e SENS Electronic Simple European Networked Services Trust in the Digital World Madrid, February 26 th, 2015 e SENS Pilots of eid, esignatures and Trusted Services Lefteris Leontaridis, e SENS Piloting Manager
The e SENS Large Scale Project Public administration, agencies and private companies from 21 countries interoperable IT solutions public services in Europe cross border access Connecting Europe Facility TEN TELE Regulation e IDAS Regulation
Re using technical solutions e Identity e Documents e Delivery e Signatures
e Government services in different Domains e Procurement Business Lifecycle e Justice e Health
E ID 5 27/2/2015
Use of BBs in National Pilots: eid MS PILOTS IN EACH DOMAIN (08.02.2015) UC 5.1.1 etender ing 5.1 eprocurement 5.2 ehealth 5.3 e Justice 5.4 Business Lifecycle UC 5.1.2 VCD UC 5.1.4 einvoice /eorder UC 5.2.1 epr/ps UC 5.2.2 econfir mation UC 5.3.1 Matrimonial matters UC 5.3.4 EAPO UC 5.4.1 Business Registration UC 5.4.2 Activity Registration Use of e SENS BBs eid M/P Y Y Y Y Germany Austria Czech Rep Denmark Y Y Estonia Y Spain Y Y France Greece M/P Y Y Ireland Italy Y Y Luxembourg Y Netherlands M/P Norway M/P Poland Y Portugal Y Romania Sweden M/P Y Slovenia Y 6Slovakia 27/02/2015 e SENS GA WP5 Turkey
Use of eid in Domain Pilots (1/2) 7 eprocurement Domain: etendering Identification and registration in etendering platforms Changes introduced by a 4 corner model Federated signing based on eid using STORK cross border Certain personal attributes may need special data protection treatment ehealth Domain: Patient Summary/ePrescription Patient identification using federated eid last mile over other intermediaries e.g. FutureID Use of ehealth specific eids potential for an extended attribute set to be agreed by MS and carried over STORK The mobile eid BB may be usable 05.09.2014
Use of eid in Domain Pilots (2/2) Business Lifecycle Domain Identification is the start of the registration process Federated signing using eid Activity to agree on an extended set of attributes for service fulfillment that may be carried over STORK Coming up Citizen lifecycle use cases same scenario as business lifecycle but with other administrations econfirmation: Can use the ehealth solution (same trigger in both business processes) 8 05.09.2014
Ways to use the eid DSI E Services with direct access to STORK Use of national eid/esign platforms that use STORK in the background Swedish federated signing Others Use of intermediaries that access STORK in the background among offer other options for authentication and attribute provision FutureID Mobile eid (upcoming SBB) New or emerging PEPS (NO, DK) 9 05.09.2014
E SIGNATURES
Use of BBs in National Pilots: 11 esignatures MS PILOTS IN EACH DOMAIN (08.02.2015) UC 5.1.1 etender ing 5.1 eprocurement 5.2 ehealth 5.3 e Justice 5.4 Business Lifecycle UC 5.1.2 VCD UC 5.1.4 einvoice /eorder UC 5.2.1 epr/ps UC 5.2.2 econfir mation UC 5.3.1 Matrimonial matters UC 5.3.4 EAPO UC 5.4.1 Business Registration UC 5.4.2 Activity Registration Use of e SENS BBs esignatures Y Y Y Y Y Y Y Germany Y Y Y Austria Czech Rep Denmark M/P M/P Estonia Y Y Spain Y France Y Y Greece Y Y Y Ireland Italy Y Y Luxembourg Netherlands Y Y Y Norway Y M/P Poland Y Y Y Y Portugal Y Romania Sweden Y Slovenia Y Slovakia 27/02/2015 e SENS GA WP5 Turkey
Sign locally and deliver Pro User can use her signing solution Con Incompatibility wrt. signing policies Format variants
Sign at SP user interface Pro Integration with SP environment SP determines policies Con Needs good knowledge of all European tokens Governance (test tokens for SPs)
Signing Service using federated authentication Pro Builds on auth. infrastructure User can sign without own infrastructure Con User must trust a foreign sig. service Signing service may not be deployed by all gvmts.
Trust Library TrustOK Token Pro Receiver does not have to validate the signature on the business document himself Avoidscross border signature verification Allows to mention unsigned documents to be legally binding within the borders of the sending MS Con Trust model works for closed environments and need sign circle of trust agreement
Use of esignatures in Domain Pilots (1/2) eprocurement Domain: etendering Signing tenders, signing contracts, signing individual tender documents eprocurement Domain: : Virtual Company Dossier Signing the VCD package, possibly signing ESPD ehealth Domain: Patient Summary/ePrescription Scoped out at this stage, will be revisited ehealth Domain : econfirmation Signed econfirmation document from home country (and outgoing request) Signing and validation done by competent authorities to minimize validation scope 16 05.09.2014
Use of esignatures in Domain Pilots (2/2) ejustice Domain Signed eddocuments in both use cases Expected to continue e CODEX practice of valdating in the sender country Business Lifecycle Domain Signing at the Single Point of Contact/Business Registry National platforms with federated signing using STORK Some documents may be signed at the country of origin Will use validation solutions such as SD DSS The choice of use case (company type activity type) by MS tries to minimize this 17 05.09.2014
Ways to use the esignature DSI 18 Some countries adopted or are in process of implementing the SD DSS tool Poland, Greece, France, etc, Norway, Denmark etc, considering need to support them National solutions for signing and validation Spain: @Firma Sweden: Federated signing Use of STORK No concrete declarations so far by administrations in e SENS Local validation promoted for legal reasons TSL depending on the trust model and the circle of trust in different domains
TRUST MODELS
Direct Trust Mutual Key Exchange ejustice, econfirmation
Community Trust using dedicated PKI eprocurement, ehealth (pre production only)
Trust Federation using Trust Lists ehealth, perhaps others
Security Toke Services for Trust Brokerage Interconnecting national edelivery infrastructures
Multi domain Trust Establishment and Brikerage Trusted Services in a multi domain and cross border ecosystem Different trust models co exist in different domains A trust metamodel is necessary for aligned policies
Piloting Opportunities for administrations and industry Get involved in Pilots Connect and expand your user base Influence and contribute to new solutions Use Building Blocks in your products or services
THANK YOU! Visit e SENS: www.esens.eu Facebook: www.facebook.com/eu.esens Twitter: twitter.com/esens_eu QUESTIONS? lld@netsmart.gr LinkedIn: http://www.linkedin.com/groups/eu esens 4998775 Contact us: esens.info@lists.esens.eu 26 27/02/2015 e SENS GA WP5