The Dutch Enik On Its Way Forward

The Dutch eNIK on it’s way forward… Workshop Belgian eID Katholieke Universiteit Leuven September 16, 2009 © TopForce B.V., Rotterdam

www.topforce.com

Elisabeth de Leeuw, September 2009

1

Objectives of the eNIK – to – be

1

Like passports, intended for use in public (G2C) and private (B2B, B2C) domain Though expected to be used mostly in private domain (by some of us)

1http://digitaalbestuur.nl/nieuws/vooral-privaat-gebruik-enik-als-hij-er-komt

© TopForce B.V., Rotterdam

www.topforce.com

The Dutch eNIK

Elisabeth de Leeuw, September 2009

2

Objectives G2C (need doubted by government officials) • access to personal records (health database) • access to e-government • electronic signature B2B, B2C (need strongly felt by the market) • access to workplace and tele working • physical security • access to schools and hospitals • access to chat boxes • car and video rentals • identification for financial transactions © TopForce B.V., Rotterdam

www.topforce.com

The Dutch eNIK

Elisabeth de Leeuw, September 2009

3

Introduction postponed By decision of Staatsecretaris Bijleveld, Minister of the Interior and Kingdom Relations d.d. 9 december 2008:

No short term need for High level DigID (read: eNIK) • Needed only for Health Database • No general need

The Dutch eNIK © TopForce B.V., Rotterdam

www.topforce.com

Elisabeth de Leeuw, September 2009

4

Context of the eNIK – to – be

eNIK is strongly linked to • DigID • Dutch Travel Documents • Dutch Identity Documents

The Dutch eNIK © TopForce B.V., Rotterdam

www.topforce.com

Elisabeth de Leeuw, September 2009

5

Context: eNIK vs DigID DigID – stands for Digital IDentity • Shared between cooperating governmental agencies • Digital authentication of person(s) who apply for a public transaction service via internet • Used in G2G, G2B, G2C

The Dutch eNIK © TopForce B.V., Rotterdam

www.topforce.com

Elisabeth de Leeuw, September 2009

6

Context: eNIK vs DigID • DigID security levels 1.

High

– qualified eSignature compliant with EU legislation

2.

Medium – user name & password, SMS ticket /mobile phone

3.

Basic

– user name & password

• eNIK : High level DigID

The Dutch eNIK © TopForce B.V., Rotterdam

www.topforce.com

Elisabeth de Leeuw, September 2009

7

Context: eNIK vs DigID DigID Level

G2C

High

eNIK – level 3

Medium

DigID - level 2 / 2+

Basic

DigID - level 1

© TopForce B.V., Rotterdam

www.topforce.com

The Dutch eNIK Elisabeth de Leeuw, September 2009

8

Context:(e)NIK vs Dutch ID Documents NIK: Travel Document • Limited validity NIK: Identity Document • Just as passport, driving licence • (To be) used in G2C, G2B, B2B, B2C

The Dutch eNIK © TopForce B.V., Rotterdam

www.topforce.com

Elisabeth de Leeuw, September 2009

9

Context: (e)NIK ~ Dutch Travel Document • Passport

• NIK

© TopForce B.V., Rotterdam

The Dutch eNIK www.topforce.com

Elisabeth de Leeuw, September 2009

10

Context: (e)NIK ~ Dutch Passport

• High security level • Compliant with international travel document legislation

September 2009 © TopForce B.V., Rotterdam

© TopForce B.V., Rotterdam www.topforce.com

The Dutch eNIK

Elisabeth de Leeuw, September 2009

11

Context: (e)NIK ~ Dutch Passport • Traveldocument, valid in 35 countries, mainly EC • Each citizen legally entitled: – Paspoortwet Artikel 16a - Iedere Nederlander die als ingezetene in

de basisadministratie persoonsgegevens van een gemeente is ingeschreven, of die woonachtig is in een land waarvoor de Nederlandse identiteitskaart geldig is, heeft binnen de grenzen van deze wet bepaald, recht op verstrekking van een Nederlandse identiteitskaart, geldig voor vijf jaren

