case study: norway
DESCRIPTION
TOR ALVIK, Specialist Director at the Agency for Public Management and eGovernment (Difi ), Norway, at the European IRM Summit 2014.TRANSCRIPT
Identity Relationship Management Summit - Dublin
Tor Alvik, Specialist Director e-ID, Agency for Public Management and eGovernment (Difi)
Difi - The Norwegian Agency for Public Management and eGovernment
Direktoratet for forvaltning og IKT
• Executive Agency established 1 January 2008
• To assist in reforming and developing the public sector
• Ca. 230 employees: 90 in Leikanger and 140 in Oslo
• Reports to the Ministry for Local Government and Modernisation
Setting up a common platform
ActionsNew regulation: From Consent to Reservation
Common components – building blocks
eID solution for security
Secure eMailbox for information delivery
Contact Register with mobil-number and email-adresses for alerting - for citizens and enterprises
Register for reservation
Common infrastructure for reporting – Altinn
Central registers for people, enterprises and properties available
April 17th 2012Agency for Public Management and
eGovernmentYou have new message
Januar
…. 2006 2007 20092008 ++ 2010
Tjenestenes fordeling:
2156595597
ID-porten (the ID-portal) – common authentication to eGov services
…
Nasjonalt ID-kort
About 500 services from about 300 public agencies
ID-porten authentication portal. 50 mill transactions in 2014
National ID-card with eID is planned for 2016 - 2017
eID in Norway (pop. 5 million)MinID (MyID) – Difi’s common eGov eID (open source)
> 3.1million users
One-time password based, medium security (level 3 of 4)
BankID – common solution for all banks>3.1million users, > 234 services (mainly bank, finance, payment)
PKI-based, closed, proprietary solution, high security (level 4)
BankID on mobile phones, electronic identification and signing with the security elements stored in the mobile phone’s SIM card, 425. 000 users
Buypass – smart card solutions> 2 million cards, mostly National Lottery cards, many services
National Lottery cards issued at security level 3 (3DES, non-PKI)
Cards are easily upgraded to PKI-based (level 4), about 350.000 users
Main model: Closed, proprietary – but also open solutions
Commfides – small actor, open (and open source) solutionsAiming particularly at employee eID using USB sticks (level 4)
FEIDE – common eID in higher educationPassword-based (level 2)“Kalmar-2” union across Nordic countries
Authentication via ID-porten
ID-porten
Service
Autenticate
eID
SAML token identifying user, eID used and assurance level of eID
Set session cookie to enable single sign-on
Redirect to ID-porten
Back-channel between service and ID-porten
Facts and numbers
Direktoratet for forvaltning og IKT
Januar Februar Mars April Mai Juni Juli August September Oktober November Desember0
1,000,000
2,000,000
3,000,000
4,000,000
5,000,000
6,000,000
7,000,000
20142013
Transactions
BankI
D
Konta
ktre
giste
ret
Sikker
pos
t
MinI
D
Innlo
gging
spro
blem
Nullst
illing
0
2000
4000
6000
8000
10000
12000
14000
16000
18000
20000
Series1
Help desk
00:0
0 -
01:0
001
:00
- 02
:00
02:0
0 -
03:0
003
:00
- 04
:00
04:0
0 -
05:0
005
:00
- 06
:00
06:0
0 -
07:0
007
:00
- 08
:00
08:0
0 -
09:0
009
:00
- 10
:00
10:0
0 -
11:0
011
:00
- 12
:00
12:0
0 -
13:0
013
:00
- 14
:00
14:0
0 -
15:0
015
:00
- 16
:00
16:0
0 -
17:0
017
:00
- 18
:00
18:0
0 -
19:0
019
:00
- 20
:00
20:0
0 -
21:0
021
:00
- 22
:00
22:0
0 -
23:0
023
:00
- 24
:00
Dag 1
-
20,000
40,000
60,000
80,000
100,000
120,000
140,000 Taxes made public
Agency for Public Management and eGovernment
Common needs and requirementsPublic agencies and end-
users
TechnologyCost-/benefit,
possibilities and innovation
TrendsDevelopments in
society
New service?Possible new serviceChanges to existing services
External forces promoting changes in the e-ID gateway
Agency for Public Management and eGovernment
Strategic priority areas: e-ID services
• Physical persons with a european e-ID can be authenticated in the e-ID gateway.
• Persons without a norwegian or european e-ID kan be authenticated in the e-ID gateway.
• The e-ID gateway is used by employee end-users to a greater degree.
Authentication
• End-users with a Norwegian e-ID can sign documents electronically for public services.
• Signed electronic documents can be validated.
• End-users with a european e-ID can sign documents electronically for Norwegian public services.
E-signature and validation
• End-to-end secure communication between customers of the e-ID gateway and the end-users.
Encryption
• Offer timestamping services to the customers of the e-ID gateway.
Timestamping
Public services’ needs for authenticating persons are
covered.
Public services’ needs for e-signature and validation
services are covered.
Assist in enabling secure, digital communication between end-users and
public services.
Public services’ needs for timestamping services are
covered.
Icons by flaticon.com under CC BY. Authors: Appzgear and Freepik
Agency for Public Management and eGovernment
Strategic priority areas:User experience and Professional management
•The e-ID gateway has a high usability for the end-users.
•The e-ID gateway is available to most end-users.
e-ID
•Services on the e-ID gateway can be intregrated in apps and similar technologies
•Services on the e-ID gateway are available on the most relevant end-user platforms.
Mobile platforms
•Continuous improvement of processes that contribute to secure, robust and effective services.
•Management of the e-ID gateway is coordinated with the other common components in the public sector.
Professional management
The e-ID gateway is available to most end-
users, with high usability.
Services on the e-ID gateway are available on
end-users’ preferred platforms.
Professional, continous improvement of e-ID
gateway management.
Icons by flaticon.com under CC BY. Authors: Appzgear and Freepik
Agency for Public Management and eGovernment
e-ID gateway roadmap
Prof
essi
onal
man
agem
ent
e-ID services User experience
2015 2016-2019
e-ID
ser
vice
s
2014
Self-registering e-ID service
VISION
The e-ID gateway ensures secure digital, public management
2020+
TODAY■ The e-ID gateway enables
secure login for Norwegian citizens
Professional, continous improvement of e-ID gateway management.
Covered public agencies’ needs for: • Authenticating persons• E-signature and validation services• Timestamping servicess• Secureelectronic communication
The e-ID gateway is available to most end-users, with services available on relevant platforms, with high usability.
Support for european e-IDs
The e-ID gateway is used by employee end-users
e-signature on documents from citizens (C2G)
Support for international e-IDs
e-ID validation services
Timestamping service
National e-ID
Revised principles for e-IDs available
through the gatewayMobile platforms
Governance processes
Coordination with the other common components
Independence of customer-installed software is central
Availability on ”all” end-user platforms is important
BankID 2.0 was built as a web app based on standard web technologies
ID-porten and cross border services.
Norway is member of e-SENS and CEF and must follow Eidas regulation.
Cross border services is so far planned used in two e-SENS pilots
5.4 Business life cycle Cross border company registration together with Sweden.
5.1 – Procurement . Tendering process between Contracting Authorities (CA) and Economic Operators (EO) mentioned in the WP5 Domain Use Case for eTendering. Preaward face.
Direktoratet for forvaltning og IKT
Dörthe Koerner
IdentifikatorPerson nummerSamordningsnummer
IdentifikatorPerson nummerD-nummer
Business registration NO SE
19.06.2014
[email protected] www.difi.no