the dutch enik on its way forward
TRANSCRIPT
-
8/14/2019 The Dutch eNIK on Its Way Forward
1/31
The Dutch eNIKon its way forward
Workshop Belgian eID
Katholieke Universiteit Leuven
September 16, 2009
TopForce B.V., Rotterdam www.topforce.com Elisabeth de Leeuw, September 2009 1
-
8/14/2019 The Dutch eNIK on Its Way Forward
2/31
Objectives of the eNIK to be 1
Like passports, intended for use in public (G2C) and private (B2B, B2C)domain
Though expected to be used mostly in private domain (by some of us)
1http://digitaalbestuur.nl/nieuws/vooral-privaat-gebruik-enik-als-hij-er-komt
The DutcheNIK
TopForce B.V., Rotterdam www.topforce.com Elisabeth de Leeuw, September 2009 2
-
8/14/2019 The Dutch eNIK on Its Way Forward
3/31
Objectives
G2C (need doubted by government officials)
access to personal records (health database)
access to e-government
electronic signature
B2B, B2C (need strongly felt by the market)
access to workplace and tele working
physical security
access to schools and hospitals
access to chat boxes
car and video rentals
identification for financial transactions
The DutcheNIK
TopForce B.V., Rotterdam www.topforce.com Elisabeth de Leeuw, September 2009 3
-
8/14/2019 The Dutch eNIK on Its Way Forward
4/31
Introduction postponed
By decision of Staatsecretaris Bijleveld, Minister of the Interior andKingdom Relations d.d. 9 december 2008:
No short term need for High level DigID (read: eNIK)
Needed only for Health Database
No general need
The DutcheNIK
TopForce B.V., Rotterdam www.topforce.com Elisabeth de Leeuw, September 2009 4
-
8/14/2019 The Dutch eNIK on Its Way Forward
5/31
Context of the eNIK to be
eNIK is strongly linked to
DigID
Dutch Travel Documents
Dutch Identity Documents
The DutcheNIK
TopForce B.V., Rotterdam www.topforce.com Elisabeth de Leeuw, September 2009 5
-
8/14/2019 The Dutch eNIK on Its Way Forward
6/31
Context: eNIK vs DigID
DigID stands for Digital IDentity
Shared between cooperating governmental agencies
Digital authentication of person(s) who apply for a publictransaction service via internet
Used in G2G, G2B, G2C
The DutcheNIK
TopForce B.V., Rotterdam www.topforce.com Elisabeth de Leeuw, September 2009 6
-
8/14/2019 The Dutch eNIK on Its Way Forward
7/31
Context: eNIK vs DigID
DigID security levels
1. High qualified eSignature compliant with EU legislation
2. Medium user name & password, SMS ticket /mobile phone
3. Basic user name & password
eNIK : High level DigID
The DutcheNIK
TopForce B.V., Rotterdam www.topforce.com Elisabeth de Leeuw, September 2009 7
-
8/14/2019 The Dutch eNIK on Its Way Forward
8/31
DigIDLevel
G2C
High eNIK level 3
Medium DigID - level 2 / 2+
Basic DigID - level 1 The DutcheNIK
TopForce B.V., Rotterdam www.topforce.com Elisabeth de Leeuw, September 2009 8
Context: eNIK vs DigID
-
8/14/2019 The Dutch eNIK on Its Way Forward
9/31
NIK: Travel Document
Limited validity
NIK: Identity Document
Just as passport, driving licence (To be) used in G2C, G2B, B2B, B2C
The DutcheNIK
TopForce B.V., Rotterdam www.topforce.com Elisabeth de Leeuw, September 2009 9
Context:(e)NIK vs Dutch ID Documents
-
8/14/2019 The Dutch eNIK on Its Way Forward
10/31
Context: (e)NIK ~ Dutch Travel Document
Passport
NIK
The DutcheNIK
TopForce B.V., Rotterdam www.topforce.com Elisabeth de Leeuw, September 2009 10
-
8/14/2019 The Dutch eNIK on Its Way Forward
11/31
Context: (e)NIK ~ Dutch Passport
High security level
Compliant with
international traveldocument legislation
September 2009 TopForce B.V., Rotterdam
The DutcheNIK
TopForce B.V., Rotterdam www.topforce.com Elisabeth de Leeuw, September 2009 11
-
8/14/2019 The Dutch eNIK on Its Way Forward
12/31
Context: (e)NIK ~ Dutch Passport
Traveldocument, valid in 35 countries, mainly EC
Each citizen legally entitled:
Paspoortwet Artikel 16a - Iedere Nederlander die als ingezetene inde basisadministratie persoonsgegevens van een gemeente isingeschreven, of die woonachtig is in een land waarvoor deNederlandse identiteitskaart geldig is, heeft binnen de grenzen vandeze wet bepaald, recht op verstrekking van eenNederlandseidentiteitskaart, geldig voor vijf jaren
The DutcheNIK
TopForce B.V., Rotterdam www.topforce.com Elisabeth de Leeuw, September 2009 12
-
8/14/2019 The Dutch eNIK on Its Way Forward
13/31
Current developments
Passport
ConsumentenID
DigID level 2+
eHerkenning
The DutcheNIK
