514/5697bfd91a28abf838caf87c/html5/thumbnails/7.jpg)
Scenario
6
Source: European Commission
![Page 8: EIDAS: current state of play and the Luxembourgish approach.](https://reader036.fdocuments.in/reader036/viewer/2022081514/5697bfd91a28abf838caf87c/html5/thumbnails/8.jpg)
7
Legal frameworkLegal act Réf. Entry in force
eIDAS regulation (EU) 910/2014 17/09/2014
IA on cooperation (EU) 2015/296 17/03/2015
IA on interoperability framework (EU) 2015/1501 29/09/2015
IA on levels of assurance (EU) 2015/1502 29/09/2015
IA on EU trust mark (EU) 2015/806 12/06/2015
IA on trusted lists (EU) 2015/1505 29/09/2015
IA on eSignatures / eSeals formats (EU) 2015/1506 29/09/2015
IA on notification (EU) 2015/1984 03/11/2015
IA on standards for QSCDs ? 04/2016 ?
eID
Trust services
![Page 9: EIDAS: current state of play and the Luxembourgish approach.](https://reader036.fdocuments.in/reader036/viewer/2022081514/5697bfd91a28abf838caf87c/html5/thumbnails/9.jpg)
8
Deployment
2014 2015 2016 2017 2018 2019
eSignature Directive regime
Mandatory recognition
Voluntary recognition
17/09/2014 entry in force of eIDAS
regulation
eID
Trust services
eIDAS regime
Transition period
(QES TSPs)
29/09/2015 29/09/2018
01/07/2016
![Page 10: EIDAS: current state of play and the Luxembourgish approach.](https://reader036.fdocuments.in/reader036/viewer/2022081514/5697bfd91a28abf838caf87c/html5/thumbnails/10.jpg)
9
Coming in 2016• SLA for eIDAS node• Guidelines on LoA, peer reviews and notification• Deployment of interoperability infrastructure (CEF calls)• First notifications and peer reviews ?
• Switch from eSig Directive regime to eIDAS • Technical standards and implementing act on:
QSCD IT security certification Prior Authorization of QTSPs
• Progress on eDelivery
eID
Trust services
![Page 11: EIDAS: current state of play and the Luxembourgish approach.](https://reader036.fdocuments.in/reader036/viewer/2022081514/5697bfd91a28abf838caf87c/html5/thumbnails/11.jpg)
10
Agenda
• Overview, state of play, next steps
• The Luxembourgish approach for eIDAS deployment
![Page 12: EIDAS: current state of play and the Luxembourgish approach.](https://reader036.fdocuments.in/reader036/viewer/2022081514/5697bfd91a28abf838caf87c/html5/thumbnails/12.jpg)
11
LuxTrust (2005 -)• National CA (public-private partnership)
• Qualified Trust Service provider for: electronic signatures timestamps
• Identity provider: OTP and chip-based solutions for
authentication and signature
• Other services: SSL and code-signing certificates Mass signing
![Page 13: EIDAS: current state of play and the Luxembourgish approach.](https://reader036.fdocuments.in/reader036/viewer/2022081514/5697bfd91a28abf838caf87c/html5/thumbnails/13.jpg)
12
National eID card (2014 -)
ICAO-9303 compliant electronic machine-readable travel document
+
Contactless smartcard with 2 certificates (authentication + qualified eSignature)
![Page 14: EIDAS: current state of play and the Luxembourgish approach.](https://reader036.fdocuments.in/reader036/viewer/2022081514/5697bfd91a28abf838caf87c/html5/thumbnails/14.jpg)
13
Service ProvidersPUBLIC PRIVATE
eID
Services
![Page 15: EIDAS: current state of play and the Luxembourgish approach.](https://reader036.fdocuments.in/reader036/viewer/2022081514/5697bfd91a28abf838caf87c/html5/thumbnails/15.jpg)
14
Trust services
eIDAS Regulation
eID
Mutual recognition
Notification process
Levels of Assurance
Interoperability framework
Trust services
eSignatures
Trusted lists
eSeals
QSCD
Time stamp
Liability
Website authen-tication
TSP supervision
Electronic registered delivery
Trust mark
eSig/eSeals validation
and preservation
Breach notification
![Page 16: EIDAS: current state of play and the Luxembourgish approach.](https://reader036.fdocuments.in/reader036/viewer/2022081514/5697bfd91a28abf838caf87c/html5/thumbnails/16.jpg)
15
MyGuichetMyGuichet is the interactive platform of guichet.lu which allows administrative formalities to be carried out online with the competent administration.
Offers:• 45 services for citizens• 72 services for companies
Uses:• strong authentication• electronic signature • trusted timestamps
![Page 17: EIDAS: current state of play and the Luxembourgish approach.](https://reader036.fdocuments.in/reader036/viewer/2022081514/5697bfd91a28abf838caf87c/html5/thumbnails/17.jpg)
16
Interoperability frameworkeIDAS
Connector
1
Online service
I want to access your
service
Sure, how do you want to
authenticate?
eIDAS !
Please go here
![Page 18: EIDAS: current state of play and the Luxembourgish approach.](https://reader036.fdocuments.in/reader036/viewer/2022081514/5697bfd91a28abf838caf87c/html5/thumbnails/18.jpg)
17
Interoperability frameworkeIDAS
Proxy ServiceeIDAS
Connector
2
Online service
Where are you from ?
Luxembourg
Please go here
![Page 19: EIDAS: current state of play and the Luxembourgish approach.](https://reader036.fdocuments.in/reader036/viewer/2022081514/5697bfd91a28abf838caf87c/html5/thumbnails/19.jpg)
18
Interoperability frameworkeIDAS
Proxy ServiceeIDAS
Connector
3
Online service
i. Select eID
ii. Authenticate
iii. Consent
Identity / Attribute provider
RNRPP
******PIN:
![Page 20: EIDAS: current state of play and the Luxembourgish approach.](https://reader036.fdocuments.in/reader036/viewer/2022081514/5697bfd91a28abf838caf87c/html5/thumbnails/20.jpg)
19
Interoperability frameworkeIDAS
Proxy ServiceeIDAS
ConnectorOnline service
Identity / Attribute provider
RNRPP
Access granted
datadatadata
![Page 21: EIDAS: current state of play and the Luxembourgish approach.](https://reader036.fdocuments.in/reader036/viewer/2022081514/5697bfd91a28abf838caf87c/html5/thumbnails/21.jpg)
20
Interoperability frameworkDeployment:• eIDAS LU Proxy Service• eIDAS LU Connector• IdP/DBs connexions• LuxTrust support
2016Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4
2017
Notification: LU eID card
Notification: Some LuxTrust eIDs
![Page 22: EIDAS: current state of play and the Luxembourgish approach.](https://reader036.fdocuments.in/reader036/viewer/2022081514/5697bfd91a28abf838caf87c/html5/thumbnails/22.jpg)
21
Thank you
Any question ?