pilots_live enter_pilots

 
Increase size Increase size Reset size
Home arrow Knowledge Sharing

1) Participate


  • Send us your article and publications
While STORK endeavors to feature the most relevant articles and publications related to e-democracy, e-goverment, citizen participation, interoperability and innovative technologies as possible, we would welcome any contributions that make our site more comprehensive at: info@eid-stork.eu  

STORK welcomes submissions of articles for our Newsletter. The article can be of no more than 1000 words length and typed as plain text, not HTML. We do not consider anonymous or pseudonymous submissions. We will contact you within one week if we are interested in publishing your article. If you do not hear from us in a week, it is safe to assume we will not be able to use your article. Please fill in this form to submit your article.
  • Recommend this site
Please take a minute to tell your friends and colleagues about STORK. We appreciate your efforts to help us spread the word.
  • Create links
We would be happy to receive and feature links to other EU projects and initiatives that are relevant to the work of STORK, and vice versa, to have our link featured on your site.
Please contact us at: info@eid-stork.eu
We regret that the STORK consortium cannot advertise or endorse private companies or organizations.

2) Related documents and publications


Index
ENISA Position Paper, "Privacy and Security Risks when Authenticating on the Internet with European eID Cards"
 
knowledge3
Whenever we use internet services, the first steps we take are usually identification (we input our names) and authentication (we prove that it is us). How we actually identify and authenticate ourselves depends on the security level of the application. The means used can vary from a simple combination of username and password, through a secret PIN, to a PIN generated by some external device or a smart card using cryptography. Smart cards are being used increasingly for authentication purposes. Many European identity cards now contain a smart-card chip, equipped with functionalities for online authentication. They are usually called 'electronic identity cards' (eID cards). This report focuses on authentication using smart cards and compares this approach with other common means of authentication. Publication date: Nov 26, 2009

To view the document click here.
Top
ENISA: Mapping IDABC Authentication Assurance Levels to SAML v2.0 - Gap Analysis and Recommendations
 
knowledge3
This report is the result of a joint work of two members of the ENISA Security Policies department. The purpose of the report has been to gain more knowledge about the available options when expressing IDABC Authentication Assurance Levels by means of SAML v2.0. This report is aimed at corporate and political decision-makers as well as implementers of IDABC Authentication Policy. However, the authors also hope that it will provide stakeholders with input when taking decisions about e-government frameworks and applications. To that extent, it serves not only as a means to provide technical guidance to stakeholders involved in IDABC initiatives but also as a tool to support European policy on electronic identity.

To view the document click here.
Top
ENISA launches new Position Paper on security risks in online banking through European eID cards
 
knowledge3

ENISA Press Release
26 November 2009
www.enisa.europa.eu

ENISA launches new Position Paper on security risks in online banking through European eID cards

The EU’s ‘cyber security’ Agency, ENISA (the European Network and Information Security Agency) today presents its new Position Paper. The paper is focusing on authentication risks with European eID Cards. It analyses 7 vulnerabilities, identifies 15 threats and gives security recommendations.

Major European eID interoperability projects, such as STORK and its successor ELSA are aiming at a European-wide take-up of new technologies. In this context, ENISA takes an independent look at the security risks related to online banking authentication by comparing smart eID cards with other authentication means in its latest Position Paper.

Online banking in one of the most widely-used electronic services by European consumers. It is a strategic service for financial institutions and users. With 24 hour service availability, it is extremely convenient. It is often without any extra costs; or even at reduced costs compared to traditional banking processes. However, online banking fraud is on the rise. Thus, security is a major concern both for online banking, e.g. tax declarations. The report also includes a case study on privacy issues when authenticating with smart cards to online social networks.

The Agency report explains that because more and more internet applications require authentication, more standardized approaches to user identification and authentication are needed. In Europe, several states have already rolled out electronic ID cards. The first steps when we use internet services are usually to identify ourselves by our names and then authenticate that it is us. The security levels for these steps can vary from a simple combination of username, password, through a secret PIN, to credentials generated by some external device or a smart card using cryptography. Smart cards are increasingly being used for authentication purposes. Many European identity cards contain a smart-card chip, with functionalities for online authentication.

The ENISA Position Paper defines a comprehensive list of requirements for national ID cards to ensure that they become as flexible and as multi-purpose as possible.

