1 / 34

Shaking hands ……..

Joint workshop of Porvoo and GCF hosted by the Porvoo 7 meeting May 26 2005, Reykjavik, Iceland moderated by Jan van Arkel , co–chair Porvoo acting chair GCF. Shaking hands ……. Porvoo Group. Established in Porvoo in April 2002

minya
Download Presentation

Shaking hands ……..

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Joint workshop of Porvoo and GCF hosted by the Porvoo 7 meeting May 26 2005, Reykjavik, Icelandmoderated by Jan van Arkel, co–chair Porvoo acting chair GCF

  2. Shaking hands ……..

  3. Porvoo Group • Established in Porvoo in April 2002 • A co-operative network of parties in charge of public certificates for citizens • Information exchange on eID experiences and nationaleID-projects in Europe • Develops the general usage of public certificates in The European Electronic Communication • Promotes the use of certificates and aims at making communication more convenient and offer where possible, a uniform solution for the European Citizen

  4. Global Collaboration Forum on world-wide interoperable IAS • Established in 2001 (as follow up of earlier EU-Japan contacts) • Participants: eESC, NICSS, NIST, Global Platform, Maosco, ISO • Regular bi-annual meetings ( Iceland is GCF 8) • Rotating chair (presently held by EU) • Products so far: - Mapping document of GIF/GSC-IS and NICSS Framework - Common Glossary of terms (in line with CWA 15264) - Draft for Common Requirements for eID in eGovernment domain (in line with CWA 15264) - common position on ISO 7816-13 - Individual contributions to ISO 24727

  5. The 3 regional frameworks eESC - GlF CWA 15264 eAut CEN 224_15 ECC NICSS-Framework V1.0 (NICSS) GSC-Framework V2.1 (NIST) & FIPS 201

  6. Long-term and Short-term Scopes of GCF GCF Participants (organizations): - Global Platform - Eurosmart - MAOSCO - ISO Long-term Activities • To share the information about participants’ activities and overall short-term activities and to discuss common issues of interest • To hold 2 Plenary Meetings annually • Activities related to long-term scopes are taken for two years as a start. Afterwards it is decided if these need to be continued. Short-term Activities • Each participant takes leadership in an area of his interest. • WG are established as required. The proposing participant is the leader. Short-term activities: E-Authentication MRTD DL Scheme for Multi-AP SC

  7. Agenda for the joint workshop • EU update ( J. van Arkel) • US eID development status update, Jim Dray, NIST, USA) - Homeland Security Presidential Directive HSPD No. 12 - status of FIPS 210 standard - status of ISO 24727, - status and plans for deployment • Japan status update - Japanese developments on eID, Hiroshi Shimada, Fujitsu/NICSS - Status of Asian Smart Card Forum, Shoji Miyamoto (Hitachi) • Discussion on a World eID Steering Committee ( by all )rationale for the joint workshop

  8. EU update Legal issue Standardisation Deployment

  9. What needs to be regulated? • Procedure when issuing an eID • Content of eID • Cardholder verification procedures • Data Protection • Liability • Revocation of eID

  10. What is already in place in the EU? • Privacy Directive + implementation in national legislation • E-sign Directive + implementation in national legislation • IAS: Discussion on Thomas Myhr report • EU council regulation on ePassports 15152/04 ; 2252/04 dd 13 Dec. 2004; • Decision of the EC 28 Feb. 2005 (technical specification in relation to standards on security and biometrics for Passports and travel documents) Pending: technical specification on fingerprint in passport

  11. Status in eID • Legal • Standardisation • Deployment

  12. Europe • CEN/ISSS WS eAuthentication (Government requirements, Architectural model, Business models, Legal Framework, Card issuer guidelines, Multi-application environment, Human interface aspects, eID policy vision) • CEN 224 WG 15 European Citizen Card (Policy and rules for CMS, Physical and logical card characteristics, data elements and structures, IAS procedures, Durability aspects)

