1 / 29

e-ID and identity management aspects in the Belgian social sector

e-ID and identity management aspects in the Belgian social sector. Frank Robben General Manager Crossroads Bank for Social Security General Manager SmalS-MvM Sint-Pieterssteenweg 375 B-1040 Brussels E-mail: Frank.Robben@ksz.fgov.be CBSS website : www.ksz.fgov.be

joyce
Download Presentation

e-ID and identity management aspects in the Belgian social sector

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. e-ID and identity management aspectsin the Belgian social sector Frank Robben General Manager Crossroads Bank for Social Security General Manager SmalS-MvM Sint-Pieterssteenweg 375 B-1040 Brussels E-mail: Frank.Robben@ksz.fgov.be CBSS website : www.ksz.fgov.be Personal website: www.law.kuleuven.ac.be/icri/frobben

  2. Structure of the presentation • actual environment • electronic user and access management • eID: functions and additional needs • policy enforcement model • SIS card and eID • transnational aspects • needs: some use cases • proposal of concrete objectives ADAPID project (ADvanced APplications for electronic IDentity cards) - Tuesday 26th September 2006

  3. Actual environment • a network between all 2,000 social sector actors with a secure connection to the internet and other public (e.g. FedMAN) and private (e.g. Isabel) networks • a unique identification key • for every citizen, electronically readable from an electronic social security card (SIS card) and an electronic identity card (eID) • for every company • a task sharing between actors in the social sector and other sectors with regard to information management and information storage in authentic sources ADAPID project (ADvanced APplications for electronic IDentity cards) - Tuesday 26th September 2006

  4. Actual environment • 185 electronic services for mutual information exchange amongst all actors in the social sector, defined after process optimization • nearly all direct or indirect (via citizens or companies) paper-based information exchange between actors in the social sector has been abolished • in 2005 half a billion electronic messages were exchanged amongst actors in the social sector, which saved as many paper exchanges • an integrated portal site containing • electronic transactions for employers and citizens • information about the entire Belgian social security system • harmonized instructions and information model with regard to all electronic transactions • a personal page for each company ADAPID project (ADvanced APplications for electronic IDentity cards) - Tuesday 26th September 2006

  5. Actual environment • 36 electronic services for employers, either based on the electronic exchange of structured messages between software applications of the employers and software applications of actors in the social sector, or via the integrated portal site • 50 social security declaration forms have been abolished • in the remaining 30 declaration forms the number of headings has on average been reduced to a third of the previous number • declarations are limited to 3 events • immediate declaration of recruitment and discharge (only electronically) • quarterly declaration of salary and working times (only electronically) • 21 types of declarations of social risks (electronically or on paper) • in 2005 15,7 million electronic declarations were made by all 220,000 employers, 98 % of which from application to application ADAPID project (ADvanced APplications for electronic IDentity cards) - Tuesday 26th September 2006

  6. Actual environment • 4 electronic services for citizens via the integrated portal • 2 services to apply for social benefits • 2 services for consultation of social benefits • about 30 new services are foreseen • an integrated multimodal contact centre supported by a customer relationship management tool • an integrated e-workspace for professionals involved in the social sector with • e-teams • workflow throughout social sector actors (e.g. e-Leg) • a datawarehouse with integrated information for research and policy support, and policy evaluation ADAPID project (ADvanced APplications for electronic IDentity cards) - Tuesday 26th September 2006

  7. Actual environment • coordination by the Crossroads Bank for Social Security • definition of the vision and the strategy on E-government in the social sector and of the common principles related to information management • definition, implementation and management of an interoperability framework • secure messaging of several types of information (structured data, documents, images, metadata, …) with business logic and orchestration support • coordination of business process reengineering • stimulation of service oriented applications • management of a reference directory for • preventive control on the legitimacy of the information exchange • organisation of the routing of information • automatic communication of changes of information ADAPID project (ADvanced APplications for electronic IDentity cards) - Tuesday 26th September 2006

  8. Actual environment • reference directory • directory of available services/information • which information/services are available at any institution depending on the capacity in which a person/company is registered at each institution • directory of authorisation policies • which users/applications are authorized to access which information/services depending on the capacity in which a person/company is registered at each institution • directory of data subjects • which persons/companies have personal files in which institutions for which periods of time, and in which capacity they are registered • subscription table • which users/applications want to automatically receive what services in which situations for which persons/companies in which capacity ADAPID project (ADvanced APplications for electronic IDentity cards) - Tuesday 26th September 2006

  9. Electronic user & access management • eID • electronic identification and authentication of the identity of physical persons over the age of 12 who are registered in the Belgian population registers • electronic signature of these persons • additional needs • electronic identification and authentication of the identity of physical persons under the age of 12 or who are not registered in the Belgian population registers • authentication of characteristics (e.g. a capacity, a function, a professional qualification) • authentication of mandates between a legal or physical person to whom an electronic transaction relates and the person carrying out that transaction • authorisation management • towards an eID based on biometrics ? ADAPID project (ADvanced APplications for electronic IDentity cards) - Tuesday 26th September 2006

