eIDAS: current state of play and the Luxembourgish approach

Slides:

Advertisements

Similar presentations

1 Proposal for a Regulation on Electronic identification and trust services for electronic transactions in the internal market (COM( final) {SWD(2012)

Advertisements

© fedict All rights reserved Legal aspects Belgian electronic identity card Samoera Jacobs – November 2008.

How eID and eSignatures work in a cross-border setting Wendy Carrara SPOCS Deputy Programme Director eID workshop Reaping the benefits of eID in different.

EGovernment Vision, Policies and Implementations in Austria Prof. Dr. Reinhard Posch CHIEF INFORMATION OFFICER.

1 14 th May 2008 How can pan-European Public Services Benefit from CIP ICT PSP Pilot on eID Dr. Davorka Šel Ministry of Public Administration SLOVENIA.

CEF Building Blocks Joao RODRIGUES FRADE

The Austrian Governmental eDelivery System Technical Aspects Ankara, March 17th, 2015 Christian Maierhofer, EGIZ The E-Government Innovation Center is.

Stork 2.0 is an EU co-funded project INFSO-ICT-PSP Robert Scharinger & Gottfried Heider (Ministry of Health, AT) WP 5.4 eHealth pilot - epSOS OpenNCP.

Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.

TDL Meeting 7-8 April 2014 //Vienna Sprint Proposal The key of a legal on line signature The key of a legal on line signature: The inseparable link between.

European Electronic Identity Practices Country Update of …………… Speaker: Date:

Stork is an EU co-funded project INFSO-ICT-PSP Secure Identity Across Borders Linked Secure Electronic Identity Across Europe! STORK – 4 TH I NDUSTRY.

ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.

Workshop on registered electronic mail policies and implementations (ETT 57074) Ankara, –

© ETSI 2012 All rights reserved EUROPEAN UNION MANDATE/460 Kloster Banz Presented by Arno Fiedler, Member of European Telecommunications Standards.

PAPERLESS BUSINESS in GEORGIAN FINANCIAL SECTOR NANA ENUKIDZE - Advisor to the Governor.

Regulation (EC) No. 765/2008 on accreditation and market surveillance

Implementation of the Regulation (EU) No 910/2014 on electronic identification and trust services for electronic transactions in the internal market.

Legal Issues on PKI & qualified electronic certificates. THIBAULT VERBIEST Attorney-at-law at the Brussels and Paris Bar Professor at the Universities.

Workshop Ankara, –  Introduction  Legal background in Slovenia  Usage areas  Accreditations and supervision  REM service.

Stork is an EU co-funded project INFSO-ICT-PSP STORK PRESENTATION STORK Presentation Lithuania March 2010.

1. 2 ECRF survey - Electronic signature Mr Yves Gonner Luxembourg, June 12, 2009.

Evolution in cross-border interoperability of eSignatures and eID Tarvi Martens SK, Estonia.

UN Economic Commission for Europe 23rd UN/CEFACT FORUM 7-11 April rd UN/CEFACT FORUM – Geneva Tahseen A. Khan Project Proposal : Trusted Third Party.

ISA programme: Secure-related initiatives Miguel Alvarez Rodríguez.

European Electronic Identity Practices Country Update of Austria Peter F Brown Office of the CIO, Austrian Federal Chancellery Chair, CEN eGov Focus Group.

Mobile Identity and Mobile Authentication (mobile e-signature) Valdis Janovs Sales Director Lattelecom Technology SIA.

Vilnius, October 21st, 2002 © eEurope SmartCards Securing a Telework Infrastructure: Smart.IS - Objectives and Deliverables Dr. Lutz Martiny Co-Chairman,

The Digital Agenda for Europe Interoperability and Standards

Identity management – developments within the European Social Security Sector Pantelis Angelidis.

E-SENS eHealth Use Cases. eHealth Use Cases (Overview) eConfirmation How is a health care provider in MS B able to get an insurance confirmation for a.

Secure Management of Information across multiple Stakeholders SEMIRAMIS – CIP-ICT PSP SEMIRAMIS General Presentation.