The Executive Director of ENISA Dr Udo Helmbrecht concludes:

"Electronic identity cards offer secure, reliable electronic authentication to Internet services, but banks and governments must cooperate better to be able to use national eID cards for banking purposes."

Download the full report. For interviews: Ulf Bergstrom, Press & Communications Officer, ENISA, press@enisa.europa.eu, Mobile: + 30 6948 460143

Please note, English is the only valid version of the press release, the others are only translations.

Deutsch:

ENISA veröffentlicht neues Positionspapier über die Sicherheitsrisiken im Onlinebanking durch europäische eID-Karten

BRÜSSEL und IRAKLIO, Griechenland, 26. November

Die Europäische Agentur für Informations- und Netzsicherheit ENISA stellt heute ihr neues Positionspapier vor. Dieses konzentriert sich auf Authentifizierungsrisiken im Zusammenhang mit europäischen eID-Karten. Es analysiert sieben Schwachstellen, identifiziert 15 Bedrohungen und gibt Sicherheitsempfehlungen.

Bedeutende europäische eID-Interoperabilitätsprojekte wie z. B. STORK und dessen Nachfolger ELSA sind auf die europaweite Einführung neuer Technologien ausgerichtet. In diesem Kontext nimmt die ENISA eine unabhängige Betrachtung der Sicherheitsrisiken hinsichtlich der Authentifizierung beim Onlinebanking vor, indem sie in ihrem neuesten Positionspapier eID-Chipkarten mit anderen Authentifizierungsmöglichkeiten vergleicht (http://www.enisa.europa.eu/act/it/eid/eid-online-banking/).

Onlinebanking gehört zu den elektronischen Diensten, die der europäische Verbraucher am häufigsten in Anspruch nimmt. Es handelt sich dabei um einen strategischen Service für Finanzinstitute und deren Kunden. Dadurch, dass dieser Service rund um die Uhr verfügbar ist, ist er äußerst praktisch.   Häufig entstehen dadurch keine zusätzlichen Kosten; verglichen mit dem traditionellen Bankgeschäft kann Onlinebanking sogar günstiger sein. Onlinebankingbetrügereien nehmen allerdings zu. Folglich ist die Sicherheit ein wichtiges Thema im Bereich des Onlinebankings, z. B. Steuererklärungen. Der Bericht beinhaltet zudem auch eine Fallstudie, die sich mit Datensicherheitsproblemen bei der chipkartengestützten Authentifizierung bei sozialen Onlinenetzwerken beschäftigt.

Der Bericht der Agentur gibt an, dass immer mehr Internetanwendungen eine Authentifizierung verlangen und deshalb standardisierte Ansätze zur Anwenderidentifikation und –authentifizierung erforderlich sind. Mehrere europäische Staaten haben bereits elektronische ID-Karten herausgebracht. Wenn wir Internetdienste in Anspruch nehmen, legitimieren wir uns normalerweise zuerst, indem wir unseren Namen angeben und dann bestätigen, dass wir auch diese Person sind. Das Sicherheitsniveau hierfür kann unterschiedlich sein, von einer einfachen Kombination aus Benutzername und Kennwort, über eine geheime PIN, über Berechtigungsnachweise, die durch externe Geräte erstellt werden, bis hin zu einer Chipkarte, die Verschlüsselungstechnologien einsetzt. Chipkarten werden zunehmend zu Authentifizierungszwecken eingesetzt. Viele europäische Ausweise enthalten einen Chip mit Funktionalitäten zur Onlineauthentifizierung.

Das Positionspapier der ENISA definiert eine umfassende Auflagenliste für nationale Ausweise, um sicherzustellen, dass diese so flexibel und vielseitig wie möglich werden.

Der Executive Director der ENISA, Dr. Udo Helmbrecht stellt fest: „Elektronische Ausweise ermöglichen eine sichere, zuverlässige elektronische Authentifizierung für Internetdienste; Banken und Regierungen müssen jedoch besser zusammenarbeiten, damit nationale eID-Karten für Bankzwecke eingesetzt werden können.“

Vollständigen Bericht herunterladen: http://www.enisa.europa.eu/act/it/eid/eid-online-banking/

Quelle: ENISA – Europäische Agentur für Netz- und Informationssicherheit

Für Interviews: Ulf Bergstrom, Press & Communications Officer ENISA, press@enisa.europa.eu, Mobil: +30-6948-460143

Français:

L’ENISA lance une nouvelle présentation de position sur les risques de sécurité que représentent les cartes d’identité européenne électroniques

BRUXELLES et HÉRAKLION, Grèce, le 26 novembre

L'agence européenne chargée de la « cyber-sécurité », l’ENISA (European Network and

Information Security Agency), présente aujourd'hui son nouveau rapport de position. Ce dernier s'intéresse aux risques d'authentification qu’impliquent les cartes d'identité européenne électroniques (cartes eID). Il analyse 7 points de vulnérabilité, identifie 15 menaces et donne des recommandations en matière de sécurité.

