The Secure Identity Alliance is committed to helping governments deliver e-government services through secure identity technologies. It was founded in 2013 by leading document and service companies. The Alliance aims to accelerate e-government services by sharing best practices, promoting standardization, and providing guidance on security, identity, and privacy challenges. It has workgroups focused on digital identity and e-document security to define best practices and a security awareness model. The model will assess security solutions and provide recommendations to help members improve.
SQL Database Design For Developers at php[tek] 2024
Sharing best practices for success
1. Sharing Best Practices for
Success
Xavier Fricout, Deputy Board Member,
Secure Identity Alliance
World eIDCongress, September 2013
2. 2
Introducing the Secure Identity Alliance
• The Secure Identity Alliance is committed to helping public bodies across the
world deliver e-government services to citizens through the widespread
adoption of secure e-document technologies.
• Founded in March 2013 by leading eDocument and eService Companies
• Members at date:
World eID Congress 2013
3. 3
Its Objectives
Accelerate the transition to smart eDocuments to support an open,
interoperable and efficient roll-out of eGovernment online services by:
Describe and promote use cases of convenient value-added eGovernment
services
Share experiences and best practices between industry and governments
modernizing their services, in particular towards ensuring the privacy of
end-users’ personal information
Promote standardization of relevant and appropriate industry specifications
Make recommendations on the most up-to-date means to properly address
the governments identity and privacy challenges
• eDocument hardware, software and secure printing technologies, materials and physical security
expertise
• Deliver the level of confidence and assurance needed for the rapid adoption of eServices that can
be trusted by citizens
Provide consistent reference information on security, identity and privacy
challenges in a transparent manner
World eID Congress 2013
In short, the Secure Identity Alliance offers a trusted partner for governments
when defining their eDocument strategies and implementing associated
eGovernment services.
4. 4
Its Workgroups
World eID Congress 2013
DIGITAL IDENTITY
Government ID
versus commercial
ID
• State of the Art
• Vision
• Path to vision
eDOCUMENT SECURITY
Best practices in
full value chain for
eDocument
security
• State of the Art
• Vision
• Path to vision
5. 5
Best Practices in eDocument Security Workgroup
It’s about defining the best solution based on the
factorsthatneed to beconsidered of:
Usages and environment / convenience, privacy, durability
Best practice in securitymeasures and features
Real threatstowardsdefendingsecuritymeasures and
features
Appropriate international standards and regulations
Service levels and customer service
Logistics
Overallcost of the solution
World eID Congress 2013
6. 6
@
Environmental factors – Big data
World eID Congress 2013
Cell phone N
Address
Interests
Purchase history
Health Status
Blood group
Insurance
Address
Tax status
Social security
Birthday
Birthplace
Gender
Nationality
Credit rating
Income
Address
Travel habits
Work details
7. 7
Environmentalfactors – Standards &Regulation
“an online environment where individuals
and organizations will be able to trust each other
because they follow agreed upon standards to obtain
and authenticate their digital identities.” NSTIC
Regulations
NSTIC in the US (National Program Office of the
National Strategy for Trusted Identities in
Cyberspace)
e-IDAS in Europe (regulation on eIdentification,
eAuthentication and eSignatures and Trusted
Services)
National specific initiatives: Sweden, Estonia, etc.
Standards: CEN, ETSI, ICAO, ISO, GixelIN and others
Initiatives : GSMA Mobile ID
World eID Congress 2013
9. 9
Data, material flow & support services during
life time secure credential
World eID Congress 2013
Document
delivery
Document
usage
Design document
Security Optical
Procurement
materials
Manufacturing
blank document
Secure environment Controlled varieties
Transport
blank document
DATAFLOW
Entitlement
Post
issuance
mngt
Data
preparation
SUPPORT PROCESS
IT security
Reject/waste handling
(remake process)
Enrolment
Personalization
Document/
Document Issuance
Biographical data protection
Logical Security
MATERIALFLOW
Treatment
Materials and
Blanks
Facility
Security
10. 10
The Secure Awareness Model
Based on real world expertise,
experience and best practice
Based on use cases
Use of historical data
Visionary level of future state
development
Will incorporate self assessment
scheme for end users to define their
current development status.
Will provide users a report to define
their next steps in improving their
solution
Will incorporate anonymous reports to
provide position in region / world
SIA Maturity Index Creation eg. Wasada
University Model
World eID Congress 2013
Waseda Model
11. 11
Whatmakes the model unique
SIAis a global organization
SIAcovers the full lifecycle of secure documents
includingphysical and logicalsecurity
SIAis an expert throughits collective heritage and expertise
SIAis a trustedpartner: makingrecommendations for the
interest of governments and citizens/ non profit
Timeline: first draft of the model availableat cartes’13
World eID Congress 2013
12. 12
Interested to participate?
Governmentagenciesinterested in participating in the model
first draftcan contact the Secure Documents Workgroup
Chairman:
Neil Rudeforth atneil.rudeforth@secureidentityalliance.org
Actors of the Secure Identityinterested to join the Alliance
can contact the Secretary General or the Marketing &
Communication Consultant:
Jean-Claude Perrin atjean-
claude.perrin@secureidentityalliance.org
Stéphanie de
Labriolleatstephanie.delabriolle@secureidentityalliance.org
World eID Congress 2013
And can be complex.One has to take into account standards and regulations (international and regional):- NSTIC in the US (National Program Office of the National Strategy for Trusted Identities in Cyberspace) e-IDAS in Europe (regulation on eIdentification, eAuthentication and eSignatures and Trusted Services)National specific initiatives: Sweden, Estonia, etc.Standards also apply (CEN, ETSI, ICAO, ISO, GixelIN and others) For instance ICAO Identification Programme for Travel (2015-16)Other organizations initiatives eg. GSMA on Mobile IdentityOur Members are active individually in all these organizations. The road to interoperability, usability, convenience is long and this is why best practices need to be exchanged, security standards done.In this context, it is necessary for the industry to have a forum where collective actions can be designed and implemented to address these questions of common interest in this field and focused on Government/ Public Bodies programmes