E Authentication Standardisation Status - PowerPoint PPT Presentation

1 / 31
About This Presentation
Title:

E Authentication Standardisation Status

Description:

... on us / not on us. PKI on us / not on us. Service / Application ... Maintain contact (information transfer to and. from the following main groups) Porvoo group ... – PowerPoint PPT presentation

Number of Views:51
Avg rating:3.0/5.0
Slides: 32
Provided by: slb60
Category:

less

Transcript and Presenter's Notes

Title: E Authentication Standardisation Status


1
E - Authentication Standardisation Status
  • Related issues on E-ID
  • Porvoo 5 Conference
  • Talinn, May 13,14 May 2004
  • Theo van Sprundel
  • Axalto, a Schlumberger Company
  • Chair of CEN ISSS WS E- AUTH

2
Industry agreement on IAS before standard is
defined ....?
  • European Success of GSM repeated ?
  • Governements are key ...industry can reduce the
    riskes
  • Synopsis
  • Position of CWA E-auth
  • Part 1,2
  • Part 3,4
  • Way forward

3
Strategic Key Words in EAUTH
  • CEN ISSS CWA
  • OSCIE
  • Definitions ID according to formal registers
  • One smart card based EID (user view)
  • Physical
  • Networks
  • Differentiated use
  • (Soft) ID
  • (strong) Authentication
  • token to person
  • token to certificates
  • (Qualified) Signature
  • Multi application via loosely connection
  • of EID to (any) e-service

4
Functional IOP Requirements
Services E- health E-social security Driving
licence ID card E-commerce E-sport
...............
Processes Data Secure Components
Citizens My services
5
CEN ISSS WSA (CWA)
  • E-sign
  • E-sign initiative ? Qualified signature
  • Accepted
  • Well elaborated
  • Device authentication
  • E-auth
  • ESCC / OSCIE ? I A S
  • In development
  • IT Architecture for interoperability
  • Processes
  • Basis functions
  • Data
  • Components

6
Facts figures
  • Kick off meeting on September 16, 2003
  • 38 registered participants, 75 interested
    people on mailing list
  • Chair Theo van Sprundel, Axalto
  • Ambassador Jan van Arkel
  • Secretariat Catherine Protic, AFNOR
  • Project Team of 7 experts appointed in December
    2003
  • 1st Plenary on March 10, 2004
  • Draft CWA is due for July 2004, vision document
    is available
  • Next plenary on September 20, 2004
  • Final CWA for voting Q 4 2004

7
Documents in preparation
  • Architecture
  • Multi application issuer view
  • Human interface
  • Vision abassador results

8
Interoperability concept
  • Any IAS proces should be compliant
  • On us / not on us concept
  • Interoperability levels
  • Human interface compliant
  • Cards technology on us / not on us
  • PKI on us / not on us
  • Service / Application WEB/ XML / ....

9
CWA EAUTH Roadmap
  • First Plenary done
  • Direct feedback period May / June
  • Make yourself acquainted with content
  • First Draft Mid August
  • Second plenary meeting Mid September
  • Third plenary meeting November
  • Agreement on final draft for voting

10
Objectives of CWA Part 1
  • How is an eID system working
  • Functional architecture (models) (GIF 1)
  • IAS functional characteristics (GIF 1 and TB1)
  • How can interoperability of eID systems be
    established
  • What are the requirements to be fulfilled, prior
    to setting up the appropriate technical solutions
    (GIF 2 and TB1)
  • What are the technical concepts for this
    interoperability (GIF 1 and 3)
  • What are the interoperability specifications
    (eEPOCH WP3)

11
Synopsis of Part 1
  • Architecture for a European interoperable smart
    card infrastructure sharing common eID
  • Scope, normative references, definitions and
    abbreviations, conventions
  • Contextual model (i.e. trust, IAS) GIF 1
  • Conceptual model (i.e. archi., functions ) GIF
    1
  • Best practices in issuing eID TB1
  • IAS interoperability high level requirements
    GIF 2
  • IAS interoperability specifications eEPOCH

12
Interoperability Framework
13
Card Interface
14
Card-level interoperability
15
Terminal-level interoperability
16
PKI-level interoperability
17
Application-level interoperability
18
Closed eID scheme
19
(No Transcript)
20
Objectives of CWA Part 2
  • How can cards support Multi Application
    Environment using eID and their interoperability
  • MAS technical concepts and mapping with the eID
    one (TB7-3/GIF3)
  • MAS architecture and mapping with the eID
    one (TB7-5/GIF 1 and 2)
  • MAS business model and mapping with the eID
    requirements (TB7-2/GIF 1 and 2)
  • MAS legal framework and mapping with the eID
    requirements (TB7-1/GIF 1 and 2)