TopForce B.V., Rotterdam www.topforce.com Elisabeth de Leeuw, September 2009 13
-
8/14/2019 The Dutch eNIK on Its Way Forward
14/31
Current development: passport
Application of biometrics
Face (26.08.2006)
Fingerprint (21.09.2009)
Storage of biometric features in public database
The DutcheNIK
TopForce B.V., Rotterdam www.topforce.com Elisabeth de Leeuw, September 2009 14
-
8/14/2019 The Dutch eNIK on Its Way Forward
15/31
Current development: consumentenID
The DutcheNIK
TopForce B.V., Rotterdam www.topforce.com Elisabeth de Leeuw, September 2009 15
-
8/14/2019 The Dutch eNIK on Its Way Forward
16/31
Principles Open ID
Single sign on (single authentication)
Federation
Low level of trust High participation
Initiators
ecp.nl
diginotar.nl
holder.nl
evidos.nl
The DutcheNIK
TopForce B.V., Rotterdam www.topforce.com Elisabeth de Leeuw, September 2009 16
Current development: consumentenID
-
8/14/2019 The Dutch eNIK on Its Way Forward
17/31
Current development: DigID level 2+
DigID & SMS+Validation of cell phone number at location of identity provider
IDPa sends BSN to DigIDs
DigIDs sends unique code to CPn and IDPa IDPe validates CPn in IDPa for Digid level 2+
IDPa = IDP applicationIDPe = IDP employee
DigIDs = Digid server
CPn = Cell Phone number
The DutcheNIK
TopForce B.V., Rotterdam www.topforce.com Elisabeth de Leeuw, September 2009 17
-
8/14/2019 The Dutch eNIK on Its Way Forward
18/31
Authentication for Health Database1:a. Short term: DigID level 2+
b. Long term: eNIK
Sub a. DigID level 2+ DigID & SMS+
Face-to-face authentication of cell phone number used to receive SMS tickets
DigID & RTDA (Remote Travel Document Authentication)
Authentication by means of (e) travel documents
1 Beveiligingeisen ten aanzien van identificatie en authenticatie voor toegangzorgconsument tot het Elektronisch Patintendossier (EPD),http://www.minvws.nl/includes/dl/openbestand.asp?File=/images/meva-2899251b-_tcm19-176979.pdf
The DutcheNIK
TopForce B.V., Rotterdam www.topforce.com Elisabeth de Leeuw, September 2009 18
Current development: DigID level 2+
-
8/14/2019 The Dutch eNIK on Its Way Forward
19/31
Sub a. DigID & RTDAAuthentication at website Health Database
Automatic link from HDw to DigIDW
Login at DigIDw level 2 (username, password, sms ticket)
Read eTD
travel document, chip inside, issue date > 26.08.2006, 100% proliferation > 26.08.2011
Write eTD number and valid through date to DigIDw
Authentication of eTD by DigIDw (BSN, eTD number, valid through date)
DigIDw authenticates for DigID level 3 The DutcheNIK
TopForce B.V., Rotterdam www.topforce.com Elisabeth de Leeuw, September 2009 19
eTD = electronic Travel DocumentHDw = Health Database Web ApplicationDigIDw = DigID Web Application
Current development: DigID level 2+
-
8/14/2019 The Dutch eNIK on Its Way Forward
20/31
Current development: eHerkenning
Primary goal: e-government G2Baccess to public e-services
electronic signature, non-repudiation
Primary requirements: based on Bedrijvenregister (authentieke registratie)
compatible with infrastructures abroad
The DutcheNIK
TopForce B.V., Rotterdam www.topforce.com Elisabeth de Leeuw, September 2009 20
-
8/14/2019 The Dutch eNIK on Its Way Forward
21/31
Current development: eHerkenning
Functions
Authentication of a natural person (employee, civil servant)
Authentication of a legal entity (company, public organisation)
Authorization of a natural person representing a legal entity(direct or by delegation)
The DutcheNIK
TopForce B.V., Rotterdam www.topforce.com Elisabeth de Leeuw, September 2009 21
-
8/14/2019 The Dutch eNIK on Its Way Forward
22/31
The DutcheNIK
Current development: eHerkenning
AuthorisationsAuthorisations
Government Business
Services
TopForce B.V., Rotterdam www.topforce.com Elisabeth de Leeuw, September 2009 22
i d e n t i t y p r o v i d e r s i d e n t i t y p r o v i d e r s
OrganisationsOrganisations
-
8/14/2019 The Dutch eNIK on Its Way Forward
23/31
Current development: eHerkenning
Functions
Access / single sign on to public e-services
Advanced and qualified electronic signatures in accordance withEU legislation
Management of entitlements
Direct entitlements
Delegated entitlements
Assured time stamping
The DutcheNIK
TopForce B.V., Rotterdam www.topforce.com Elisabeth de Leeuw, September 2009 23
-
8/14/2019 The Dutch eNIK on Its Way Forward