  13. Results of WS eAut • CWA 15264- part 1: Architecture for a European interoperable eID system within a smart card infrastructure  • CWA 15264- part 2: Best Practice Manual for card scheme operators exploiting a multi-application card scheme incorporating interoperable IAS services • CWA 15264- part 3: User Requirements for a European interoperable eID system within a smart card infrastructure • eID Strategic Vision Report • Download area: http://www.cenorm.be/cenorm/businessdomains/businessdomains/isss/activity/wseaut.asp

  14. Status of CEN 224 –WG 15 ECC • Workgroup was launched in Feb 2004 • Chair: L. Gaston, Axalto, Secretariat: AFNOR • Constituency: 20+ organisations • 2 Subgroups are active: SG 1: Physical aspects; SG 2: Logical data aspects • Final meetings on May 11-12, 2005 in Vienna • 2 part Technical Standard will be out for voting after CEN 224 approval(additional parts on ECC management & business models and SC durability classes is pending)

  15. Electronic signature status • The eID systems shall support a secure and reliable cardholder electronic signature funtion for the purpose of legal validaty of the signature • For Europe the PKI system elements of the system shall be in complicance with the qualified digital signature as per article 5.1 of the EU directive 1999/93/EC on a Community framework for electronic signatures • The PKI system elements shall be in compliance with ETSI QCP 101456 • The PKI system elements shall be in compliance with CWA 14890 parts 1 –2

  16. Biometrics, SC 37 ISO SC 17 • ISO/IEC 19784-1 BioAPI, BioAPI specification • ISO/IEC 19785-1 Common Biometric Exchange formats (CBEFF) Part 1: Data Element Specification • ISO/IEC 19794-2 Biometric Data Interchange Format Part 2: Finger Minutiae Data Part 8: Finger Pattern Skeletal Data (Porvoo position?) Part 4: Finger Image Data (Porvoo position?) • SC 17 : ISO/IEC 7816-11 : Personal verification through biometric methods in ID’s

  17. ISO SC 17 • SC standard ISO/IEC 24727 part 1: architecture part 2: card interface (card edge) part 3: high level application API (BSI) (will be addressed by Jim Dray) • Deployment will be addressed by US, Japan and EU country updates.

  18. Discussion on a World-wideeID Steering committee

  19. Discussion on the concept of a World eID Steering Committee Excerpt from the agenda: The idea was launched at the Smart Card Charter conference in December 2004 in Prague. A first version of a vision paper is downloadable from the Porvoo 7 website. The basic idea being a mandated group of Government representatives on eID, setting World wide common requirements and stimulating the realisation of interoperability (adaptors).

  20. World eID forum documentdraft version 1.1. February 14 2005 Table of Content 1. Rationale 2. Vision 3. Scope 4. Objective 5. Participants 6. Organisation 7. Related organisations 8. Activities and Deliverables 9. Support and funding mechanism

  21. Vision: Why global eID? • global support of eServices (building block for trust, security, and convenience, without e-ID there is no real national and global eGovernment) • global combating of ID Fraud (causes more and more of a problem) • global anti-terrorism measure • Building a more global (European) society (making persons aware to be a –relevant- part of society as well as offering them a seamless experience)

  22. Some inhibitors so far • No strong leadership, no formal cooperation • State of the art of the technology and standardisation (dripping wet) • Costs and benefits, business cases • Not invented here (Scandinavia, GIXEL, DIF, other countries)

  23. Policy support of IAS (1) EU 2004 Report: Rethinking the European ICT agenda (10 ICT-Breakthroughs for reaching Lisbon Goals) The breakthrough that is needed is an increased ICT utilisation by establishing: - Authentication: Pan-European interoperability (minimum) or standardization (preferred) of authentication systems/platforms - Security: Pan-European emphasis on security standards in relation to access, identity theft and secure transactions

  24. Policy support of IAS(2) Resolution of the future Information Society policy of the Unionadopted on 10 December 2004 by the Council of the European Union (one of the 6 priorities):To create a favourable environment for industry and the public sector to develop, both in Europe and globally, effective and interoperable solutions, in particular for electronic payments, authentication, identity management as well as security.