21
Synopsis of Part 2
  • Card scheme operator view, exploiting a European
    interoperable smart card infrastructure sharing
    common eID
  • Scope, normative references, definitions and
    abbreviations, conventions
  • CWA 2A MAS Architecture and technical concepts
  • Multi application cards and supporting systems
    TB7-3
  • Card Management Systems TB7-3
  • Interoperability in MAS TB7-3
  • Integrating applications into a MAS TB7-5
  • Mapping eID requirements with the MAS ones

22
Synopsis of Part 2
  • CWA 2B MAS Best practices Manual
  • Business models for MAS TB7-2
  • Business models for eID integrated into a MAS
  • Business model implementation approach TB7-2
  • Economic rationale for legal framework for MAS
    TB7-1
  • Legal framework for MA card TB7-1
  • Legal and contractual framework for MAS TB7-1
  • Mapping eID legal requirements with the MAS ones
  • Appendix Risk analysis for MAS TB7-1

23
Objectives of CWA Part 3
  • What are the human aspects to be dealt with (TB8)
  • When designing the user interface of a multi
    application card
  • When designing the user interface of an eID
    system
  • When getting a multi application eID token from
    public authorities
  • When using a multi application eID token in an
    eGovernment context (and beyond (?))
  • How to manage
  • Privacy issues in a multi application eID context
  • Cost transparency in a multi application eID
    context

24
Synopsis of Part 3
  • User views of a European interoperable smart
    card infrastructure sharing common eID
  • Scope, normative references, definitions and
    abbreviations, conventions
  • Approach and general principles
  • User requirements for smart card based ICT
    systems TB8-1
  • User requirements for IAS TB8-4
  • Guidelines to best practices TB8-1 4
  • Doing thinks with an eID smart card
  • Doing thinks to an eID smart card
  • Cost transparency TB8-3
  • Privacy code of conduct TB8-2

25
Objectives of part 4
  • seek wider involvement and consensus
  • harmonise the eAut function with Japan and US
  • harmonise with CEN 224 WG 15
  • harmonise with European demonstrator eEpoch
  • to gather input from Nat. Government bodies
  • offer a European Forum on eAuthentication

26
Activities in part 4
  • Disperse information and promote the
    Workshop activities
  • Maintain contact (information transfer to
    and from the following main groups)
  • Porvoo group
  • eEPoch project
  • eSign Area K
  • CEN TC224 WG 15 Citizen Europe Card
  • ISO SC 17
  • Global Collaboration Forum on IAS
  • Prepare eID vision document

27
eID Vision document
  • Directed at policy makers managers
    from national/local government as well
    as industry
  • Content
  • rationale for common eAut approach
  • inhibitors for common eAut approach
  • modelling and state of the art of legal issue,
    architectural model and standardisation
  • overview of strategic developments and
    deployment of eID in Europe and the rest of the
    world
  • status report on eEpoch
  • recommendations on follow up actions

28
Next steps
  • Outcome of the Requirements discussion in
    line with the results of Porvoo 5 meeting
  • Complete integration of the vision in CWA
    eAuth
  • Political support for for CWC E AUTH
  • Transfer of the results to
  • CEN TC 224 WG 15
  • ISO 7816

29
Autumn 2004
  • Combined conference on EID ?
  • eEpoch final
  • E-AUTH final
  • ESCC
  • Porvoo group
  • Alternatives
  • The Netherlands (IST conference, November, The
    Hague)
  • Czech Republic ( Conference December, Prague)
  • Be involved !!!!

30
Thank you for your kind attention !
  • Any questions now or later ?
  • WWW. afnor.fr
  • Theo van Sprundel
  • Tsprundel _at_ axalto.com
  • Mobile 31 655 888 247

31
E-eauth positioning
  • Policy / Legal
  • ESCC /Oscie / Euclid
  • E-sign initiative
  • EU directives
  • Porvoo group
  • Standards / technical
  • CEN ISSS CWA E-sign
  • CEN ISSS CWA E-auth
  • CEN TC 224 WG 14 ? ISO
  • Business / Operations
  • eEpoch demonstrators
Write a Comment
User Comments (0)
About PowerShow.com