1st MODINIS workshop Identity management in eGovernment Frank Robben General manager Crossroads Bank for Social Security Strategic advisor Federal Public.

Slides:

Advertisements

Similar presentations

The data retention directive: data protection aspects Frank Robben General manager Crossroads Bank for Social Security Sint-Pieterssteenweg 375 B-1040.

Advertisements

Supporting National e-Health Roadmaps WHO-ITU-WB joint effort WSIS C7 e-Health Facilitation Meeting 13 th May 2010 Hani Eskandar ICT Applications, ITU.

Digital Identity Group May GIXEL  GIXEL is the professional association of electronic component and system industries in France. It brings together.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

Legal Issues on PKI & qualified electronic certificates. THIBAULT VERBIEST Attorney-at-law at the Brussels and Paris Bar Professor at the Universities.

Crossroads Bank for Social Security & eHealth platform How federal institutions support Belgian social and health care sector.

E-government in the Belgian social sector coordinated by the Crossroads Bank for Social Security Frank Robben General manager Crossroads Bank for Social.

Conditions for an effective and efficient E-government Frank Robben General manager Crossroads Bank for Social Security Strategic advisor Federal Public.

Some initiatives of the Belgian government in order to stimulate E-government Frank Robben General manager Crossroads Bank for Social Security Sint-Pieterssteenweg.

The Crossroads Bank for Social Security, a model for the health care sector ? Frank Robben General manager Crossroads Bank for Social Security Sint-Pieterssteenweg.

Introduction to the data warehouse labour market and social protection CBSS Frank Robben General Manager Crossroads Bank for Social Security

E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Eurostat Coverage of Security Issues Pascal Jacques ESTAT B0 Local Informatics Security Officer.

Taking Steps to Protect Privacy A presentation to Hamilton-area Physiotherapy Managers by Bob Spence Communications Co-ordinator Office of the Ontario.

E-government in the Belgian social security sector: a successful combination of back- office integration and an e-portal solution Crossroads Bank for Social.

National Smartcard Project Work Package 8 – Security Issues Report.

Auditing Logical Access in a Network Environment Presented By, Eric Booker and Mark Ren New York State Comptroller’s Office Network Security Unit.

Opinion about the draft privacy regulation of the EC Frank Robben General manager eHealth-platform Willebroekkaai 38 B-1000 Brussels

Strategic importance of identity and access management (IAM) The case of the Belgian social and health sector Frank Robben General manager Crossroads Bank.

Integrated Electronic User and Access Management in the Belgian Public, Social and Health Care Sector Frank Robben General manager Crossroads Bank for.

Österreich 2006 Austria 2006 Autriche 2006 Präsidentschaft der Europäischen Union Presidency of the European Union Présidence de L’Union européenne ★★★★★★

How can I trust the rest of Europe ? Requirements and a possible organisation with regard to epSOS and eHealth Frank Robben General manager eHealth platform.

Health Insurance Portability and Accountability Act of 1996 (HIPAA) Proposed Rule: Security and Electronic Signature Standards.

Be-Health as a driving force of electronic cooperation in the Belgian health care sector, based on the experience in the social sector Frank Robben General.

Electronic information exchange within the Belgian social sector coordinated by the Crossroads Bank for Social Security Frank Robben General manager Crossroads.

Implementation of EU Electronic Communication Directives.

Risks of data manipulation and theft Gateway Average route travelled by an sent via the Internet from A to B Washington DC A's provider Paris A.

Electronic identity management for eGovernment Conceptual framework and objectives Frank Robben General manager Crossroads Bank for Social Security Strategic.

Integrated services delivery based on eGovernment Frank Robben General manager Crossroads Bank for Social Security & eHealth-platform Sint-Pieterssteenweg.

Integrated information management in the Belgian social sector Frank Robben General manager Crossroads Bank for Social Security Strategic advisor Federal.

Service oriented E-government in the Belgian social sector Frank Robben General manager SmalS-MvM General manager Crossroads Bank for Social Security

IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.

DICOM and ISO/TC215 Hidenori Shinoda Charles Parisot.

Frank Robben General Manager CBSS and eHealth platform CEO Smals Sint-Pieterssteenweg 375 B-1040 Brussels Website CBSS:

Some identification needs related to workers’ mobility eGovernment – eIDM ad hoc group meeting 4-5 May 2006 CBSS Crossroads Bank for Social Security Frank.

1 European eGovernment Awards 2007 European eGovernment Awards 2007 Workshop for Finalists July, Brussels LIMOSA Belgium Reference project number.

Dr Aniyan Varghese eGovernment Unit eGovernment Unit Directorate General Information Society Dr Aniyan Varghese eGovernment.

The Principles Governing EU Environmental Law. 2 The importance of EU Environmental Law at the European and globallevel The importance of EU Environmental.