24/31
Current development: eHerkenning
TopForce B.V., Rotterdam www.topforce.com Elisabeth de Leeuw, September 2009 24
Public private network
Multiple identity providers, multiple credentials
From both public (Ministry of Finance) and private sector
(banking and finance, telecom) Both new and existing
Agreement on frameworkby the end of 2009
-
8/14/2019 The Dutch eNIK on Its Way Forward
25/31
Current development: eHerkenning
DigIDLevel
G2C G2B
High eNIK level 3 eHerkenning
Medium DigID - level 2 / 2+ eHerkenning
Basic DigID - level 1 eHerkenning The DutcheNIK
TopForce B.V., Rotterdam www.topforce.com Elisabeth de Leeuw, September 2009 25
-
8/14/2019 The Dutch eNIK on Its Way Forward
26/31
Current development: eHerkenning
Framework: public private cooperation, mutual consultation
Public domain
Launching customers: Antwoord voor Bedrijven (governmentcommunications), de Belastingdienst (Tax Office), Kamer van Koophandel
(Chambers of Commerce) Early adopters: Kadaster (Land Register), UWV (Unemployment Benefits),
MinLNV (Ministry of Agriculture), SenterNovem (Innovation)
Private domain
ECP- EPN Het CIO platform
VNO-NCW (Employers Federation)
MKB Nederland (Small and Medium Enterprises)
The DutcheNIK
TopForce B.V., Rotterdam www.topforce.com Elisabeth de Leeuw, September 2009
-
8/14/2019 The Dutch eNIK on Its Way Forward
27/31
Current development: eHerkenning
Roles NP Natural Person
PR PRivate party (companies and NGO's)
PU PUblic party: government organizations offering e-services
IB
Identity Broker: connection between PR, PU and EB EB Entitlement Broker: management and judgment of entitlements
CI Credential Issuer: issuing, management and verification of credentials
R Router: routing of requests from PR via EB to CI
Process sequence
NP > PR> PU > IB > EB > CI > PU > PR-> NPThe Dutch
eNIK
TopForce B.V., Rotterdam www.topforce.com Elisabeth de Leeuw, September 2009 27
-
8/14/2019 The Dutch eNIK on Its Way Forward
28/31
Considerations
Complex, multi (3*n) parties1, multi solutions, distributed ownership
Focus on government business case
Mixed focus, on both legal entitiesand natural persons
Authentication ofnaturalpersons
Authorization legalentities
(represented by natural persons)
Void: national eID (eNIK) for *2C postponed
Current development: eHerkenning
The DutcheNIK
TopForce B.V., Rotterdam www.topforce.com Elisabeth de Leeuw, September 2009 28
1 I.e. different instances of Services, Companies and Employees
-
8/14/2019 The Dutch eNIK on Its Way Forward
29/31
Considerations
Secure life cycle management multiple credentials
Private initiatives might weaken business case
Public and private business cases not necessarily compatible (security andvalidity of -, entitlement to credentials)
Link between physical-, legal entity and credential
Complex, distributed, multi party infrastructure
Rgie
Current development: eHerkenning
The DutcheNIK
TopForce B.V., Rotterdam www.topforce.com Elisabeth de Leeuw, September 2009 29
-
8/14/2019 The Dutch eNIK on Its Way Forward
30/31
Summary
The principal Dutch travel document Paspoort (passport), and it's little brother NederlandseIdentiteits Kaart or NIK, exist since the 19th century. For many years, the Dutch government hasbeen considering plans to turn the NIK into a so called eNIK, an electronic identity card, in orderto facilitate G2C and B2C transactions. However, no decision has been taken yet on theintroduction of the eNIK.
In this presentation, Elisabeth de Leeuw will outline the position of the eNIK-to-be in the futurepublic identity landscape. The eNIK is intended to fulfill the requirements of the Dutch DigitalIdentity Scheme or Digid. Yet being a travel document, the eNIK has also to comply with lawsand regulations on travel documents. Differences in the business cases for travel documents andelectronic identity cards are a potential cause of frictions.
Meanwhile, as time passes by, the urge for electronic identities is still
growing and private initiatives are on their way, which may have animpact on the role and position of the eNIK-to-be. The Dutch
eNIK
TopForce B.V., Rotterdam www.topforce.com Elisabeth de Leeuw, September 2009 30
-
8/14/2019 The Dutch eNIK on Its Way Forward
31/31
TopForce B V Rotterdam www topforce com Elisabeth de Leeuw September 2009 31
The Dutch eNIK
Thank you for listening!