Des grands projets européens d'interopérabilité applicables aux cartes d’identité électronique, tels que STORK et son successeur ELSA, visent l'adoption de nouvelles technologies à l'échelle européenne. Dans ce contexte, l’ENISA jette un regard indépendant sur les risques de sécurité liés à l'authentification bancaire en ligne en comparant les cartes d'identité électronique intelligentes aux autres moyens d'authentification. Cette analyse est disponible dans le tout dernier rapport de position de l’ENISA consultable à l'adresse suivante: http://www.enisa.europa.eu/act/it/eid/eid-online-banking/).

Le service bancaire en ligne est l’un des services électroniques les plus largement utilisés par les consommateurs européens. C'est un service stratégique aussi bien pour les institutions financières que pour les utilisateurs. Grâce à une disponibilité 24 heures sur 24, ce service est très pratique. Il est souvent proposé sans supplément, ou à tarif réduit, par rapport aux processus bancaires traditionnels. Toutefois, les cas de fraude bancaire en ligne sont à la hausse. C'est la raison pour laquelle la sécurité constitue un sujet important pour les services de banque en ligne, notamment les déclarations d'impôts. Le rapport comprend également une étude de cas traitant des questions de confidentialité au moment de l'authentification sur les réseaux sociaux à l’aide des cartes électroniques intelligentes.

Le rapport de l'agence explique la chose suivante : étant donné que de plus en plus d'applications Internet nécessitent une authentification, il est indispensable de normaliser les approches d'identification et d'authentification des utilisateurs. En Europe, plusieurs états ont déjà introduit les cartes d'identité électroniques. Lorsque nous utilisons des services sur Internet, nous commençons par nous identifier en fournissant notre nom ; c’est ce qui permet au service de nous authentifier. Les niveaux de sécurité de ces étapes peuvent varier d'une simple combinaison entre un nom d'utilisateur et un mot de passe via un code secret, à un certificat d'authentification généré par un appareil externe ou une carte intelligente faisant appel à des cryptogrammes. Les cartes intelligentes sont de plus en plus utilisées à des fins d'authentification. De nombreuses cartes d'identité européenne intègrent une puce de carte intelligente permettant une authentification en ligne.

Le rapport de position de l’ENISA définit la liste complète des impératifs auxquels doivent répondre les cartes d'identité nationale pour devenir aussi flexibles et polyvalentes que possible.

Le Directeur exécutif de l’ENISA, Dr Udo Helmbrecht conclut : « Même si les cartes d'identité électroniques offrent un moyen sécurisé et fiable de nous authentifier sur les services Internet, les banques et les gouvernements doivent mieux coopérer pour permettre l'utilisation de ces cartes à des fins bancaires ».

Téléchargez le rapport complet ( http://www.enisa.europa.eu/act/it/eid/eid-online-banking/ ).

Source : ENISA - European Network and Information Security Agency

Pour obtenir des interviews : Ulf Bergstrom, Press & Communications Officer, ENISA, press@enisa.europa.eu, Mobile : +30-6948-460143

Italiano:

ENISA lancia il nuovo Position paper sui rischi per la sicurezza connessi al banking on-line tramite carte d’identità elettroniche europee

BRUXELLES e HERAKLION, Grecia, 26 novembre

 -- ENISA (European Network and Information Security Agency), l’agenzia di “sicurezza cibernetica” della UE, ha presentato oggi il suo nuovo Position paper, nel quale mette in evidenza i rischi connessi all’autenticazione degli utenti mediante le carte d’identità elettroniche europee. Il documento analizza 7 punti di vulnerabilità, identifica 15 minacce e fornisce consigli in tema di sicurezza.

