SlideShare une entreprise Scribd logo

Stork Deliverable D4.1 Interim Report On E Id Process Flows

Friso de Jong
Friso de Jong

STORK is a large scale pilot in the ICT-PSP (ICT Policy Support Programme), under the CIP (Competitiveness and Innovation Programme), and co-funded by EU. It aims at implementing an EU wide interoperable system for recognition of eID and authentication that will enable businesses, citizens and government employees to use their national electronic identities in any Member State. It will also pilot transborder eGovernment identity services and learn from practice on how to roll out such services, and to experience what benefits and challenges an EU wide interoperability system for recognition of eID will bring. The STORK consortium would like to announce that the approved STORK deliverables have now been released for public view and uploaded to the STORK website under the STORK Materials section.

Business
1  sur  18
Télécharger pour lire hors ligne
COMPETITIVENESS AND INNOVATION FRAMEWORK PROGRAMME ICT Policy Support Programme (ICT PSP) Towards pan-European recognition of electronic IDs (eIDs) ICT PSP call identifier: ICT-PSP/2007/1 ICT PSP Theme/objective identifier: 1.2 Project acronym: STORK Project full title: Secure Identity Across Borders Linked Grant agreement no.: 224993 D4.1 Interim Report on eID Process Flows Deliverable Id : D4.1 Deliverable Name : Interim Report on eID Process Flows Status : Final Dissemination Level : Public Due date of deliverable : M8 Actual submission date : 03/03/2009 Work Package : 4 Organisation name of lead contractor for UK IPS this deliverable : Author(s): Neil Clowes and Jim Purves UK, SI, EE, ES. Other member states have contributed Partner(s) contributing : through providing legal and other contextual information and through review Abstract: This document provides an overview of the current process flows that will be the input for the pilots. Project funded by the European Community under the ICT Policy Support Programme  Copyright by the STORK-eID Consortium
D4.1 Interim Report on eID Process Flows 03/03/2009 History Version Date Modification reason Modified by 1.0 13/01/2009 Draft document Neil Clowes and Jim Purves (UK IPS) 2.0 20/02/2009 Updating Davorka Sel (SI MPA) 3.0 03/03/2009 Last editing Neil Clowes  STORK-eID Consortium Page 2 of 18
D4.1 Interim Report on eID Process Flows 03/03/2009 Table of contents HISTORY........................................................................................................................................ 2 TABLE OF CONTENTS ............................................................................................................... 3 1 EXECUTIVE SUMMARY ................................................................................................... 4 2 PROCESS FLOWS ............................................................................................................... 5 3 LEGAL QUESTIONS TO MEMBER STATES................................................................. 9 3.1 FIRST SET OF LEGAL QUESTIONS ..................................................................................... 9 3.2 SECOND SET OF LEGAL QUESTIONS ............................................................................... 10 4 PROJECT PLAN ................................................................................................................. 18  STORK-eID Consortium Page 3 of 18
D4.1 Interim Report on eID Process Flows 03/03/2009 1 Executive Summary For successful completion of deliverable 4.1, it is necessary that the legal and trust environments are understood as well as the technical and non-technical interactions. It is only possible to carry out cross border service transactions if the IT architecture can operate legally in all the member states applying it and convey with it confidence in the identity of the user notwithstanding technical interoperability. In the early stages of the work the focus was on understanding each action, who would carry them out and in what sequence. Exchanges of e-mails, meetings and workshops acted to clarify thinking and drive forward emerging solutions for further exploration. As the discussions broadened out to encompass more stakeholders it soon became apparent that data protection legislation rendered some potential solutions impractical and not legal. The work also identified that the legal concept of vires would play an important part even in a customer centric solution. In order to ensure the legal environment within each member state as regards STORK was understood in developing the process flows the initial questionnaire shown below was sent out on 3 December. Further questions which needed to be answered were identified at a further workshop and a second questionnaire sent out on 23 December. As the questionnaire explains, it is important to determine what legal issues may affect the proposed interactions and transactions, described for the pilots, involving personal data held on government or private databases within the Member State. It is important to determine what legal issues may affect the proposed interactions and transactions because the pilots will involve real personal data held on government or private databases within the member state. The responses have enabled further development of the process flows and the current process flows are shown below. They represent the current physical manifestation of the final deliverable for this Work package but are still being discussed and reviewed. There is currently significant discussion going on about the eSignature process flow. This is due to be resolved over the course of the next month.  STORK-eID Consortium Page 4 of 18