Is Service Oriented Architecture delivering its promise ? The case of the Crossroads Bank for Social Security Frank Robben General manager Crossroads Bank.

The pillars of E-government Frank Robben General manager Crossroads Bank for Social Security Strategic advisor Federal Public Service for ICT Sint-Pieterssteenweg.

Data protection and European citizens’ initiatives

Back office integration for better E-government services Crossroads Bank for Social Security Frank Robben General manager Crossroads Bank for Social Security.

Interoperability in the Belgian social sector Frank Robben General manager Crossroads Bank for Social Security Strategic advisor Federal Public Service.

1 World Bank Workshop - 14 March 2006 The disclosure of financial information according to the Transparency Directive by Mina Filippa Legal Advisor/ Rapporteur.

LEFIS ROVANIEMI MEETING 19TH 20TH JANUARY 2007 Privacy In The Web TATYANA STEFANOVA LEX.BG BULGARIA.

LEARNING AREA 1 : INFORMATION AND COMMUNICATION TECHNOLOGY PRIVACY AUTHENTICATION VERIFICATION.

 ROAD SAFETY: the European Union Policy European Commission, Directorate General for Mobility & Transport «Road Safety.

A model for electronic data exchange in the public sector Kruispuntbank van de Sociale Zekerheid Banque Carrefour de la Sécurité sociale KSZ-BCSS Frank.

M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 6 – Company Law Bilateral screening:

Ministry of Finance Compliance assessment of the management and control systems of the managing authorities under the Operational programmes. Conclusions.

Harmonised use of accreditation for assessing the competence of various Conformity Assessment Bodies Dr Andreas Steinhorst, EA ERA workshop 13 April 2016,

Towards a European Shared Environmental Information System in Support of Environmental Policies: INSPIRE: an Inspired revolution for a knowledge-based.

E-C OMMERCE : T HE E -C ONSUMER AND THE ATTACKS AGAINST THE PERSONAL DATA Nomikou Eirini Attorney at Law, Piraeus Bar Association Master Degree in Web.

University of Piraeus Research Centre (UPRC) Assistant Professor Nineta Polemi “PREVENTION, PREPAREDENESS AND CONSEQUENCE MANAGEMENT OF.

M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 10 – Information society and media.

Efficient and secure transborder exchange of patient data

PRESENTATION OF MONTENEGRO

Transboundary trust space development strategy challenges

Public Sector Institutional Reform Project

Public private partnership concerning user and access management (UAM): the vision of the federal

Proposal for a Regulation on medical devices and Proposal for a Regulation on in vitro diagnostic medical devices Key Provisions and GIRP Assessment.

Dan Tofan | Expert in NIS 21st Art. 13a WG| LISBON |

The activity of Art. 29. Working Party György Halmos

Dashboard eHealth services: actual mockup

The evaluation process

Juan Gonzalez eGovernment & CIP operations

A model for multi-actor collaboration for an effective and efficient social protection system Frank Robben & Jean-Marc Vandenbergh Crossroads Bank for.

Towards a frictionless social security

Presentation transcript:

1st MODINIS workshop Identity management in eGovernment Frank Robben General manager Crossroads Bank for Social Security Strategic advisor Federal Public Service for ICT Sint-Pieterssteenweg 375 B-1040 Brussels Website:

2 © Frank RobbenLeuven, 4 May 2005 Structure of the contribution n proposal of objectives n proposal of a conceptual framework n choices made in Belgium n some international issues

3 © Frank RobbenLeuven, 4 May 2005 Objectives to be reached n be able to electronically -identify all relevant entities (physical persons, companies, applications, machines, …) -know the relevant characteristics of the entities -know that an entity has been mandated by another entity to perform a legal action -know the authorizations of the entities n in a sufficiently certain and secure way n in as much relations as possible (C2C, C2B, C2G, B2B, B2G, …) n using open interoperability standards

4 © Frank RobbenLeuven, 4 May 2005 Conceptual framework n entity: someone or something that has to be identified (e.g. a physical person, a company, a computer application, …) n attribute: a piece of information about an entity n identity: a number or a set of attributes of an entity that allows to know precisely who or what the entity is; an entity has only one identity, but this identity can be determined by several numbers or sets of attributes n characteristic: an attribute of an entity, other than an attribute determining its identity, such as a capacity, a function, a professional qualification,...; an entity can have several characteristics

5 © Frank RobbenLeuven, 4 May 2005 Conceptual framework n mandate: a right granted by an identified entity to another identified entity to perform well-defined legal actions in her name and for her account n registration: the process of determining the identity, a characteristic or a mandate of an entity with sufficient certainty, before putting at the disposal means by which the identity can be authenticated, or the characteristic or the mandate can be verified