The Dutch eNIK © TopForce B.V., Rotterdam

www.topforce.com

Elisabeth de Leeuw, September 2009

12

Current developments •

Passport

•

ConsumentenID

•

DigID level 2+

•

eHerkenning

The Dutch eNIK © TopForce B.V., Rotterdam

www.topforce.com

Elisabeth de Leeuw, September 2009

13

Current development: passport

• Application of biometrics • Face (26.08.2006) • Fingerprint (21.09.2009) • Storage of biometric features in public database © TopForce B.V., Rotterdam

www.topforce.com

The Dutch eNIK

Elisabeth de Leeuw, September 2009

14

Current development: consumentenID

The Dutch eNIK © TopForce B.V., Rotterdam

www.topforce.com

Elisabeth de Leeuw, September 2009

15

Current development: consumentenID Principles • Open ID • Single sign on (single authentication) • Federation • Low level of trust • High participation Initiators • ecp.nl • diginotar.nl • holder.nl • evidos.nl © TopForce B.V., Rotterdam

The Dutch eNIK www.topforce.com

Elisabeth de Leeuw, September 2009

16

Current development: DigID level 2+ DigID & SMS+ Validation of cell phone number at location of identity provider

• • •

IDPa sends BSN to DigIDs DigIDs sends unique code to CPn and IDPa IDPe validates CPn in IDPa for Digid level 2+

IDPa IDPe DigIDs CPn

= IDP application = IDP employee = Digid server = Cell Phone number

© TopForce B.V., Rotterdam

www.topforce.com

The Dutch eNIK Elisabeth de Leeuw, September 2009

17

Current development: DigID level 2+ Authentication for Health Database1: a. Short term: DigID level 2+ b. Long term: eNIK Sub a. DigID level 2+ • DigID & SMS+ Face-to-face authentication of cell phone number used to receive SMS tickets • DigID & RTDA (Remote Travel Document Authentication) Authentication by means of (e) travel documents 1

Beveiligingeisen ten aanzien van identificatie en authenticatie voor toegang zorgconsument tot het Elektronisch Patiëntendossier (EPD),

http://www.minvws.nl/includes/dl/openbestand.asp?File=/images/meva2899251b-_tcm19-176979.pdf

© TopForce B.V., Rotterdam

www.topforce.com

The Dutch eNIK

Elisabeth de Leeuw, September 2009

18

Current development: DigID level 2+ Sub a. DigID & RTDA Authentication at website Health Database

• •

Automatic link from HDw to DigIDW Login at DigIDw level 2 (username, password, sms ticket)

•

Read eTD •

• • •

travel document, chip inside, issue date > 26.08.2006, 100% proliferation > 26.08.2011

Write eTD number and valid through date to DigIDw Authentication of eTD by DigIDw (BSN, eTD number, valid through date) DigIDw authenticates for DigID level 3

eTD = electronic Travel Document HDw = Health Database Web Application DigIDw = DigID Web Application © TopForce B.V., Rotterdam

www.topforce.com

The Dutch eNIK

Elisabeth de Leeuw, September 2009

19

Current development: eHerkenning Primary goal:

e-government G2B access to public e-services electronic signature, non-repudiation

Primary requirements: based on Bedrijvenregister (authentieke registratie) compatible with infrastructures abroad

The Dutch eNIK © TopForce B.V., Rotterdam

www.topforce.com

Elisabeth de Leeuw, September 2009

20

Current development: eHerkenning Functions •

Authentication of a natural person (employee, civil servant)

•

Authentication of a legal entity (company, public organisation)

•

Authorization of a natural person representing a legal entity (direct or by delegation)

The Dutch eNIK © TopForce B.V., Rotterdam

www.topforce.com

Elisabeth de Leeuw, September 2009

21

Current development: eHerkenning identity providers

identity providers

Authorisations

Authorisations

Organisations

Organisations

Services Government

© TopForce B.V., Rotterdam

Business

www.topforce.com

The Dutch eNIK

Elisabeth de Leeuw, September 2009

22

Current development: eHerkenning Functions •

Access / single sign on to public e-services

•

Advanced and qualified electronic signatures in accordance with EU legislation

•

Management of entitlements • •

•

Direct entitlements Delegated entitlements

Assured time stamping

© TopForce B.V., Rotterdam

www.topforce.com

The Dutch eNIK Elisabeth de Leeuw, September 2009

23

Current development: eHerkenning Public private network

Multiple identity providers, multiple credentials • From both public (Ministry of Finance) and private sector (banking and finance, telecom) • Both new and existing Agreement on framework by the end of 2009