D4.1 Interim Report on eID Process Flows 03/03/2009 2 Process Flows The following diagrams show the process flows that have been delivered to date. These are still draft and are under review by the Member States. Figure 1 presents process flow for cross border authentication where service provider (SP) country and identity provider (IDP) country use PEPS approach. The whole authentication process is split into three phases being service selection phase, identification phase, and assertion validation and login phase. The division into three phases is important as they can be also parts of other processes, such as for example user registration process. In the continuation the description of the authentication process flow as presented in Figure 1 is given. Let us suppose that the service is provided by MS B. The user starts the authentication process by selecting to authenticate with the SP. SP sends the request for authentication and the information of the QAA level that it requires to MS B PEPS to proceed with the authentication of the user. The MS B PEPS then ask the user which MS issued the eID he is planning to use for the authentication and provides a list of MS. The user selects from the list the MS which eID he/she plans to use. According to the user selection of the MS the request for authentication and required QAA level of the service are sent from MS B PEPS to MS A PEPS (the latest being MS which was selected by the user). The MS A PEPS then provides the user with a list of eIDs that are suitable for the authentication as they satisfy condition of required QAA level. The user selects eID he/she wants to authenticate with. The validation of the provided eID is then carried out based on MS A specific interaction with the user. Upon successful validation of the eID, MS A PEPS creates assertion with the authentication statement and a unique, minimum, persistent representation of the user’s identity and sends this assertion to MS B PEPS. The latter first validates received assertion. Conversion of the received assertion and transmission of received data to SP is carried out according to MS B procedure. The user is finally authenticated with the MS B SP and can proceed with the use of service.  STORK-eID Consortium Page 5 of 18
D4.1 Interim Report on eID Process Flows 03/03/2009 Figure 2 presents MS specific validation of the user’s eID as mentioned in the description of Figure 1. There are at least two options for validation, as presented in Figure 2. In the first option the user selects from the list provided by MS A PEPS for authentication for example digital certificate. MS A PEPS forwards request for the validation of the certificate to the IDP which has issued the certificate. In the second case the user select eID from the list that is provided by MS A PEPS, according to the selection the user receives the request for authentication directly from the IDP (for example to enter user name and password). Upon entering user name/password the identity is validates at IDP. Figure 3 presents process flow for cross border authentication where the user wants to authenticate with the smart card and SP country uses PEPS approach. Again the authentication process flow is divided into three phase, the same as presented in Figure 1. The user starts the authentication process by selecting to authenticate with the SP provided by MS B. SP sends the request for authentication and the information of the QAA level that it requires to MS B PEPS. The MS B PEPS then asks the user which MS issued the eID he is planning to use for the authentication and provides a list of MS. The user selects from the list the MS which eID he/she plans to use. According to the user selection of the MS the request for authentication and required QAA level of the service are passed to Virtual IDP of the MS selected by the user (let us suppose this is MS A). Note that Virtual IDP of MS A is hosted by MS B. Virtual IDP checks if the eID (smart card) of MS A satisfies the QAA level required by SP. If yes, the authentication request is redirected from MS A Virtual IDP to MS A middleware, which ask the user to provide the token. This is followed by the MS specific interaction with the user needed for validation of provided eID. If the validation is successful, Virtual IDP creates assertion with the authentication statement which is then sent to MS B PEPS. The latter first validates received assertion. Conversion of the received assertion and transmission of received data to SP is then carried out  STORK-eID Consortium Page 6 of 18