  10. Policy Enforcement Model Action on Action application on Policy DENIED application User Enforcement Application PERMITTED ( PEP ) Action on application Decision Decision request reply Information request/ Policy Decision Policy reply retrieval (PDP) Information request/ reply Policy Policy Administration Policy Information Policy Information management ( PAP ) ( PIP ) ( PIP ) Manager Policy repository Authentic source Authentic source ADAPID project (ADvanced APplications for electronic IDentity cards) - Tuesday 26th September 2006

  11. Policy Enforcement Point (PEP) • intercepts the request for authorisation with all available information about the user, the action being requested, the resources and the environment • passes on the request for authorisation to the Policy Decision Point (PDP) and extracts a decision regarding authorisation • grants access to the application and provides relevant credentials Action on Action application on Policy DENIED application User Enforcement Application PERMITTED ( PEP ) Action on application Decision Decision request reply Policy Decision (PDP) ADAPID project (ADvanced APplications for electronic IDentity cards) - Tuesday 26th September 2006

  12. Policy Decision Point (PDP) • based on the request for authorisation received, retrieves the appropriate authorisation policy from the Policy Administration Point(s) (PAP) • evaluates the policy and, if necessary, retrieves the relevant information from the Policy Information Point(s) (PIP) • takes the authorisation decision (permit/deny/not applicable) and sends it to the PEP Policy Enforcement ( PEP ) Decision Decision request reply Information request/ Policy Policy Decision reply retrieval (PDP) Information request/ reply Policy Administration Policy Information Policy Information ( PAP ) ( PIP ) ( PIP ) ADAPID project (ADvanced APplications for electronic IDentity cards) - Tuesday 26th September 2006

  13. Policy Administration Point (PAP) • environment to store and manage authorisation policies by authorised person(s) appointed by the application managers • puts authorisation policies at the disposal of the PDP Policy Policy management retrieval PDP PAP Manager Policy repository ADAPID project (ADvanced APplications for electronic IDentity cards) - Tuesday 26th September 2006

  14. Policy Information Point (PIP) • puts information at the disposal of the PDP in order to evaluate authorisation policies (authentic sources with characteristics, mandates, etc.) Information request/ reply PDP Information request/ reply PIP 1 PIP 2 Authentic source Authentic source ADAPID project (ADvanced APplications for electronic IDentity cards) - Tuesday 26th September 2006

  15. eID and social security portal • all end-user applications are divided into categories based on the required level of security • all applications can be used with the eID as a means of electronic identification and authentication of identity • some applications can also be used (temporarily) on the basis of a user-id, password and, where appropriate, a citizen token or a public servant token • electronic signatures can be put with the eID • the policy enforcement model is being implemented for the authentication of characteristics and mandates and for authorisation management ADAPID project (ADvanced APplications for electronic IDentity cards) - Tuesday 26th September 2006

  16. SIS card and eID • gradual replacement of the functions of the SIS card once the following conditions have been fulfilled • function of electronic identification: overall availability of the eID • function of proof of the insurability in the health care sector • secure on line access by the health care providers to the insurability information available at the sickness funds • electronic identification and authentication of the identity, characteristics and mandates of the health care providers • preservation of the SIS card or a similar solution for persons who do not possess an eID (persons not residing in Belgium, children under the age of 12, etc.) • availability of readers that can read both the SIS-card and the eID ADAPID project (ADvanced APplications for electronic IDentity cards) - Tuesday 26th September 2006

  17. Transnational aspects • need to be able to electonically • identify and authenticate the identity of all relevant entities (physical persons, companies, …) • authenticate the relevant characteristics of the entities • authenticate that an entity has been mandated by another entity to perform a legal action • need to implement the objective and related actions from the interministerial statement about E-government in the EU issued on 24th November 2005 ADAPID project (ADvanced APplications for electronic IDentity cards) - Tuesday 26th September 2006

  18. Interministerial statement “By 2010 European citizens and business shall be able to benefit from secure means of electronic identification that maximise user convenience while respecting data protection regulations. Such means shall be made available under the responsibility of the Member States, but recognised across the EU.” ADAPID project (ADvanced APplications for electronic IDentity cards) - Tuesday 26th September 2006

  19. Interministerial statement: actions • “Member States will, during 2006, agree a process and roadmap for achieving the electronic identity objectives and address the national and European legal barriers to the achievement of the electronic identity objectives; work in this area is essential for public administrations to deliver personalised electronic services with no ambiguity as to the user’s identity.” • “Member States will, over the period 2006-2010, work towards the mutual recognition of national electronic identities by testing, piloting and implementing suitable technologies and methods.” ADAPID project (ADvanced APplications for electronic IDentity cards) - Tuesday 26th September 2006

