European Electronic Identity Practices Country Update of Norway Speaker: Sverre Bauck Date:...
-
date post
19-Dec-2015 -
Category
Documents
-
view
218 -
download
0
Transcript of European Electronic Identity Practices Country Update of Norway Speaker: Sverre Bauck Date:...
European Electronic Identity Practices
Country Update of NorwaySpeaker: Sverre BauckDate: 2005-05-26
Historical facts
• After WWII there has been resistance against compulsary public identification systems in Norway.
• After 1970 the use of cheques became more and more widespread. The banks felt the need for identification systems to bad cheques.
• The government refused in 1975 to take action, and the banks established joint systems for bank identification cards; these became, and are, the de facto visual identification standard in Norway today.
Historical facts
• Net-banking has become very popular, and the banks are now bringing their visual identification systems into the electronic periode and a common inter-bank electronic eID system is coming up now.
Status of National legislation on eID
• Are eID specific regulations enacted and in place? Yes and No
• Name and date of the regulation(s):Electronic signature act
• Main elements of the regulatory system regarding:– liability
Status of National deployment of eID
• Name of the project: Sikkerhetsportal • Plans, piloting or implementation? Yes
• Is the card obligatory? No
• Starting date of issuance: 2005-09-30
Status of National deployment of eID
• Envisioned total number of cardholders:• Number of cards/certificates issued by 31-10-
2004:• Number of inhabitants:• Yearly growth rate (percentage):• Expected number of cards/eID certs by end
of 2007:
Status of national deployment of eID
• Basic functionalities of the eID card:- official ID document: Yes - European travel document: No - support of on-line access to e-Services: Yes
• Validity period of the card/certificates:
Status of national deployment of eID
• Price in Euros of the cards:- for the citizen:- for the card issuer: - price for the card reader and software:€ 10
• - any additonal costs for the user/relying party:
• From whom and how may the citizen obtain the end/user packages National Lottery
Basic ID function
• What cardholder data is electronically stored in the card: - national identifier Yes- family name, given name Yes- sex Yes - date of birth Yes- nationality No - others ........
Basic Authentication function
• What Cardholder Verification mechanism is used: - PIN? Yes - Biometrics? No- If Yes, what biometrics?- If No, is introduction of biometrics envisioned? Maybe
• Is there a PKI supported cardholder authentication mechanism? Yes
Basic Signing function
• Is a PKI supported signing mechanism (certificate and keypair) present for e-transaction services (non –repudiation)? Yes
eID based services
• What kind of services (include examples) are accessible to cardholders based on acceptance of the cards / eID Certificates:Many
• Total number of eID based services accessible by cardholders by 31.10.2004:
• Goal (in numbers/ percentage) of eID based services to be accessible to cardholders by the end of 2007:
eAuthentication Business models; financial
• What are the Charging/Revenue mechanisms?• What charges are levied for use of the card?• Is there a charge for checking certificates and if
so who pays for this?• Has a cost benefit analysis been compiled for
the eID scheme? If yes what are the main conclusions? No
• Is there a study report available?
eAuthentication Business models; public/private partnership
• Are non government bodies allowed to use the IAS or other card functions in support of their services?
• Is the card a multi-application smart card? Yes– If No, are there any plans for this and in what
timeframe?– If Yes, what percentage of the deployed card base is
multi-application smart card enabled?– If Yes, are additional services (other than core IAS)
loaded pre-issue or post issue or both?
Lessons learned so far
• Benefits have to be visible and exceed costs
Porvoo Group cooperation issues
• How to render useful and cost-efficient services to the citizen.
• Proposed Action(s): Information and education.
Current situation
• Banks are rolling out their eIDs and setting up PKI.
• Lacking formal standardisation is creating uncertainty about the use of these in communication between citizen and public services.
Current situation
• Need for personal and role certificate has been acknowledged in some sectors, and the market is maturing.
• There are several eID-systems with PKI-technology in use: Lottery, Health Insurance,and others. Mainly smartcards.
Constraints
• Public authourities voice need for legal regulations and control.
• Issuing and maintenance of cyber identities is expensive, and a general public service that could render such a service has not been established.
Constraints
• It seems likely that banks will provide the services, either de facto or under regulations.
• Need for cross-border PKI-services is growing rapidly; voiced by the National Bank, Tax authorities, E111-services
Challenges
•General need taken care of by banks.
•General public PKI-programmes tend to be driven technological ideologists and not by economic needs felt by citizens or public services.