Evolution in cross-border interoperability of eSignatures and eID - PowerPoint PPT Presentation

Evolution in cross border interoperability of esignatures and eid
1 / 20

  • Uploaded on
  • Presentation posted in: General

Evolution in cross-border interoperability of eSignatures and eID. Tarvi Martens SK, Estonia. Let’s read the title again!. “ Evolution in cross-border i nteroperability of eSignatures and eID ” Prerequisites: eID eSignature Evolution Cross-border interoperability.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.

Download Presentation

Evolution in cross-border interoperability of eSignatures and eID

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript

Evolution in cross border interoperability of esignatures and eid

Evolutionin cross-border interoperability of eSignatures and eID

Tarvi Martens

SK, Estonia

Let s read the title again

Let’s read the title again!

  • “Evolutionin cross-border interoperabilityof eSignatures and eID”

  • Prerequisites:

    • eID

      • eSignature

    • Evolution

    • Cross-border interoperability

European eid landscape

European eID landscape

Esignature landscape

eSignature landscape

Summary of current situation

Summary of current situation

  • eID deployment:

    • Some countries are leading

    • Some countries have “odd” solutions and/or are stalled

    • Number of countries have plans

    • Number of countries do not even have a plan

    • Deployment: 5-10 years

  • eSignature practice:

    • Used mostly in closed systems

    • No common understanding of “free-flowing digitally signed file”

Use of eid esignature in estonia

Use of eID & eSignature in Estonia

  • ID-card launched 6 years ago

  • Rollout “completed”, 1M+ cards out

  • Common system for eSignatures, widely accepted and deployed for 5+ years

  • All major e-services support ID-card

  • Internet voting deployed




  • ~80 000 users

Cross border interoperability

Cross-border interoperability

  • eID uptake low

  • Even worse with eSignatures

  • <1% of transactions cross-border

    Cross-border interoperability ???

Manchester declaration

Manchester declaration

  • By 2010 European citizens and businesses shall be able to benefit from secure means of electronic identification that maximise user convenience while respecting data protection regulations.

  • By 2010 Member States will have agreed a framework for reference to and where appropriate the use of authenticated electronic documents across the EU, as appropriate in terms of necessity and applicable law

The road to nirvana i2010

The road to Nirvana i2010

Drivers behind interop

Drivers behind interop

  • Political

    • eProcurement

    • Service Directive

  • Business

    • eBanking etc.

  • General

    • Common understanding of digital signature

    • Standardization in industry (cards, tools etc.)

Evolution yes

Evolution: yes!

  • Technically repeatedly piloted

    • IDABC Bridge/Gateway v.1.

    • European Bridge-CA (TeleTrust, Germany)

    • Euro-PKI, GUIDE, ...

    • openvalidation.org

  • Initatives to be observed today

    • De Norske Veritas e-notary service

    • Spanish eGov Validation Gateway

    • eApostille

    • Upcoming IDABC Bridge/Gateway v.2.

    • Upcoming eID Large Scale Project

Organizational issues

Organizational issues

  • Paper-ID interoperability works!

    • Miracles happen in border points

  • Organizational set-up of Paper-ID interop:

    • ICAO sets standards

    • Continuous information exhange by network of MoIA-s to the borderguards etc.

  • Organizational set-up of eID interop ???

    • Standards are not strict and not imposed

    • Continuous information exhange is missing completely

Need for foreign eid info

Need for (foreign) eID info

  • Collecting and managing eID/service info is a daily job, not project-based

  • What info is needed ?

    • Certificate validity (reference)

    • Certificate semantics

    • Certificate quality (!!!)

      • Hardware token vs. software certificate

      • Quality of service provider & certificate

      • Context of certificate issuance

      • ......

Handling foreign eid

Handling foreign eID


“What certificateis that?”

Certificate quality /semantics / validity

“Identity hub”

Certification & validation service providers

foreign user

Esignature handling

eSignature handling

“What documentis that?”


“What certificateis that?”

“translation” and assessment

Certificate quality /semantics / validity

“Identity hub”

Digital signingsoftware providers

Certification & validation service providers

Who will run the indentity hub

Who will run the Indentity Hub ?

  • EC does not have mandate (yet)

  • Single MS cannot afford it (to cover all Europe/World)

    • No actual demand (read: need covered with money)

    • Low volume of international transactions

    • Uptake of national eID-s is still underway

  • We need clear political agreement to create such a service in EU level

  • In future we can envisage situation where every MS runs its own “e-borderguard”

The other direction harmonization

The Other Direction - Harmonization

  • Standardization

  • European Citizen Card (ECC)

  • Common middleware

    • OpenSC

    • Windows Vista plug-and-play for smartcards

  • Various approaches and initiatives to solve differences in middleware layer

Legal problems

Legal problems

  • There is no eAuthentication Directive

  • National legislations hardly touch the subject

  • SP: “Who to sue if I will make wrong assessment on certificate inheritance/validity ?”

Bottom line

Bottom Line

  • We need to create and distribute eID-s first

    • Preferably PKI-based qualified certificates

  • Then teach holders of eID-s to use them

    • Estonian case: penetration ≠ usage

  • But interop shall be addressed NOW

    • Withouht vision, political will and hard work there would never been such thing as EU

Thank you


Thank You!

  • Login