Presentation is loading. Please wait.

Presentation is loading. Please wait.

1st MODINIS workshop Identity management in eGovernment Frank Robben General manager Crossroads Bank for Social Security Strategic advisor Federal Public.

Similar presentations


Presentation on theme: "1st MODINIS workshop Identity management in eGovernment Frank Robben General manager Crossroads Bank for Social Security Strategic advisor Federal Public."— Presentation transcript:

1 1st MODINIS workshop Identity management in eGovernment Frank Robben General manager Crossroads Bank for Social Security Strategic advisor Federal Public Service for ICT Sint-Pieterssteenweg 375 B-1040 Brussels E-mail: Frank.Robben@ksz.fgov.beFrank.Robben@ksz.fgov.be Website: http://www.law.kuleuven.ac.be/icri/frobbenhttp://www.law.kuleuven.ac.be/icri/frobben

2 2 © Frank RobbenLeuven, 4 May 2005 Structure of the contribution n proposal of objectives n proposal of a conceptual framework n choices made in Belgium n some international issues

3 3 © Frank RobbenLeuven, 4 May 2005 Objectives to be reached n be able to electronically -identify all relevant entities (physical persons, companies, applications, machines, …) -know the relevant characteristics of the entities -know that an entity has been mandated by another entity to perform a legal action -know the authorizations of the entities n in a sufficiently certain and secure way n in as much relations as possible (C2C, C2B, C2G, B2B, B2G, …) n using open interoperability standards

4 4 © Frank RobbenLeuven, 4 May 2005 Conceptual framework n entity: someone or something that has to be identified (e.g. a physical person, a company, a computer application, …) n attribute: a piece of information about an entity n identity: a number or a set of attributes of an entity that allows to know precisely who or what the entity is; an entity has only one identity, but this identity can be determined by several numbers or sets of attributes n characteristic: an attribute of an entity, other than an attribute determining its identity, such as a capacity, a function, a professional qualification,...; an entity can have several characteristics

5 5 © Frank RobbenLeuven, 4 May 2005 Conceptual framework n mandate: a right granted by an identified entity to another identified entity to perform well-defined legal actions in her name and for her account n registration: the process of determining the identity, a characteristic or a mandate of an entity with sufficient certainty, before putting at the disposal means by which the identity can be authenticated, or the characteristic or the mandate can be verified

6 6 © Frank RobbenLeuven, 4 May 2005 Conceptual framework n authentication of the identity: the process of checking whether the identity that an entity pretends to have, corresponds to the real identity; authentication of the identity can be done based on the verification of knowledge (e.g. a password), of possession (e.g. an electronic card), of biometrical characteristics or on a combination of those

7 7 © Frank RobbenLeuven, 4 May 2005 Conceptual framework n verification of a characteristic or a mandate: the process of checking whether a characteristic or a mandate that an entity pretends to have, corresponds to a real characteristic or mandate of that entity; the verification of a characteristic or a mandate can be done by the same kind of means as those used for the authentication of the identity, or, after the authentication of the identity, by consulting a database that contains information about characteristics of mandates related to identified entities

8 8 © Frank RobbenLeuven, 4 May 2005 Conceptual framework n authorization: a permission to an entity to perform a defined action or to use a defined service n authorization group: a group of authorizations n role: a group of authorizations or authorization groups related to a specific service n role based access: a method of assigning authorizations to entities by means of authorization groups and roles, in order to simplify the management of authorizations and their assignment to entities

9 9 © Frank RobbenLeuven, 4 May 2005 Choices made in Belgium n identification number for every citizen and every company -characterictics unicity –one entity – one identification number –same identification number is not assigned to several entities exhaustivity –every entity to be identified has an identification number stability through time –identification number should not contain variable characterics of the identified entity –identification number should not contain references to the identification number or characteristics of other entities –identification number should not change when a quality or characteristic of the identified entity changes

10 10 © Frank RobbenLeuven, 4 May 2005 Choices made in Belgium n art. 8, 7 Directive 95/46/EC: "Member States shall determine the conditions under which a national identification number or any other identifier of general application may be processed" -evolution towards meaningless identification numbers -unique identification numbers of citizens can only be used by instances authorized by a sectoral committee of the national privacy commission -patient identification number is a number derived from the unique number of the citizen -regulation on interconnection of personal data n registration of the identity of citizens by the municipalities

11 11 © Frank RobbenLeuven, 4 May 2005 Choices made in Belgium n registration of the identity of companies by company counters n registration of characteristics and mandates relevant for eGovernment by private or public bodies designated by government n authentication of the identity of physical persons by the electronic identity card n verification of characteristics and mandates relevant for eGovernment preferably by consulting authentic databases n multifunctional use of authentication and verification means n authorization is the responsibility of each service provider

12 12 © Frank RobbenLeuven, 4 May 2005 Choices made in Belgium n overall policy on security and privacy protection for eGovernment -security, integrity and confidentiality of government information are ensured by integrating ICT measures with structural, organizational, physical, personnel screening and other security measures according to agreed policies -personal information is only used for purposes compatible with the purposes of the collection of the information -personal information is only accessible to authorized institutions and users according to business needs, legislative or policy requirements

13 13 © Frank RobbenLeuven, 4 May 2005 Choices made in Belgium n overall policy on security and privacy protection for eGovernment -the authorizations for government bodies to communicate personal information to third parties are granted by sectoral committees of the privacy commission, designated by Parliament, after having checked whether the communication conditions (e.g. purpose limitation, proportionality) are met -the authorizations for communication are public -every concrete electronic communication of personal information by a government body is preventively checked on compliance with the existing authorizations by an independent institution managing the interoperability framework used for the communication -every concrete electronic communication of personal information by a government body is logged, to be able to trace possible abuse afterwards

14 14 © Frank RobbenLeuven, 4 May 2005 Choices made in Belgium n overall policy on security and privacy protection for eGovernment -every time information is used to take a decision, the used information is communicated to the concerned person together with the decision -every person has right to access and correct his own personal data -this system has been implemented in the Belgian social security sector for 10 years and is being extended to the whole Belgian government sector

15 15 © Frank RobbenLeuven, 4 May 2005 International context: some issues n determination of the means by which an entity can be identified within each country and across countries n the way identity management and characteristics management are well separated in order to guarantee the multifunctional use of identity authentication means n the quality insurance criteria for the registration procedures that are used to determine the identity, relevant characteristics or mandates before linking it to authentication or verification means n the quality insurance criteria for authentication and verification means and their use

16 16 © Frank RobbenLeuven, 4 May 2005 International context: some issues n an organizational, functional and technical interoperability framework to exchange identity, characteristics, mandate and authentication data based on open standards n the necessary legal framework for identity, characteristics and mandate management, with a good balance between trust enhancing measures and measures guaranteeing a free market

17 17 © Frank RobbenLeuven, 4 May 2005 International context: proposed method n to work out a common conceptual framework, a common vision and common basic principles n to translate these principles in common, measurable objectives n to ask every state to develop an action plan to achieve these objectives n to elaborate an architecture and guidebooks to implement the principles n to create a forum for the exchange of best practices

18 Th@nk you ! Any questions ?


Download ppt "1st MODINIS workshop Identity management in eGovernment Frank Robben General manager Crossroads Bank for Social Security Strategic advisor Federal Public."

Similar presentations


Ads by Google