Elements of Trust Framework for Cyber Identity & Access Services CYBER TRUST FRAMEWORK Service Agreement Trust Framework Provider Identity Providers Credential.

The Porvoo Group Tapio Aaltonen Director, CA-services, co- chair Porvoo Group Population Register Centre Finland.

Infrastructure for qualified electronic Signatures in Germany Jürgen Schwemmer Moscow, 17th April 2014.

Stork is an EU co-funded project INFSO-ICT-PSP Students Mobility: STORK Project Deployment Paúl Santapau Nebot Vicente Andreu Navarro.

Dr Aniyan Varghese eGovernment Unit eGovernment Unit Directorate General Information Society Dr Aniyan Varghese eGovernment.

The German eID and eIDAS

A national authority's perspective on the European Citizens' Initiative.

European Electronic Identity Practices Country Update of Estonia Speaker: Ivar Jung Date:

Strategy and experience of Spain in interoperability for eGovernment.

19-20 October 2010 IT Directors’ Group meeting 1 Item 6 of the agenda ISA programme Pascal JACQUES Unit B2 - Methodology/Research Local Informatics Security.

Electronic Signatures Regulation in the European Union Jos Dumortier K.U.Leuven University Belgium Roundtable on Electronic Documents and Electronic Signatures.

EID and eSignature programs at National level in Europe Detlef Houdeau Nov 2013 Exploratory seminar on e-signatures for e- business in the South Mediterranean.

MOLDOVA: OPENING NEW FRONTIERS IN E-GOVERNANCE TALLINN MAY 31, 2016 GOVERNMENT OF REPUBLIC OF MOLDOVA IURIE ȚURCANU Government Chief Information Officer,

Stork is an EU co-funded project INFSO-ICT-PSP STORK PRESENTATION Frank LEYMAN Manager International Relations 04/06/2009.

The Future Digital Identity Landscape in Europe Timothée Mangenot, chairman 14th of December, 2015 ACSIEL partners day.

ICT Solutions for achieving Smart Regulation The Dutch Programme

Digital Single Market Valentinas KVIETKUS Baltic Assembly, Ryga

Cross-sector and user-centric AAI

ESign Aashutosh.

Dr. Stephan Finke Deutsche Akkreditierungsstelle GmbH

PRESENTATION OF MONTENEGRO

CEF Building Blocks status update CONNECTING EUROPEAN CHAMBERS

SPOCS : Simple Procedures Online for Crossborder Services

Public private partnership concerning user and access management (UAM): the vision of the federal

Enhancing maritime domain awareness and responsiveness in Europe

Why eIDAS? eID under eIDAS compliance

European Citizens’ Initiative, Commission regulation proposal Focus on IT aspects Jérôme Stefanini DIGIT.B.2 05/06/2018.

Draft ETSI TS Annex C Presented by Michał Tabor for PSD2 Workshop

eIDAS Qualified Certificates supporting PSD2 ESI(17)000098

TRACES Trade Control and Expert System Electronic sanitary certificates using qualified electronic signature Brussels 15th September 2016.

CEF eID SMO The use of eID in eHealth

Dashboard eHealth services: actual mockup

Website authentication E-registered delivery

eIDAS and border region farmers

E-identities (and e-signatures)

Una herramienta para la gestión de identidad, el control de acceso y uso compatible con la regulación de identidad europea eIDAS.

eCertification European Union approach and policy

Presentation transcript:

eIDAS: current state of play and the Luxembourgish approach

Agenda Overview, state of play, next steps The Luxembourgish approach for eIDAS deployment

Agenda Overview, state of play, next steps The Luxembourgish approach for eIDAS deployment

Before eIDAS… Electronic signatures (eSignature Directive (1999), Services Directive (2006)) However: Different interpretations of SSCDs “Appropriate” supervision of TSPs No distinction between natural and legal persons Outdated technical standards Authentication ? Technical PoCs (STORK, …) and many national solutions Other Trust Services ? No legal basis TOO SMALL TOO WEAK TOO OLD

