Successfully reported this slideshow.

Identity and Access Management and electronic Identities _ Belgian Federal Government

3,551 views

Published on

IAM within eGovernment context in Belgium. eID Project. Presentation held by Mr. Walter van Assche, within the first session of the FORUM „INFORMATION TECHNOLOGY IN GOVERNMENT”, dedicated to interoperability, held at Chisinau, January 16th 2012.

Published in: Technology, Business
  • Be the first to comment

Identity and Access Management and electronic Identities _ Belgian Federal Government

  1. 1. Identity and Access Mgmt and electronic Identities Belgian Federal Government Walter Van Assche January 16th, 2012 Chisinau
  2. 2. ELECTRONIC IDENTITY (CARD)
  3. 3. Goal eID project• To give Belgian citizens an electronic identity Proof of identity card enabling them to authenticate themselves towards diverse applications and to put digital signatures Signature tool
  4. 4. eID partners
  5. 5. The eID as an e-gov. building block
  6. 6. Belgian eID Project Time line 13 Dec 1999: European Directive 1999/93/EC on Electronic Signatures 22 Sept 2000: Council of Ministers approves eID card concept study 19 July 2001: Council of Ministers approves basic concepts (smart card, citizen- certificates, no integration with SIS card, Ministry of Internal Affairs is responsible for RRN’s infrastructure, pilot municipalities, helpdesk, card production, legal framework,… Fedict for certification services 3 Jan 2002: Council of Ministers assigns RRN’s infrastructure to NV Steria1999 2000 2001 2002 2002 2003 2004 2005 2009 27 Sept 2002: Council of Start of 2009: all citizens have an eID Ministers assigns card card production to NV Zetes, certificate services to NV September 2005: all newly issued ID Belgacom cards are eID cards 31 March 2003: first 4 eID cards 27 September 2004: start of nation-wide roll-out issued to civil servants 25 January 2004: start of pilot phase evaluation 9 May 2003: first pilot municipality starts issuing eID cards 25 July 2003: eleventh pilot municipality started
  7. 7. The eID “product family” Kids-ID eID Foreigner-ID
  8. 8. The eID: results • eID: – More than 8.6 Million cards issued (2nd wave) • Kids-ID: – Potential: 1,3 Million cards – More than 100.000 cards issued since March 2009 • Foreigner-ID: – Potential: 1,5 Million cards – More than 150.000 cards issued since 2008 8
  9. 9. How does it work? Internet 1) Request 2) Redirect to ePortal Login page 6) Session Creation 5.2) Redirect with SAML ResponseePortal External Firewall User Web Server Application External Portal Server 5.1) Redirect with SAML Response (Posting with JavaScript) External Firewall 3) Login in ePortal Authentication page 4.1) Checking Credetials 4.2) Checking Credetials Web Server Application LDAP Federal ePortal Server
  10. 10. Alternatives with different security levels• Different security levels : Level 0 – level 0 : Public access Level 1 – level 1 : User name + Password Level 2 – level 2 : User name + Password + Token Level 3 – level 3 : Electronic identity card• Future evolutions (based on eID) : – Mobile Identity – One Time Password Generators?
  11. 11. IDENTITY AND ACCESSMANAGEMENT IN EGOV
  12. 12. What is IAM? A simple story…Getting access User Application © Fedict 2009. All rights reserved | p. 12
  13. 13. What is IAM? A simple story…Getting access User Application Identification & authentication © Fedict 2009. All rights reserved | p. 13
  14. 14. What is IAM? A simple story…Getting access NRN KBO Notarissen … User Attributes Application Identification (Name, & authentication Company,…)
  15. 15. What is IAM? A simple story…Getting access NRN KBO Notarissen … User Attributes Applications Identification Permissions (Name, & authentication company,…) Roles
  16. 16. What is IAM? A simple story…Getting access NRN KBO Notarissen … User Attributes Application Identification Permissions (Name, & authentication Company,…)Granting access Roles Workflow Security Manager Chief Security Mgr Legal Representative KBO © Fedict 2009. All rights reserved | p. 16
  17. 17. IAM…. In a complex reality Process overview Mandate Management Attestation Manage Identity Reporting Manage Virtual Identity Risk Definition Request Permission Manage Organizationa Relying Party Authenticate l Membership Management Manage Role Definition Auditing Manage Permission Manage Contexts Manage Domains © Fedict 2009. All rights reserved | p. 17
  18. 18. Relevance of IAM within eGovernment contextTransparance: Security: Trust and• Granting of transparant • Avoid unauthorized trustworthy: access to different access to information • Decent service provider applications and sources and applications information sources of the of the federal government Belgian government Autonomy: Governance • Ensure the “uniqueness” structure: of each of the partners • The rules and agreements within an IAM context © Fedict 2009. All rights reserved | p. 18
  19. 19. Security management >> An historical agreement …..An agreement is being defined between Belgian government partners, providing abasis for an integrated security managementA joint security management platform will be offered as a managed serviceAll partners can participate in the steering group of the joint platform © Fedict 2009. All rights reserved | p. 19
  20. 20. Federated context >> co-existance
  21. 21. Federated context: Example >> DigiflowContext of Federale government OCMW local governmentsGetting access NRN KBO Notarissen … User Attributes Digiflow Identification Permissions (Name, & authentication Company,…) © Fedict 2009. All rights reserved | p. 21
  22. 22. Federated context: Example >> Tax on Web for accountants Mandate MgtGetting access NRN KBO … User Attributes Tax on web Identification Permissions (Name, & authentication Company,…)Granting access Roles Workflo w Security Mgr Head Security Mgr Legal represetative KBO © Fedict 2009. All rights reserved | p. 22
  23. 23. Fedict IAM offering Trusted Third Party Application A Relying Party …User Circle of Trust Application X Authentic sources RR FAS BIS Admin RoleAdmin KBO
  24. 24. Fedict IAM evolutionCurrent building blocks Optimized building blocks Self Role Definition CSAdmin Registration Management Citizen Admin Role Admin Self Role User Role Management User Role Assignment Mgt Mgt VOSync Mgt Mgt Reporting TUM Self Management Reporting User Lifecycle Organization Service Management Assignment Risk Magma Management Authentication Authentication Attribute MagmaWS Relying Party Service Identification & Authentication Management FAS+ FAS1 Attribute Publication
  25. 25. EU pilots that work on cross-border interoperability© fedict 2011. All rights reserved
  26. 26. Overview of LSP’s Collaborations Transport Infrastructure Company Dossier Company ID Infrastructure Citizen ID Transport Citizen ID Transport Infrastructure Company Dossier Company ID Citizen ID Citizen ID Privacy Privacy
  27. 27. Thank you Fedict Maria-Theresiastraat 1/3 Rue Marie-Thérèse Brussel 1000 Bruxelles TEL. +32 2 212 96 00 | FAX +32 2 212 96 99info@fedict.belgium.be | www.fedict.belgium.be

×