  20. Some use cases • individual residing in Member State A is temporarily employed (posted) in Member State B • the employer or his representative has to ask for authorization from the competent social security institution of Member State A • the competent social security institution of Member State A (electronically) sends an E101-form to the competent social security institution of Member State B => need for (interrelated) identification of the employer, his representative and the employee in both Member States, need for authentication of the characteristic "employer" and need for authentication of the mandate of the representative ADAPID project (ADvanced APplications for electronic IDentity cards) - Tuesday 26th September 2006

  21. Some use cases • individual residing in Member State A works, studies or looks for work in Member State B => need for (interrelated) identification of the individual in both Member States • individual residing in Member State A simultaneously works in various other Member States => need for (interrelated) identification of the individual in all Member States • individual residing in Member State A needs health care in member State B (form E111, (e)EHIC) => need for (interrelated) identification of the individual in both Member States ADAPID project (ADvanced APplications for electronic IDentity cards) - Tuesday 26th September 2006

  22. Some use cases • individual residing in Member State A has to exchange (in an electronic way) data with public authorities in Member State B => need for (interrelated) identification of the individual in both Member States • employer or his representative residing in Member State A has to exchange (in an electronic way) data about his employees with public authorities in Member State B => need for (interrelated) identification in both Member States of the employer, his representative and the employees, need for authentication of the characteristic of "employer" and need for authentication of the mandate of the representative ADAPID project (ADvanced APplications for electronic IDentity cards) - Tuesday 26th September 2006

  23. User awareness and acceptance Identify user benefits, awareness, promotion formulate vision Wide awareness campaign Use Cases (eProcurement,, migrant workers) Validation and key applications Testbeds / pilots, e.g. in CIP e-procurement, health info networks CEC as ‘lead user’ eTEN, IDABC testbeds specifications European inter-operability Semantic IST R&D for federated, multi-level, secure eIDM Common eIDM Framework Federated eID Management Organisational CEN eIDM standardisation link to ECC Technical IDABC business attestations study eID management at national level IDABC e-sign studies eIDM at national level Explain role of e-sign Directive Legal certainty Authentication Model & Levels Equal Treatment of national eIDs EU provisions: Recognition of national eIDs Modinis study Common principles, minimal norms Definition of eID eID Role Management Personal Data Ownership Model eID Terminology & Objectives 2006 2007 2008 2009 2010 country inputs Network and IT security Authentication levels overview (ENISA)

  24. Proposal of concrete objectives • internationally, authentication levels are established in relation to identity, characteristics and mandates • each country has registration procedures for establishing the identity of individuals residing in their own country, according to the internationally established authentication levels • each country has registration procedures for establishing the identity of legal entities and actual associations that are established in their own country, according to the internationally established authentication levels ADAPID project (ADvanced APplications for electronic IDentity cards) - Tuesday 26th September 2006

  25. Proposal of concrete objectives • each country makes available to each individual, each legal entity and each actual association for whom/which the identity is established in accordance with the registration procedures, the means by which the concerned entity can produce and prove its identity (whether or not in a particular context) locally or remotely, verbally, visually and electronically on the territory of the country in question, without that entity’s identity being confused with the identity of another individual person, legal entity or actual association in that country ADAPID project (ADvanced APplications for electronic IDentity cards) - Tuesday 26th September 2006

  26. Proposal of concrete objectives • each country has registration procedures for establishing the type of characteristics indicated by an internationally accredited body, according to the internationally established authentication levels • each country has registration procedures for establishing the mandate of an individual to represent a legal entity or actual association, and the other types of mandates that are indicated by an internationally accredited body, according to the internationally established authentication levels ADAPID project (ADvanced APplications for electronic IDentity cards) - Tuesday 26th September 2006

  27. Proposal of concrete objectives • each country has the necessary systems to produce and prove the characteristics and mandates of individuals, legal entities and actual associations that have been established according to the registration procedures (whether or not in a particular context), locally or remotely, verbally, visually and electronically on the territory of the country in question, either with the permission of the concerned entity or in accordance with a statutory or legal provision ADAPID project (ADvanced APplications for electronic IDentity cards) - Tuesday 26th September 2006

  28. Proposal of concrete objectives • under the coordination of the European Commission, the Member States of the EU develop EU standards and specifications to ensure the semantic and technical interoperability of resources for producing and proving electronically the identity, characteristics and mandates through or in relation to individuals, legal entities and actual associations on the territory of other Member States ADAPID project (ADvanced APplications for electronic IDentity cards) - Tuesday 26th September 2006

  29. More information • social security portal www.socialsecurity.be • website Crossroads Bank for Social Security www.ksz.fgov.be • personal website of the speaker www.law.kuleuven.ac.be/icri/frobben ADAPID project (ADvanced APplications for electronic IDentity cards) - Tuesday 26th September 2006

More Related