D4.1 Interim Report on eID Process Flows 03/03/2009 according to MS B procedure. The user is finally authenticated with the MS B SP and can proceed with the use of service.  STORK-eID Consortium Page 7 of 18
D4.1 Interim Report on eID Process Flows 03/03/2009  STORK-eID Consortium Page 8 of 18
D4.1 Interim Report on eID Process Flows 03/03/2009 3 Legal Questions to Member States Two sets of legal questions were sent to the suppliers: These can be seen below: 3.1 First set of legal questions Q1: Is the administration that is the data controller, within the context of the STORK pilots, legally allowed to share data with a third party across borders with user consent? Q2: For the service provider, what obligations are there about data access by the subject to update, see, delete etc? What are the requirements relating to storage and destruction? What restrictions exist on subsequent use of the data? Does the data have to be deleted at the end of the pilot? Q3: In the case of the unique identifying number, what is the answer to the same questions in Q.2 above? Q4: Within the same Member State, where a computer server containing the relevant information is run by a separate organization to the authority who needs to confirm the identity information given, can that authority access the data for the use of a cross border service? Q5: What legal restrictions, if any, relate solely to the electronic component of sending data from one Member State to another? Q6: Is there a difference if the control of the electronic transfer of data is run by the private sector? Q7: Is the administration that is the data controller, within the context of the STORK pilots, legally allowed to share data across borders without user consent? Q8: What are the specifics involved in providing informed consent? Q9: Is there a legal difference between a person having control of the data during the transactions envisaged in the pilot and the subject giving consent to the transfer of data but not having control over the transaction?  STORK-eID Consortium Page 9 of 18
D4.1 Interim Report on eID Process Flows 03/03/2009 Q10: Can a user give consent or be said to be in control if they cannot read the data in question because it is encrypted? Q11: Is the answer to the above question different if there is a simultaneous sending to the user in plain text with a statement that this is the same information as placed within the encryption? 3.2 Second set of legal questions Item Question Authentic The identity of the controller has to be specified, as well as the purposes for the data source principle collection (articles 6 and 10, DPD). Data minimisation has to be observed (art. 6) and data should be accurate and up to date. These requirements may be difficult to meet in cases where no direct access is available to reliable data sources (such as authentic registries). These mean a dataset that allows the data subject to be uniquely identified (i.e. an identifier). 1. Which attributes are controlled by the users on using their passwords or PINs? All data that are in the token Part of the data that are in the token They do not need any password or PIN: data are freely accessible. Other (mention it) eSignatures A certificate is an electronic attestation, which links signature-verification data to a person Directive & and confirms the identity of that person. "Qualified certificate" meets the requirements laid Credentials down in Annex I of eSignature Directive and is provided by a certification-service-provider who fulfils the requirements laid down in Annex II of the Directive. By definition, authentication certificates, can be used to authenticate the holder (confirm the identity); because qualified certificates are issued (involving face-to-face verification procedures of the claimant/citizen) and verified in a more tightly controlled process than for other (advanced) certificates as outlined in Directive Annexes: the proof is stronger (assurance level is higher). Member states may also determine for which purpose a particular certificate may be used. Most differentiate between the authentication certificate and the non-repudiation digital signature and consider it undesirable that the authentication certificate is used for signature purposes and vice versa... It is up to the individual member states to determine whether they accredit certification-service providers and give them the right to issue qualified certificates and whether their eIDs make use of qualified certificates or other certificates.  STORK-eID Consortium Page 10 of 18
