The Road to European e-Identity
When EEMA was formed, it had a dream of end-to-end seamless supply chain collaboration. However, 20 years later that dream still has to be realised. The marketing hype associated with different fashionable scenarios has come and gone but the key issue still remains - there are no pan-European supply chain processes that are truly integrated and seamless.
The Need for Electronic-identity Interoperability
The IT industry has had to face a long list of interoperability issues (e-mail, X.400, X.500, PKI) and as long as there are two vendors and two sets of standards in the market place, there will continue to be interoperability challenges for the foreseeable future. Currently the challenge with the highest profile is electronic–identity (e-ID) interoperability.
For the Internet, identity is a fundamental problem and many find it incredible that no identity layer has ever existed for it. To compensate for this huge architectural hole, vendors have developed ad hoc solutions and in the meantime the criminal element, well aware of the opportunity, has exploited it. Trusted identity management is the basis for the five Cs: cooperation, collaboration, commitment, communication and confidentiality.
Key Developments
There are three major streams feeding into identity management: PKI (Public Key Infrastructure) which dates back to 1976; the X.500 standard created by the CCITT (now ITU) in 1988; and five years later RBAC (Role Based Access Control) developed by the NIST. As a result, Web Services suites still show a huge functional overlap. For example, metadirectories and provisioning systems - to a large extent - provide the same functionality but with different levels of robustness and performance.
At the Manchester governmental meeting in 2005, the “declaration” was to “Facilitate Free Movement of Goods, Citizens, Capital and Services across the EU to encourage the Internal Market by 2010”. This is now being reviewed and the date may well be revised to 2015. The reason for this delay is fundamentally the lack of pan-European identity interoperability.
Issues and Challenges
The underlying issues surrounding the lack of e-ID interoperability are commercial (enrolment and authentication), technical and legal (privacy). The commercial challenges will be solved by pressure from the user community; the technical issues by vendors addressing the challenges in a neutral environment; whilst the legal issues will require governmental policy and regulatory changes.
The regulatory challenges facing interoperability in the EU include:
- The 27 member states have different standards and requirements.
- The subsidiary versus standardization debate - the EU concept that individual governments should be able to implement their own decisions contradicts the concept of standardization.
- Governments are at different stages of developing domestic e-ID schemes and have not turned to cross-border services.
- Applications are not ready for cross-border transactions.
- There is no one e-ID standard.
Launch of e-ID Pilot
To resolve these challenges a large scale e-ID pilot called STORK (Secure idenTity acrOss boRders acKnowledged) has been initiated, supported by up to 13 governments, with EEMA involved in the communication and dissemination of the initiative. It is expected to take three years to complete. The objective is the implementation of an EU-wide system for recognition of e-ID and authentication that will enable businesses, citizens and government employees to use their national electronic identities in any member state. The outcome will be an integrated solution providing cross-border recognition of e-ID and authentication across Europe.
The impact will be:
- The deployment and interoperability of EU-wide e-ID for public services across Europe;
- Secure, easy to use e-ID solutions for citizens and businesses (in particular SMEs at relevant levels including local, regional and cross national);
- Higher volumes of authenticated electronic transactions and operations processed.
So, with e-government initiatives and e-business developments, not to mention the booming area of social networking, all increasingly reliant upon effective identity authentication, it is clear that the drive towards global e-ID interoperability is becoming inexorable.
The Author
Roger Dean is Executive Director at EEMA (http://www.EEMA.org).
EEMA
EEMA was launched by telecom carriers to resolve issues related to X.400 ADMD (ADministrative Management Domain) interoperability. Subsequently it diversified into directory services, the Internet, security, legal issues, mobile messaging and instant messaging. To remain in step with industry developments and member requirements, in 1996 it switched its focus to e-business and again in 2006 to e-security and digital identity technologies and services.