ISA programme: Secure-related initiatives Miguel Alvarez Rodríguez.

ISA programme:

Secure-related initiatives

Miguel Alvarez Rodríguez

Click to edit Master title style

2

… and effective electronic cross-border and cross-sector interaction between European

public administrations.

… share and re-use existing successful or newInteroperability solutions, common services and generic tools.

…IT systems allow smooth implementation of Community policies and activities.

EfficientEuropean publicadministrations

Flexible andinterlinked

Interoperability Solutions for Public AdministrationsObjectives

2

The ISA programme


3

Actions. Quick overview

1. Key enablers for secure eGOV services: Cluster of eID-related actions and tools for eSigning

2. Secure telecommunication network: sTESTA

3. eTrustEx: Secure exchange of DOCs


4

1. Action 1.5 STORK´s sustainability

• STORK, the LSP on eID came to an end in 2011.

• The project implemented and deployed in various MS a federated platform based on common specification and assurance model.

• Aimed to the provision of electronic identification services related to citizen´s accessing to eGovernment applications in cross-borders set-ups.

• ISA programme was appointed for the sustainability of STORK´s results in the short/ medium-term.


1. STORK Sustainability.

• Continuous maintenance and upgrade of STORK reference components (PEPS and VIDP modules) to the most common operating environments.

• Update of the technical specs (SAML profile and QAA model) according to upcoming needs.

5


1. STORK Sustainability.

Top Reasons to use STORK:

• Easy-to-deploy solution for the provision and consumption of secure identity services of national and foreign citizens.

• Access to a Reference interoperability technical solution for the mutual recognition of eID at European level.

• It can be used as a service or as tool: Flexible interoperable solution that can handle any type of electronic identities and assurance levels.

• Solution maintained and supported by the EC and many MS.

6


7

2. ECAS-STORK integration

The problem• MS officials and civil servants from all over Europe need to access EC

corporate applications• Use of ECAS credentials since national eIDs are not recognised by the

EC applications. • A first proof of concept demonstrating the integration of ECAS with

STORK project was funded by IDABC programme and executed in 2011.

The current situation• ECAS-STORK integration already in production mode• In use already by CIRCABC and the eJustice Portal


8


Beneficiaries and anticipated benefits• European Institutions and Agencies will benefit from ECAS

integration with STORK with a minimal impact, by accepting higher assurance eID mechanisms from the MS and by increasing the trust and confidence on the user's identities

• For MS's public administrations, consistency is increased since the same credentials are used to access both national information systems and European Commission information systems.

• Levels of security are aligned as well with those provided by MS.


9


Click to edit Master title style• Objectives

o Public officials should be able to log to EC applications and be granted access based on their role or position in a national administration.

o Extend ECAS multi factor

authentication to a federated authorisation solution

o Access to EC Applications using the national model for authorisation and ECAS-STORK.

3. Action 1.18: Federated Authorisation across public administrations


1. Context

Ince

ption

–

2012

Feas

ibili

ty st

udy

Arch

itect

ural

and

Func

tiona

l SW

OT

Exec

ution

20

13De

finiti

on o

f com

mon

gene

ric sp

ecifi

catio

nPr

ovid

ing

nece

ssar

y

gate

way

, tra

nsfo

rmati

on

serv

ices t

o co

nnec

t EC

ASIm

plem

enta

tion

plan

for

inte

grati

on o

f MS

solu

tions

Less

ons l

earn

ed

Main milestones of the ISA Action 1.18We are here now

Click to edit Master title style•

• #

• Future versions based on incoming requirements and lessons learnt

• Integration in ECAS Production

• Pilot with at least one Member State connecting to one EC Application

• Get buy-in from stakeholders

(Demo)

The picture below presents the objectives of the current phaseon short and long term.

At least 5 stakeholders At least one EC applicationAt least one MS application

To be decided

3. Objective


13

4. Action 1.9: DSS tool

• This action supports development of a software tool DSS (Digital Signature Software) that creates and verifies legally binding electronic signatures.

• The tool makes use of the MS Trust Status Lists (TSLs) to check the trustworthiness of the signing certificates.

• Open source.

• Available to all MS and for any electronic procedure.

Reuse of tools is

cost saving


14

4. DSS: TSL & eSignature creation/ verification toolsThe legal basis• Comitology Decision 2009/767/EC defined "Trust Lists" (TSL) as means to facilitate technical recognition of qualified electronic certificates cross-border.• Under that Decision each Member States has to establish, maintain and publish in a secure way a trust list of certification service providers issuing qualified certificates to the public• Decision 2011/ 130/ EC establishes minimum technical requirements for the interoperable cross-border processing of documents signed electronically by competent authorities under Directive 2006/123/EC


• Framework– Realised in Java– Open Source under LGPL

• Main goals– Signature creation– Signature validation– Validation report according to validation policy ETSI TS 102 853

• Interoperable Formats EU-wide– XAdES / PAdES / CAdES– ASiC-S

• Levels– BES to LTV

• Packaging– detached, enveloped, enveloping

4. DSS tool: Technical features


16

4. DSS: Beneficiaries and benefits

Public administrations,• Tool allowing the governance of the MS trusted lists • Easier setting up of secure eGoverment services• Solution to enhance trust and implement interoperable e-

signatures for national & cross border completion of administrative formalities

• Possibility to validate electronically signed documents coming from different competent authorities

For business and citizens, • Higher levels of trust and confidence on electronic transactions• Access to fully-fledged transactional public services, saving time


5. What is sTESTA?

sTESTA (secured Trans European Services for Telematics between Administrations) is a communication platform to exchange electronic data between European and Member States administrations in a secure, reliable and efficient way

Facilitate cooperation between public administrations in various policy areas. Consolidate existing networks by providing a secure, reliable and flexible communication service layer.Exchange both unclassified and classified information (up to "EU RESTRICTED ").

The sTESTA service platform is the continuation of the service infrastructure initiated and developed under the IDA, and IDABC programmes of the EC

Click to edit Master title styleGoal

Platform to support the secure exchange of documents between Public Administrations at national and European level, so as to:

Reduce overall costs of digital data exchange Enable the digitisation of business processes Secure digital data exchange Promote and re-use of interoperable solutions Usable as a tool or as a service: e-TrustEx can be installed

by the Public Administration or used as a service on the cloud. Open source

e-TrustEx e-PRIOR CIPA e-Delivery

6. e-TrustEx


6. e-TrustEx main features:

Services for sending documents: Binary files (structured and unstructured documents up

to 100MB) Groups of binary files (up to 500 documents of up to

100 MB each).

Services for retrieval of documents: Inbox Query

Security: End-to-end encryption (GUI only) End-to-end integrity (GUI only) Point-to-Point integrity

e-TrustEx e-PRIOR CIPA e-Delivery


Thank You !!!

Click to edit Master title styleSEMIC 2014 – Athens, 9 April

http://semic.eu

http://semic.eu/

Date post:	24-Dec-2015
Category:	Documents
Upload:	godfrey-howard
View:	215 times
Download:	1 times

ISA programme: Secure-related initiatives Miguel Alvarez Rodríguez.

Documents