© TopForce B.V., Rotterdam

www.topforce.com

Elisabeth de Leeuw, September 2009

24

Current development: eHerkenning DigID Level

G2C

G2B

High

eNIK – level 3

Medium

DigID - level 2 / 2+ eHerkenning

Basic

DigID - level 1

© TopForce B.V., Rotterdam

eHerkenning

eHerkenning

www.topforce.com

The Dutch eNIK

Elisabeth de Leeuw, September 2009

25

Current development: eHerkenning Framework: public private cooperation, mutual consultation Public domain • Launching customers: Antwoord voor Bedrijven (government communications), de Belastingdienst (Tax Office), Kamer van Koophandel (Chambers of Commerce) • Early adopters: Kadaster (Land Register), UWV (Unemployment Benefits), MinLNV (Ministry of Agriculture), SenterNovem (Innovation) Private domain • ECP- EPN • Het CIO platform • VNO-NCW (Employers Federation) • MKB Nederland (Small and Medium Enterprises) •© TopForce B.V., Rotterdam

www.topforce.com

The Dutch eNIK

Elisabeth de Leeuw, September 2009

Current development: eHerkenning Roles • NP – Natural Person • PR – PRivate party (companies and NGO's) • PU – PUblic party: government organizations offering e-services • IB – Identity Broker: connection between PR, PU and EB • EB – Entitlement Broker: management and judgment of entitlements • CI – Credential Issuer: issuing, management and verification of credentials • R – Router: routing of requests from PR via EB to CI Process sequence • NP –> PR –> PU

–>

IB –> EB

© TopForce B.V., Rotterdam

–>

CI –> PU

www.topforce.com

–>

PR

->

NP

The Dutch eNIK

Elisabeth de Leeuw, September 2009

27

Current development: eHerkenning Considerations • Complex, multi (3*n) parties1, multi solutions, distributed ownership • Focus on government business case • Mixed focus, on both legal entities and natural persons • Authentication of natural persons • Authorization legal entities (represented by natural persons) • Void: national eID (eNIK) for *2C postponed 1 I.e. different instances of Services, Companies and Employees © TopForce B.V., Rotterdam

www.topforce.com

The Dutch eNIK

Elisabeth de Leeuw, September 2009

28

Current development: eHerkenning Considerations • Secure life cycle management multiple credentials • Private initiatives might weaken business case • Public and private business cases not necessarily compatible (security and validity of -, entitlement to credentials) • Link between physical-, legal entity and credential • Complex, distributed, multi party infrastructure • Régie © TopForce B.V., Rotterdam

www.topforce.com

The Dutch eNIK

Elisabeth de Leeuw, September 2009

29

Summary The principal Dutch travel document Paspoort (passport), and it's little brother Nederlandse Identiteits Kaart or NIK, exist since the 19th century. For many years, the Dutch government has been considering plans to turn the NIK into a so called eNIK, an electronic identity card, in order to facilitate G2C and B2C transactions. However, no decision has been taken yet on the introduction of the eNIK. In this presentation, Elisabeth de Leeuw will outline the position of the eNIK-to-be in the future public identity landscape. The eNIK is intended to fulfill the requirements of the Dutch Digital Identity Scheme or Digid. Yet being a travel document, the eNIK has also to comply with laws and regulations on travel documents. Differences in the business cases for travel documents and electronic identity cards are a potential cause of frictions. Meanwhile, as time passes by, the urge for electronic identities is still growing and private initiatives are on their way, which may have an impact on the role and position of the eNIK-to-be.

© TopForce B.V., Rotterdam

www.topforce.com

The Dutch eNIK

Elisabeth de Leeuw, September 2009

30

The Dutch eNIK Thank you for listening!

© TopForce B.V., Rotterdam

www.topforce.com

Elisabeth de Leeuw, September 2009

31