The latest eID report published by the European Network and Information Security Agency (ENISA) is a collaborative effort of ENISA and HJP Consulting (HJP). This is the second collaboration between HJP and ENISA after the publication of the report titled “Security Issues in Cross-border Electronic Authentication”.
The new report published in March is titled “Mapping security services to authentication levels” was authored by HJP’s eID experts Stephan Körting and Diana Ombelli and supervised by Slawomir Gorniak from Enisa’s Technical Competence Department.
The authors introduce the reader to the general topic of electronic identity management and authentication, using real world examples. They explain the key concepts needed to understand the necessity of having a European Union-wide common approach to quality and security for the providers and users of electronic services. Services for instance include electronic tax declarations or receiving benefits from health care services based on identification using an eID card (smart card).
The applicability of a known quality model developed by European initiatives (authentication levels) has been reviewed. The mappings are illustrated using everyday life examples. The report explains encountered or potential issues with applying the model of authentication levels to electronic services and provides recommendations for further improvements of the model.
Moreover this report provides a general overview of recent European efforts, with particular emphasis on the activities of European project STORK (Secure Identity Across Borders Linked) in relation to the authentication levels and their mappings. STORK aims to implement an EU wide eID interoperability platform that will allow citizens to establish new e-relations with other countries in the EU by using means of cross border eID identification and authentication.
After the authors, it can be said that the technological barriers to establish cross-border interoperability of eGovernment solutions and services are on a good way to be overcome, provided that authentication level definitions will be further clarified to remove any ambiguity and room for interpretation. In the face of ever increasing computing power and new technological innovations, no security measure can be considered to be valid indefinitely. Therefore definitions and mappings need to be periodically re-evaluated in order to increase the mutual levels of trust.
STORK project started the bases for the QAA levels, which has to be fine tuned with the consent of the Member States, for example by the ISA programme. Current cooperation between some Member States seems to provide sufficient grounds to begin providing basic electronic services across European borders.
Markus Hartmann, Managing Director of HJP Consulting states: “The European Union is heading towards a common service market. Therefore citizens must be enabled to authenticate themselves online cross border without any barriers. We are proud that ENISA once again has used our expertise on designing large eID systems to promote this mission to European politicians and opinion leaders”.
For further information, please review the report, which can be downloaded on the ENISA website.