I principali progetti europei sull’interoperabilità delle carte d’identità elettroniche, quali STORK e il suo successore ELSA, intendono favorire l’utilizzo delle nuove tecnologie in tutta Europa. A tale riguardo, nel suo ultimo Position paper, ENISA ha condotto uno studio indipendente sui rischi per la sicurezza connessi all’identificazione degli utenti che usufruiscono dei servizi di banking on-line confrontando le smart card elettroniche con altri mezzi di autenticazione (http://www.enisa.europa.eu/act/it/eid/eid-online-banking/).

Il banking on-line è uno dei servizi elettronici più ampiamente utilizzati dagli utenti europei e un servizio strategico sia per questi ultimi che per gli istituti finanziari. Grazie al suo servizio attivo 24 ore su 24, si rivela uno strumento estremamente comodo. Spesso non comporta alcun costo aggiuntivo e offre anzi tariffe inferiori rispetto a quelle delle operazioni bancarie tradizionali. Tuttavia, le frodi connesse al banking on-line sono in aumento e la sicurezza diventa così un problema per questo tipo di servizio come per altre operazioni effettuate tramite banca, quali ad esempio la presentazione della dichiarazione dei redditi. Il Position paper dell’ENISA comprende inoltre uno studio analitico su questioni legate alla privacy durante l’identificazione dell’utente sui social network on-line mediante smart card.

Il documento dell’ENISA affronta tali argomenti poiché un numero sempre maggiore di applicazioni Internet richiede l’autenticazione e si presenta quindi la necessità di procedere, nei vari paesi europei, all’identificazione e autenticazione degli utenti secondo modalità più uniformi. In Europa l’utilizzo delle carte d'identità elettroniche è già piuttosto diffuso. Quando si utilizzano servizi in Internet, è generalmente necessario identificarsi e, quindi, fornire prove relative alla propria identità. I livelli di sicurezza, durante queste fasi di identificazione, possono essere garantiti da una semplice combinazione di nome utente e password con codice PIN segreto, fino alla richiesta di documenti prodotti da un dispositivo esterno o di smart card che si servono della crittografia. Ultimamente si registra un notevole aumento delle smart card per fini legati all’autenticazione. Molte carte d’identità europee contengono un chip dotato di funzioni per l’autenticazione on-line.

Il Position paper di ENISA presenta un elenco completo dei requisiti necessari affinché le carte d’identità nazionali possano diventare strumenti il più possibile flessibili e multiuso.

Udo Helmbrecht, Direttore esecutivo dell’ENISA conclude: "Le carte d’identità elettroniche costituiscono un sistema sicuro e affidabile per l’autenticazione elettronica richiesta dai servizi su Internet, ma le banche e i governi devono continuare a collaborare al fine di consentire l’utilizzo di queste carte per le operazioni bancarie".

Fare clic qui per scaricare la relazione completa (http://www.enisa.europa.eu/act/it/eid/eid-online-banking/).

 Fonte: ENISA - Agenzia europea per la sicurezza delle reti e dell’informazione

Per prenotare interviste contattare: Ulf Bergstrom, Press & Communications Officer, ENISA, press@enisa.europa.eu, cellulare: +30-6948-460143

Español:

COMUNICADO:ENISA lanza una nueva declaración de postura sobre los riesgos de seguridad de la banca en línea

-ENISA lanza una nueva declaración de postura sobre los riesgos de seguridad de la banca en línea a través de tarjetas eID europeas

BRUSELAS y HERAKLION, Grecia, November 26/

La agencia de 'ciberseguridad' de la Unión Europea, ENISA (the European Network and
Information Security Agency) ha presentado hoy su nueva declaración de postura. La declaración se centra en los riesgos de autentificación de las tarjetas eID europeas. Analiza 7 vulnerabilidades, identifica 15 amenazas y ofrece recomendaciones de seguridad.

Los proyectos de interoperabilidad de ID europeos más importantes, tales como STORK y su sucesor, ELSA, tienen como objetivo la toma de nuevas tecnologías a lo ancho de Europa. En este contexto, ENISA realiza una mirada independiente sobre los riesgos de seguridad relacionados con la autentificación de banca en línea comparando las tarjetas eID con otros medios de autentificación en esta última declaración de postura (http://www.enisa.europa.eu/act/it/eid/eid-online-banking/).