  25. Policy support of IAS (3) G8 2004 Summit endorsed the statement “Accelerate development of international standards for the interoperability of government-issued smart chip passports and other government-issued identity documents. We will work for implementation by the 2005 Summit“ http: //www/g8usa.gov/d 060904f.htm

  26. There are relevant use cases for IAS (TC224/WG15) • E-Mail encryption and digital signature • The National Tax Board and administration • The National Social Insurance Board • Employee ID (physical & logical access) • Medical services access • Industrial security • National archive access • Public registries access

  27. European ID Management Projects • Modinis Study (operational) • Support progress towards a coherent approach in electronic identity management • Provide information on eID technologies, related market developments and technical requirements • Provide a prospective analysis of possible initiatives and solutions at European level • The GUIDE Project (FP6, operational) Research and develop an open identity management architecture as core technology for e-Government solutions • To create a world-class and innovative European e-Government market. • To demonstrate and evaluate solutions in the three major areas of e-Government services: A2A, A2B & A2C • CEN/ISSS WS MMUSST (operational) • TIFI project (under evaluation)Porvoo signeddeclaration of cooperation)

  28. SC17 WG4ISO/IEC 24727 TC224 WG15TS ECC E-Sign KCWA 14890 eEpoch WP3BIKE WSeAutCWA 15264 E-Sign GIF eEurope SC Charter CEN/ISSS

  29. Overview of relevant actors • Policy makers on eID in EU and other regions • Standardisation bodies • CEN CEN 224/WG 15 ECC • CEN/ISSS CWA 15264, CWA 14890 • ISOISO/IEC 24727 • Regional standardisation US FIPS 201, Japanese ICSS, Asian Card Forum • EU Industry consortia: • Germany: DIF • France: GIXEL • Porvoo Common Requirements • Eepoch BIKE • GCF Cooperative Framework • EU projects Guide, Modinis, Impact, • Regional & national deployment

  30. Report CEN/ISSS Focus group on eHealth (March 1, 2005) Establishing an Interoperability Platform The Member States, with the Commission, should establish a permanent platform with a mandate, and the necessary resources to promote eHealth interoperability based on standards and to facilitate co-operation between Member States. This eHealth interoperability platform should: • establish a Europe-wide view on the requirements for standardisation and itsimplementation in specific domains, in collaboration with standards organisations, based on input from relevant stakeholders communities; • encourage and promote an environment for detailed specifications testing, evaluation or certification, to achieve interoperability of systems based on standards; • establish a means for tracking and promoting good practice, and foster pilot implementations in compliance with the aforementioned environment; • encourage agreements across national borders and between professional groups; • encourage the further development of an appropriate European legal and regulatory framework; • promote the establishment of infrastructure services such as for the creation and maintenance of terminology systems and knowledge repositories.

  31. World eID Forum • Participants • Vision (everyone who shares the vision) • Interoperability charter (and signs the IOP charter) • Relevant stakeholders (eGovernment representatives) • Mandate (is this realistic?) • Organisation • New organisation? (preferable not, but how to organise?) • No legal entity • Chair and secretariat • No permanent staff • Activity plan

  32. World eID Forum Activity plan • Contributing to the legal issue of World wide interoperable eID • Setting joint requirements for interoperable World wide eID • Information exchange between participants on eID deployment • Set-up, maintenance and exploitation of an eID-body of knowledge • Exploiting an interoperability demonstrating and test environment, including Open Source solutions • Issuance of eID interoperability compliance certificates • Development of a eID Implementation and Guidance document offering- best practice information- choices in standards and preferred options in standards (PKCS #11 interface, PKCS #15 profile, harmonised Human Interface etc) - exploitation models- study into basic eID versus role based ID - study in International validation services etc ……….

  33. World eID Forum Support and funding mechanismsOption 1: Virtual, non funded organisation, embedded/part of other organisation, like Porvoo, GCF, Modinis project, Guide projectOption 2: Separate body with participation fee from participantsOption 3: CEN/ISSS Workshop for 2 year period(meaning small participation fee) Option 4: EU funded IST/IP project Other options?

  34. Questions for discussion …. • Is there a common understanding of the need? • Do we support the idea of a joint approach? • If yes, how to organise such an activity, in what context, and do we need more mandate? • What activities would we like to carry out? • ………….

More Related