Identity Management Systems (IMS)
Challenges and Opportunities for e-Government
e-Government Europe 2004
Noordwijk aan Zee, NL, 1-3 March
Institute for Prospective Technological Studies (IPTS)
Seville, Spain
http://www.jrc.es
http://www.jrc.cec.eu.int
1
CONTENTS






E-Government services: a new paradigm
A ‘trusted’ environment for e-Government services
Identity, Identity Management and applications
Identity Management requirements
e-Identification and the Public Sector
Discussion Topics
2
E-Government services: a new paradigm
 ICTs increasingly used to reduce cost, improve efficiency of e-Government
services through: (a) back-office re-engineering; (b) one-stop-shop approach;
(c) interoperable systems & interfaces.
 However, important social and technological developments act as drivers for
change: e.g. (a) enlarged and aging population in need of personalised
services; (b) increased socio-cultural & religious diversity; (c) flexible, mobile
living + working + consumption patterns; (e) pervasive computing, ubiquitous
communication, intelligent interfaces (Ambient Intelligence environment).
 In addition, renewed interest in the role of the public sector in encouraging
demand and the part that e-services can play.
 The issue of e-Government wider-adoption sets new requirements on public
e-services (from supply-side issues to demand-side and societal factors).
Future Challenge:
From more efficient e-Administration to personalised e-Government services
to e-Governance based on Knowledge Management in an AmI environment
3
A ‘trusted’ environment for e-Gov. services
 Rising crime, lack of security, trust and privacy protection impacts, inherent
computer interface complexity, and cost of solutions seem to be the main
barriers to the wider adoption of ‘trusted’ physical and knowledge networks,
required to transform Europe into a Knowledge Society (Lisbon objectives).
 The deployment of identification technologies as a panacea for ‘trust’ problems
raise some concern since emerging technology and other social and financial
factors, affect their application in ways that requires further understanding.
 Also e-Governance in an AmI environment requires that new risks be assessed
and managed, especially regarding the public/private sphere boundaries.
 Solutions related to identification and authentication need be devised so as to
efficiently secure the e-services and promote citizens’ confidence in them.
Future Challenge:
Identification, Authentication, Identity management, Liability, Security, Privacy,
legal aspects and social implications ought to be carefully addressed.
4
Identity, Identity management and applications
 People are skilful in mastering identity,
which is a complex social concept, in the
real world, but not yet in the virtual world
 Technologically supported Identity
Management gives users control over
the amount and nature of their personal
data that should be released.
 IM is driven by security/access
management needs, but also
seen as a tool to enforce
security and privacy protection.
 IM is a layered problem that
needs a comprehensive solution
dealing with all layers at once.
 IM needs a flexible, cost-aware,
public-lead & market-driven
evolution path
5
Identity Management - Requirements
 Specific Functionality (depending
on the scenario)
 Basic Usability
 Security
 Privacy
 Specific Law Enforcement legal regulations
 Objective Trustworthiness
 Affordability
 Interoperability
“ IMS Identification and Comparison Study ”
Hansen, M., ICPP Schleswig-Holstein, DE, Sep.03
6
Technology & identity-attribute
independent requirements
e-Identification and the Public Sector
 Identification used in the physical world varies as to: (a) the medium/support
type; (b) geographic and sectorial scope; (c) the process to issue, re-new,
authenticate; and (d) the security and data protection mechanisms.
 Various e-identification processes exist at local and national level with significant
variation as to the scope, purpose and mechanisms.
 Secondary use of the result of the process, extended use beyond sector and
geographical borders and the security and privacy risks involved indicate that
problem is thornier than technical or legal interoperability alone.
 IMS with the following min functionality: usability, multi-lateral & multi-channel
security and law enforcement limitations, privacy protection, offering users
transparency and control over their data, can help enhance trust and thus
acceptance of such an environment.
 However users will be expected to develop new skills related to the online world
and be prepared to upgrade them as time and technology progresses.
Future Challenge:
For the Public sector policy and governance issues are thornier than the
technical e-identification capability.
7
Policy questions for further discussion (1)
• How to develop interoperable IMS from the heterogeneous, autonomous,
authentication systems that exist and operate today?
Cooperation among all levels of Government (cross-country + intra-country) especially
when considering legal impacts of standardisation of both data and processes of issuing,
verifying, revoking source identity documents leading to data + function interoperability.
Cooperation among public/private actors on authentication issues related to security,
privacy protection, liability, non-repudiation, centralised vs. distributed/federated IMS, etc.
• CONVERGENCE questions: ?
Geographical and sectorial convergence will bear new problems such as: increased interdependence as a result of single sign-on, technical & legal interoperability needs,
increased security and privacy risks (Identity theft, data aggregation/profiling).
• PARTNERSHIP questions: ?
Private sector, mainly banks, which have experience on secure e-identification solutions
over a variety of remote channels (phone & mobile, PC & Internet banking, Interactive
TV and payment cards) need to share experience in assessing risk and developing and
deploying security/privacy compliant IMS. This may result in sharing of costs and an
easier learning process leading to widespread adoption of services.
8
Policy questions for further discussion (2)
• Governments’ role in identity management is to properly balance the competing
interests of legitimate public and private business activities, law enforcement and
state intelligence while protecting citizens and consumers’ privacy. How can they
play this role effectively?
ICT can play an important role in this by aiding in the managed transfer of control from
the hands of an unaccountable central administration to the hands of appropriately skilled
citizens, through the wider adoption of Identity Management Systems.
Also, an appropriate e-governance structure will have to be developed / implemented.
• Is it desirable to require a single national ID for all citizens? Is it necessary to
avoid such a scheme so as to prevent inevitable misuse and abuse?
The essence of the question relates to who will have control over what data and what
processes will be in place to aid in the implementation of the IMS to be used.
• The role of biometric and DRM technologies? Who will pay for/control them?
Depending on the specific application and thus the need for weak or strong identification
the role of such technologies in authentication processes and in protecting identity
information should be better understood.
9
Thank you !
Any Questions ?
Contact Details
Ioannis Maghiros
Cyber-Security Project Officer
EC – DG JRC – IPTS – Seville
ioannis.maghiros@jrc.es
10