La banca en línea es uno de los servicios electrónicos que más utilizan los consumidores europeos. Se trata de un servicio estratégico para las instituciones financieras y los usuarios. Su disponibilidad de servicio de 24 horas, es extremadamente conveniente. A menudo, no supone costes adicionales, o incluso costes reducidos respecto a los procesos bancarios tradicionales. Sin embargo, el fraude bancario en línea está a la alza. Por lo tanto, la seguridad es una preocupación principal para la banca en línea, por ejemplo, las declaraciones de impuestos. El informe también incluye un estudio de caso sobre asuntos de privacidad cuando se realizan autentificaciones con tarjetas inteligentes en redes sociales en línea.

El informe de la agencia explica que puesto que cada vez más aplicaciones de internet requieren autentificarse, se necesitan más enfoques estandarizados para la identificación y autentificación del usuario. En Europa, varios estados han lanzado tarjetas de ID electrónicas. Los primeros pasos cuando utilizamos servicios de internet son identificarnos mediante nuestro nombre y después, autentificar que somos nosotros. Los niveles de seguridad de estos pasos pueden variar de una simple combinación de nombre de usuario, contraseña, pasando por un código PIN secreto, a credenciales generadas por un dispositivo externo o tarjeta inteligente utilizando la criptografía. Las tarjetas inteligentes se utilizan cada vez más para propósitos de autentificación. Muchas tarjetas de identificación europeas contienen un chip de tarjeta inteligente, con funcionalidades para la autentificación en línea.

La declaración de postura de ENISA define una lista comprehensiva de requisitos para las tarjetas de identidad nacionales para asegurar que sean tan flexibles y para propósitos múltiples como sea posible.
El director ejecutivo de ENISA, el doctor Udo Helmbrecht, indicó: "Las tarjetas de identidad electrónicas a menudo ofrecen autentificación segura, fiable electronic a servicios de Internet, pero los bancos y gobiernos deben cooperar major para poder utilizar tarjetas de eID nacionales para propósitos bancarios".
Descargue el informe completo en ( http://www.enisa.europa.eu/act/it/eid/eid-online-banking/ ).

Emisor: ENISA - European Network and Information Security Agency

Para entrevistas: Ulf Bergstrom, responsable de prensa y comunicación de ENISA, press@enisa.europa.eu, móvil: +30-6948-460143

Top
The 2009 Update of the IDABC Interoperability for PEGS Study including Updated Country Profiles Now Available
 
knowledge3
Different Member States have engaged in the deployment of electronic Identity Cards or other Identity Management solutions. In addition to serving as national identification schemes, these should allow the electronic identification of the citizens for the use of eGovernment services at the national level (e.g. tax declaration, request or completion of administrative documents, etc.), thanks to comprised digital certificates. The issue of interoperability of these solutions between member states administrations, i.e. providing the possibility for a citizen of Member State A to use an eGovernment service proposed by Member State B, has often been highlighted. Interoperable eID solutions constitute indeed a key enabler for access to public services. An adequate eID interoperability solution needs to be provided, especially in the deployment of PEGS.

Link: http://ec.europa.eu/idabc/en/document/6484
Top
Study on the European Federated Validation Service
 
resilience_tech_report
Cross-border recognition of nationally issued digital signatures for security of data exchange requires interoperability at legal, operational and technical levels. The framework for a European Federated Validation Service will provide a necessary tool for the establishment of Trust between different issuers of certificates and for the technical validation of eSignatures.

With the support of a group of eSignature national experts, IDABC's contractor will:
  • Conduct a study into available solutions for verification and validation of electronic signatures, by consulting application owners and practitioners operating Validation Services;
  • Describe the similarities and differences in the solutions found concerning the legal context, the organizational aspects, and the technical implementation aspects;
  • Recommend measures to be taken to enhance trust, recommend measures to resolve any identified legal and liability issues;
  • Derive and describe a framework for the validation of digital certificates.