6 © Frank RobbenLeuven, 4 May 2005 Conceptual framework n authentication of the identity: the process of checking whether the identity that an entity pretends to have, corresponds to the real identity; authentication of the identity can be done based on the verification of knowledge (e.g. a password), of possession (e.g. an electronic card), of biometrical characteristics or on a combination of those

7 © Frank RobbenLeuven, 4 May 2005 Conceptual framework n verification of a characteristic or a mandate: the process of checking whether a characteristic or a mandate that an entity pretends to have, corresponds to a real characteristic or mandate of that entity; the verification of a characteristic or a mandate can be done by the same kind of means as those used for the authentication of the identity, or, after the authentication of the identity, by consulting a database that contains information about characteristics of mandates related to identified entities

8 © Frank RobbenLeuven, 4 May 2005 Conceptual framework n authorization: a permission to an entity to perform a defined action or to use a defined service n authorization group: a group of authorizations n role: a group of authorizations or authorization groups related to a specific service n role based access: a method of assigning authorizations to entities by means of authorization groups and roles, in order to simplify the management of authorizations and their assignment to entities

9 © Frank RobbenLeuven, 4 May 2005 Choices made in Belgium n identification number for every citizen and every company -characterictics unicity –one entity – one identification number –same identification number is not assigned to several entities exhaustivity –every entity to be identified has an identification number stability through time –identification number should not contain variable characterics of the identified entity –identification number should not contain references to the identification number or characteristics of other entities –identification number should not change when a quality or characteristic of the identified entity changes

10 © Frank RobbenLeuven, 4 May 2005 Choices made in Belgium n art. 8, 7 Directive 95/46/EC: "Member States shall determine the conditions under which a national identification number or any other identifier of general application may be processed" -evolution towards meaningless identification numbers -unique identification numbers of citizens can only be used by instances authorized by a sectoral committee of the national privacy commission -patient identification number is a number derived from the unique number of the citizen -regulation on interconnection of personal data n registration of the identity of citizens by the municipalities

11 © Frank RobbenLeuven, 4 May 2005 Choices made in Belgium n registration of the identity of companies by company counters n registration of characteristics and mandates relevant for eGovernment by private or public bodies designated by government n authentication of the identity of physical persons by the electronic identity card n verification of characteristics and mandates relevant for eGovernment preferably by consulting authentic databases n multifunctional use of authentication and verification means n authorization is the responsibility of each service provider

12 © Frank RobbenLeuven, 4 May 2005 Choices made in Belgium n overall policy on security and privacy protection for eGovernment -security, integrity and confidentiality of government information are ensured by integrating ICT measures with structural, organizational, physical, personnel screening and other security measures according to agreed policies -personal information is only used for purposes compatible with the purposes of the collection of the information -personal information is only accessible to authorized institutions and users according to business needs, legislative or policy requirements

13 © Frank RobbenLeuven, 4 May 2005 Choices made in Belgium n overall policy on security and privacy protection for eGovernment -the authorizations for government bodies to communicate personal information to third parties are granted by sectoral committees of the privacy commission, designated by Parliament, after having checked whether the communication conditions (e.g. purpose limitation, proportionality) are met -the authorizations for communication are public -every concrete electronic communication of personal information by a government body is preventively checked on compliance with the existing authorizations by an independent institution managing the interoperability framework used for the communication -every concrete electronic communication of personal information by a government body is logged, to be able to trace possible abuse afterwards

14 © Frank RobbenLeuven, 4 May 2005 Choices made in Belgium n overall policy on security and privacy protection for eGovernment -every time information is used to take a decision, the used information is communicated to the concerned person together with the decision -every person has right to access and correct his own personal data -this system has been implemented in the Belgian social security sector for 10 years and is being extended to the whole Belgian government sector

15 © Frank RobbenLeuven, 4 May 2005 International context: some issues n determination of the means by which an entity can be identified within each country and across countries n the way identity management and characteristics management are well separated in order to guarantee the multifunctional use of identity authentication means n the quality insurance criteria for the registration procedures that are used to determine the identity, relevant characteristics or mandates before linking it to authentication or verification means n the quality insurance criteria for authentication and verification means and their use

16 © Frank RobbenLeuven, 4 May 2005 International context: some issues n an organizational, functional and technical interoperability framework to exchange identity, characteristics, mandate and authentication data based on open standards n the necessary legal framework for identity, characteristics and mandate management, with a good balance between trust enhancing measures and measures guaranteeing a free market

17 © Frank RobbenLeuven, 4 May 2005 International context: proposed method n to work out a common conceptual framework, a common vision and common basic principles n to translate these principles in common, measurable objectives n to ask every state to develop an action plan to achieve these objectives n to elaborate an architecture and guidebooks to implement the principles n to create a forum for the exchange of best practices

you ! Any questions ?