View my documents ()
 Home > Insights 

Identity and Access Management (IAM)

Focusing on our views about deployment challenges, and some of the important trends related to Identity and Access Management

Friday, April 11, 2008 - Posts

  • Some thoughts on e-ID

    In late February I gave a talk at a conference on e-ID in Belgium organized by L-SEC http://www.lsec.be. Belgium is one of the first countries in the world where all citizens will have their identity supported by a digital identity card. Unlike Finland, where the e-ID card is optional, in Belgium it is a legal requirement that every resident registers their address. This registration process is performed at the local town hall and delivers an e-ID identity card at a cost of around 10 Euros. Up to date around 7 million e-ID cards have been distributed; by the end of the year all 8.3 million citizens older than 12 years of age should be in possession of their e-ID. It is no surprise that Belgium is looking for ways to exploit this card.

     

    One example of this is eBay who recently entered into an agreement to integrate e-ID as one of the verification options for its users in Belgium. This new functionality allows new and existing eBay-users to (re)register on the site by having their identity confirmed quickly, and safely. On top of that, eBay-sellers who use this verification method will get an ‘e-ID Verified’ label next to their username. Next to the seller’s profile and feedback score, this will be an additional indicator to that the buyer or seller is trustworthy.

     

    The three basic functionalities of e-ID are data capture, authentication and electronic signature. Around 40 to 50% of all e-ID applications in Belgium relate to data capture and 40 to 45% are for authentication. Together data capture and authentication cover 90 to 95% of all the current applications. The much smaller number around 5% to 10% relate to electronic signature. ‘Data capture’ is when the card is put into the reader in the library, a hotel or in the city hall and the application reads the name and some other data on the e-ID card. ‘Authentication’ is used in all kinds of web applications (and incidentally CA’s SiteMinder is used by the Flemish Government MVG for this). The e-ID card is also well suited as authentication mechanism for PC banking.

     

    The card stores a visible and digital picture but also allows to log on to the National Register, the government database. The e-ID card is used to authenticate the citizen for access to public services. The resident can also consult the Register and see what the authorities have stored and who has accessed that information (except for State Security). For example a user can use the card to borrow books from the library and later check which books he has borrowed and when they are due to be returned. A more mundane side effect of this is that access to municipal garbage dumps is now controlled by your e-ID card. If you try to dump your garbage at a dump that is outside of the commune where your address is registered you will not be allowed access!

    Share this post: Email it! | bookmark it! | digg it! | reddit!
    Posted Apr 11 2008, 09:22 AM by Mike Small with no comments
 
 
Page Tools