21 Solution profiles for verification and validation are now available http://ec.europa.eu/idabc/en/document/7764
Top


JRC Young People and Emerging Digital Services 2009 – An Exploratory Survey on Motivations, Perceptions and Acceptance of Risks
 
resilience_tech_report
This study, conducted by the Institute for Prospective Technological Studies (IPTS), presents the results of a four-country survey of young Europeans’ attitudes to electronic identity (eID) and future eID-enabled services. The study aims to remedy the almost complete lack of EU evidence on eID services perceptions. It is innovative in many respects:
  • It focuses on young people (15-25), rather than children or adults
  • It targets multiple EU countries (France, Germany, Spain, UK)
  • It works with four large national samples (total number of respondents = 5,265)
  • It examines eID service scenarios (4 scenarios)
  • It retrieves data relevant to policymaking
Based on the opinions of more than five thousand young Europeans, the study demonstrates what aspects of eID and eID services can be measured via a large-scale survey – among them take-up, trust, privacy, general motivations, attitudes and behaviours concerning eID-enabled services.

To view the document click here.
Top


Role of eIDM in the Internet Economy - OECD - June 2009
 
resilience_tech_report
National and global economic, governmental and social activities rely more and more on the Internet.2 Digital identity management (“IdM”) is a critical component of those activities. Today, organisations in both the public and private sectors differ significantly in their approaches to IdM, devising their own means for establishing, verifying, storing and using digital identities over their networks and the Internet. The lack of common policies and approaches creates privacy, security and productivity issues in our increasingly interconnected economies, and hampers the ability of organisations to provide users with convenient services.

This Primer is intended to give policy makers a broad-brush understanding of the various dimensions of IdM. It introduces, in non-technical terms, the basic concepts and issues raised by IdM and points to additional sources where policy makers may gain a deeper understanding of the topic. Consistent with the Seoul Ministerial Declaration, it aims to support efforts to address the public policy issues for securely managing and protecting digital identities with a view to strengthening confidence in online activities crucial to the growth of the Internet economy.

To view the document click here.
Top


Electronic Signatures as Obstacles for Crossborder eProcurement in Europe – Lessons from the PROCURE Project
 
resilience_tech_report
E-procurement is considered one of the most promising services within e-government in terms of cost and time efficiency. Within the European Union, the Internal Market requires cross-border e-procurement. The European Council has issued directives and guidelines for this purpose. While e-procurement works on national levels, cross-border e-procurement in Europe does not. This is mainly due to lacking technical interoperability and legal harmonization, in particular concerning the use of e-signatures.

By a comparative study of the different legal provisions in the Czech Republic, France, Germany, Spain and Sweden this article provides an overview of the current state-of-play and makes suggestions on how to overcome the remaining obstacles to pan-European e-procurement.

To view the document click here.
Top


EC Action Plan on eSignatures and eID to Facilitate the Provision of Crossborder Public Services in the Single Market 2008
 
resilience_tech_report
This Action Plan offers a comprehensive and pragmatic framework to achieve interoperable e-signatures and e-identification, which will simplify access of enterprises and citizens to cross-border electronic public services. To achieve this objective, the Action Plan focuses on a number of practical, organisational and technical issues, complementing the existing legal framework.

To view the document click here.
Top


ENISA: Three recommendations in reports on technologies to improve resilience of communication networks
 
resilience_tech_report
The European Network and Information Security Agency [ENISA] launches two reports with three recommendations on emerging new technologies and their potential to improve the resilience of communication networks. Technologies have been developed with properties that improve both the resilience and security of the Internet. Experience is missing in the area of commercial operation of these features, as well as operational best practices and recommendations in applied network resilience. Resilience and security of communication networks and services that they support is an issue of critical importance to the EU economy and its citizens, as it impacts day-to-day operation of businesses, affecting daily lives of EU citizens.

ENISA carried out an assessment of three key technologies Multi Protocol Label Switching (MPLS), Internet Protocol version 6 (IPv6) and Domain Name System Security Extensions (DNSSEC) regarding their potential to provide increased network resilience. This analysis was carried out from two perspectives. The first consisted of analysing the characteristics of the selected technologies and their public communication network's resilience enhancing features. In parallel, the effectiveness of these technologies, as well as problems and gaps that potentially could compromise the availability of networks and services was assessed through interviews of twelve network operators in the EU Member States. The key findings of the analysis are:
  • The assessed technologies can improve both the resilience and security of the Internet.
  • Commercial operation experience is missing for some of the technologies.
  • There are neither operational best practices nor recommendations for applied network resilience.
  • There is lack of management and coordination between stakeholders.
The full reports are available at:

http://www.enisa.europa.eu/doc/pdf/resilience_tech_report.pdf
http://www.enisa.europa.eu/sta/files/resilience_features.pdf
FAQs: http://www.enisa.europa.eu/doc/pdf/faq_resilience_tech_report.pdf
Top


Australian Government new National eAuthentication Framework Policy Document – January 2009
 
draft 2009
The Australian Government Information Management Office (AGIMO) of the Department of Finance and Deregulation has developed the National Authentication Framework (NeAF) to provide a consistent, whole-of-government approach to managing identity related risks.

