eID & eGovernement: Mapping security services to authentication levels
Online tax declaration by electronic means, or smart card identification to be able to use online health care services: it all requires secure authentication. The Agency has launched a report on the authentication levels proposed by the STORK project, and their mapping to public electronic services in Europe.
Published on March 14, 2011
STORK Quality Authentication Assurance levels
This report reviews the Quality Authentication Assurance levels, the legal and technical barriers for interoperability in Europe, and their mapping to public electronic services in the eGovernment programme framework, which require authentication of the user (security services). For instance, citizens are allowed to complete and send their tax declaration by electronic means. Or, they use a smart card to identify themselves prior to being able to benefit from online health care services. The report gives a general overview of European efforts. In particular it focuses on the activities of STORK (Secure idenTity acrOss boRders linKed) in relation to the levels and the mapping.
History
Since the beginning of the 21st century, EU Member States have been planning, developing and implementing new solutions to offer electronic services to citizens and businesses on a digital platform. The common denominators for these eGovernment services are improving administrative efficiency, accessibility and user-friendliness and, above all, reducing costs.
But it was not efficient or feasible to restart from scratch. Therefore, policy makers and experts agreed on the desirability of finding solutions that would allow all stakeholders to work together across (digital) borders, while respecting the autonomy of the Member States. Several projects were then started in order to generate the required solutions. One of the directions taken by IDABC (Interoperable Delivery of European eGovernment Services to public Administrations, Businesses and Citizens) defined a model. This model included levels of authentication. Later those levels were mapped to the existing authentication solutions in the EU Member States and some discrepancies were identified. Also, the discussion on security issues in cross-border electronic authentication recognised that some of them needed to be addressed. In the meantime, a number of countries cooperated to offer cross-border electronic services, which have been successfully activated and several pilots are still running.
Report outline
Essential concepts in IT security are explained in this report. Moreover, the mappings of public electronic services in the eGovernment programme framework, which require an authentication of the user (security services) are illustrated by everyday life examples, such as cross border public transport, e-invoice across borders, and marriage between people of two nationalities. It also details the issues that may be or have been encountered by applying the model to electronic services. The definition and separation of the levels, as well as the assessment and validity of the levels have to be discussed in a broader sense in order to facilitate their application.
Recommendations
The report includes recommendations for a further fine-tuning of the model. They can in brief be summed up as follows:
- Authentication levels should be defined as clearly as possible.
- To make pan-European authentication levels acceptable and useable for service providers, a guideline for evalution of security demands should be developed
-Pan-European interoperable authentication solutions will only be accepted by service providers and citizens if they are perceived as transparent and trustworthy.
Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!
News items;
http://www.enisa.europa.eu/media/news-items/news-wires/RSS
PRs:
http://www.enisa.europa.eu/media/press-releases/press-releases/RSS