The eIDAS regulation Goal: strengthen EU Single Market by boosting trust and convenience in secure and seamless cross-border electronic transactions. Too small Too Weak Too old → Larger scope to cover eID and all relevant trust services → Regulation directly enforceable in all MS → Some eSig "gray areas" have been clarified (Supervision, QSCD,…) → New use-cases and technologies have been taken into account → Technology-neutral and outcome-based approach

eIDAS Regulation eID Trust services Scope + electronic documents Mutual recognition Notification process Levels of Assurance Interoperability framework Trust services eSignatures Trusted lists eSeals QSCD Time stamp Liability Website authen-tication TSP supervision Electronic registered delivery Trust mark eSig/eSeals validation and preservation Breach notification + electronic documents

Scenario Source: European Commission

Legal framework eID Trust services Legal act Réf. Entry in force eIDAS regulation (EU) 910/2014 17/09/2014 IA on cooperation (EU) 2015/296 17/03/2015 IA on interoperability framework (EU) 2015/1501 29/09/2015 IA on levels of assurance (EU) 2015/1502 IA on EU trust mark (EU) 2015/806 12/06/2015 IA on trusted lists (EU) 2015/1505 IA on eSignatures / eSeals formats (EU) 2015/1506 IA on notification (EU) 2015/1984 03/11/2015 IA on standards for QSCDs ? 04/2016 ? eID Trust services

17/09/2014 entry in force of eIDAS regulation Deployment 17/09/2014 entry in force of eIDAS regulation 29/09/2015 29/09/2018 Mandatory recognition eID Voluntary recognition 01/07/2016 Trust services eSignature Directive regime Transition period (QES TSPs) eIDAS regime 2014 2015 2016 2017 2018 2019

Coming in 2016 eID Trust services SLA for eIDAS node Guidelines on LoA, peer reviews and notification Deployment of interoperability infrastructure (CEF calls) First notifications and peer reviews ? Switch from eSig Directive regime to eIDAS Technical standards and implementing act on: QSCD IT security certification Prior Authorization of QTSPs Progress on eDelivery eID Trust services

Agenda Overview, state of play, next steps The Luxembourgish approach for eIDAS deployment

LuxTrust (2005 -) National CA (public-private partnership) Qualified Trust Service provider for: electronic signatures timestamps Identity provider: OTP and chip-based solutions for authentication and signature Other services: SSL and code-signing certificates Mass signing

National eID card (2014 -) ICAO-9303 compliant electronic machine-readable travel document + Contactless smartcard with 2 certificates (authentication + qualified eSignature)

Service Providers PUBLIC PRIVATE Services eID

eIDAS Regulation eID Trust services Trust services eSignatures eSeals Mutual recognition Notification process Levels of Assurance Interoperability framework Trust services eSignatures Trusted lists eSeals QSCD Time stamp Liability Website authen-tication TSP supervision Electronic registered delivery Trust mark eSig/eSeals validation and preservation Breach notification

MyGuichet MyGuichet is the interactive platform of guichet.lu which allows administrative formalities to be carried out online with the competent administration. Offers: 45 services for citizens 72 services for companies Uses: strong authentication electronic signature trusted timestamps

Sure, how do you want to authenticate? I want to access your service Interoperability framework Online service eIDAS Connector Please go here Sure, how do you want to authenticate? I want to access your service 1 eIDAS !

Interoperability framework Online service eIDAS Connector eIDAS Proxy Service Please go here Where are you from ? 2 Luxembourg

Identity / Attribute provider Interoperability framework Identity / Attribute provider eIDAS Proxy Service Online service eIDAS Connector RNRPP 3 Select eID Authenticate Consent PIN: ******

Identity / Attribute provider Interoperability framework Identity / Attribute provider eIDAS Proxy Service Online service eIDAS Connector data data data RNRPP Access granted

Interoperability framework Deployment: eIDAS LU Proxy Service eIDAS LU Connector IdP/DBs connexions LuxTrust support Notification: LU eID card Notification: Some LuxTrust eIDs Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 2016 2017

Thank you Any question ?