To view the document click here  
Top


DRAFT 2009 ICT Standardisation Work Programme
 
draft 2009
ICT standardisation is part of the general standardisation activities, and contributes to policy objectives to improve the competitiveness of European industry, as specified in the Lisbon strategy. The legal basis for European standardisation and standardisation policy, including the ICT domain, is Directive 98/34/EC. One of its main elements is the formal recognition of three European Standards Organisations (ESOs), CEN, CENELEC and ETSI, active in various degrees in the ICT domain. This recognition entails financial support from the European Commission. Standards produced by the three ESOs and resulting from an open consensus building process are by nature voluntary and non binding technical documents.

To view the work programme click here  
Top


“Young People and Emerging Digital Services: An Exploratory Survey on Motivations, Perceptions and Acceptance of Risks” report officially published
 
energing_digital_services
One key aspect that could influence the digital identity policy landscape has not been studied: the views of the European citizens, particularly the views of the generation that has grown up with digital devices. This study conducted by the Institute for prospective Technological Studies (IPTS) presents the results of a four- country survey of young Europeans’ attitudes to electronic identity (eID) and future eID- enabled services. It aims to remedy the almost compete lack of EU evidence on eID services perceptions. It seeks to find out more about future user needs and requirements in the area of digital identity, with a view to informing EU policy making.

This survey has a twofold objective: identifying a) young people’s perception of the risks that the new eID technologies may pose and b) young people’s acceptance levels of these risks, and their general motivation and intent regarding the use of these new technologies. In summary, the survey should identify the key factors that should encourage or support the development of actual and potential eID-based services, in the views of young European consumers.

To view the report click here  
Top


ENISA Position Paper: Privacy Features of European eID Card Specifications
 
enisa_privacy
The aim of this ENISA Position Paper is to allow easy comparison between privacy features offered by European eID card specifications and thereby to facilitate identification of best practice. It seeks to raise awareness of the legal and social implications of new developments in eID card technologies. In particular, the findings should have important implications for data protection and security policies. A clear statement of the status quo is an essential first step towards the important goals identifying best practice, improving the base-line of citizen privacy protection in eID cards throughout Europe and ultimately to improving interoperability and adoption by citizens.

You can access the report here  
Top


Report on the State of Pan-European eIDM Initiatives
 
enisa
This report charts the origins and scope of the ambitions for European eID interoperability, and looks specifically at how these are reflected in three specific initiatives:
  • At the policy level, the so-called eID Roadmap is examined. This document outlines the European eID goals to be reached by 2010, and defines a number of specific objectives and milestones that should be covered along the way.
  • At the infrastructural level, the STORK Project is discussed.
  • At the application level, the report also examines the efforts surrounding the implementation of the Services Directive. The Services Directive requires Member States to put electronic points of single contact in place by 28 December 2009, which service providers from any Member State should be able to use to complete the necessary procedures and formalities in order to be allowed to offer their services in the relevant country. In many cases, this implies that service providers will have to be able to identify themselves electronically in a way that is considered sufficiently reliable.

You can access the report here  
Top


EU: ENISA launches Position Paper on mobile eID Security issues
 
ecc
On 21 November 2008, the EU Agency ENISA (the European Network and Information Security Agency) launched a Position Paper on authentication issues for mobile eID, with 11 security threats and 7 key conclusions to enhance security.

You can access the report here  
Top


Eurosmart Position Paper - European Citizen Card: One Pillar of Interoperable eID Success
 
ecc
This Eurosmart document reflects Eurosmart members resolution, and in particular the position of members that are smart card manufacturers, to promote the use of the ECC standardization works made at CEN. The Eurosmart members that are smart card developers and manufacturers state that they will provide implementation of ECC card software:
  • Compliant with published functional specifications;
  • With their commitment to be compliant and interoperable, through suites of tests.
Their commitment is the guarantee of multisourcing and durability of ECC, that then may be the reference for a pan European interoperability of e-government and e-services cards that will provide benefits on identified use cases. The current news about French and German national e-ID programs is a real opportunity for the concretization of ECC that will take full consideration of needed interoperability with already rolled out national ID cards.


pdfDownload the ecc position paper  
Top


eID Interoperability for PEGS
 
knowledge3
Different Member States have engaged in the deployment of electronic Identity Cards or other Identity Management solutions. In addition to serving as national identification schemes, these should allow the electronic identification of the citizens for the use of eGovernment services at the national level (e.g. tax declaration, request or completion of administrative documents, etc…), thanks to comprised digital certificates. The issue of interoperability of these solutions between member states administrations, i.e. providing the possibility for a citizen of Member State A to use an eGovernment service proposed by Member State B, has often been highlighted. Interoperable eID solutions constitute indeed a key enabler for access to public services. An adequate eID interoperability solution needs to be provided, especially in the deployment of PEGS.

Click here to view the 32 European country profiles on eID and a report on their comparison and assessment

Further Information IDABC work programme 2005- 2009
Top


eIDM as Key enabler for eGovernment and eBusiness
 
knowledge4
For eGovernment and eBusiness to function to their full potential, people need a secure, convenient and effective way of identifying themselves – replacing signatures and stamps used on paper – when using electronic communication. To make this a reality, EU Member States are investing tens of billions of euros in interoperable Electronic Identity Management (eIDM).

Electronic Identity Management is a cornerstone of the implementation of the full range of eGovernment services, for both citizens and businesses, across the Union. As more government, personal and commercial transactions are conducted electronically – especially where documents exist only in digital form – parties need to be sure of a person's or an organisation's identity.

Registered letters are still required in many official exchanges between people and organisations. With alternatives such as e-mail, there is no way to verify when an attached document, such as a patent application, was really written. A digital ‘timestamp’, guaranteed by a trusted organisation, much the same as the post office provides with registered letters, is essential to speeding up on-line business.

For more information please click here
Top


The 'European Interoperability Framework for pan-European eGovernment Services'
 
knowledge1
The EIF is the reference document on interoperability for the IDABC programme. It is the result of an extensive consultation process with the Member States and thus represents the highest ranking module for the implementation of European eGovernment services.

This first version provides a series of recommendations and defines generic standards with regard to organizational, semantic and technical aspects of interoperability, offering a comprehensive set of principles for European co-operation in eGovernment. The EIF will be periodically revised to take into account the latest developments.

The EIF is the first publication using the logo and visual identity of the new IDABC programme.

pdfDownload the EIF Publication
Top


IDABC Content Interoperability Strategy, September 2005
 

IDABC

This working paper defines IDABC’s strategy to achieve semantic interoperability for pan-European eGovernment services.

Semantic interoperability is a necessary component in achieving full interoperability since it is concerned with ensuring that the precise meaning of exchanged information is understandable by other parties. It is an essential design element for pan-European eGovernment services, which will have to choose between a centralized architecture using single pan-European resources or a decentralized one supported by translation gateways.

This paper is written on the basis of information collected from EU Institutions’ and Member States’ initiatives as well as from existing experimentation and operational systems – stemming from public administrations as well as from businesses and their international organizations.

The document proposes an extended definition of semantic interoperability and describes how it relates to other interoperability dimensions within the global framework set by the specific requirements of European public administrations as well as by existing Commission guidelines. It justifies the importance of semantic interoperability and concludes that semantic interoperability is a requirement for pan-European eGovernment.

pdfDownload the IDABC Content Interoperability Strategy
Top


Synergy 03 - July 2005
 
knowledge2
The IDABC conference in February 2005 highlighted the central importance of an effective system of electronic identities (eID) for the development of cross- border eGovernment services.


pdfDownload the IDABC quarterly publication  
Top


Linking Up Europe: The Importance of Interoperability for eGovernment Services(Commission Staff Working Paper)
 
knowledge2
The objective of this Commission services working document is to emphasise the importance of interoperability in delivering eGovernment services in Europe. Interoperability is not simply a technical issue concerned with linking up computer networks. It goes beyond this to include the sharing of information between networks and the reorganisation of administrative processes to support the seamless delivery of eGovernment services.


pdfDownload the Publication  
Top


 
Copyright © 2012 STORK. All rights reserved.
Gov2DemOSS is Free Software released under the GNU/GPL License.