D4.1 Interim Report on eID Process Flows 03/03/2009 Item Question The basic legal effects of these QC's is handled by the e-signature Directive and its transposition in national legislation. The liability in the case of Qualified certificates rests on the CA (but also certain limitations.) that issued the certificate, whereas this is more complicated for non qualified certification-service providers. These are likely to have provisions (waiving) regarding their liability in their terms of service. Because there are potentially, many certification-service providers this may lead to a complicated mesh of different liability regimes. 2. In your country, which is more formal from the legal point of view to verify a private person identity? Using a authentication QC Using a signing QC Both have the same legal validity. Other (mention it) Privacy Applications Services should Yield indispensable data than is strictly necessary for the Directive purposes of the application or service. 3. Has the user to sign an offline or online contract with the service provider for the pilots? Alternatively, the user has only to accept/disclaimer page in the website? Yes, online Yes, offline No, only an online disclaimer No, only an offline disclaimer Do not known Other (mention it) 4. With informed user consent, are identification data attributes collected to the minimum necessary (adequate, relevant and non-excessive)? Yes, only what we need No, we get more data than are usually need No, only an online disclaimer No, only an offline disclaimer Do not known Other (mention it)  STORK-eID Consortium Page 11 of 18
D4.1 Interim Report on eID Process Flows 03/03/2009 Item Question 5. Has been the data acquisition process checked to confirm the previous affirmative answer? Yes No Do not known Other (mention it) 6. Do the Directive implementation or any MS law (National Register Acts, Identity Card Acts, eGovernment Acts, and so forth) restrict the use of identifiers (numeric or data attributes combinations) to link it to the person? Yes, (mention it) No Do not known Other (mention it) 7. In case that linking identifiers to privates persons would be restricted, could they be used “virtual” identifiers? Yes No Do not known Other (mention it) Services The recent Services Directive of 12 December 2006 (to be transposed by the Member States Directive by 28 December 2009) might have effect on facilitating the interoperability of information Applicability to systems and use of procedures by electronic means between service providers. In some the issue of cases, relying parties may want to obtain more attributes from a claimant than present in the presented eID, or they may want to establish an attribute at a higher level of assurance identity than offered by the eID (e.g., the address, and even name, present on a smart card may be management outdated). In many of the member states studied, There are authentic registers that offer authorised entities access to authentic data pertaining to citizens. 8. Are there any eGov or private service implementation in your country for serving additional data not present in the eID? Yes, (mention it)  STORK-eID Consortium Page 12 of 18
D4.1 Interim Report on eID Process Flows 03/03/2009 Item Question No Do not known Other (mention it) 9. If yes, could it be accessed (freely or on previous agreement) from any other MS? Yes No Do not known Other (mention it) Item Question Identifiers Authentication (identification process) has been defined above as ‘the corroboration of the claimed identity of an entity or of a set of its observed attributes’. A distinction should Identifiable therefore be made between two situations: data- identifiers 1. Authentication of the status: entity must have specific required quality, it is not in the surveyed necessary for an application to know who a specific entity is, exactly. The countries application determines the entity’s status, not his/her identity. 2. Authentication of the identity: application needs to authenticate the entity by determining his/her exact identity. Thus, authentication can sometimes be done by merely establishing a quality (case 1), or by determining the precise identity of an entity (case 2). In both cases, the final goal would obviously be served by presenting any and all attributes regarding a specific entity. By definition, determining an identity uniquely requires the use of a unique identifier. Understanding it as ‘an attribute or a set of attributes of an entity which uniquely identifies the entity within a certain context’. Identifiers reference to a unique object used by an entity to be uniquely represented within the specific context of the object; the validity of the identifier is limited to the entity and object lifecycle; examples are passport numbers, credit card numbers, identity card numbers, driver’s licence numbers; the validity of a identifier may depend on a number of factors (e.g., context, time. For pilots, it should be possible to create a new identifier on the basis of a national identifier by means of a one-way transformation function and use this new number as the identifier in the relying party's system. Presently, this is similar to how derived identifiers are created in some Member States. 10. Can unique identifiers or a set of identifying attributes data from foreign claimants be legally stored in eGovernment transaction process? Yes,  STORK-eID Consortium Page 13 of 18
D4.1 Interim Report on eID Process Flows 03/03/2009 Item Question No, Do not known Other (mention it) Unambiguous User consent will not be too problematic when data is provided by the claimant directly consent of the (e.g., in an online form), or when data can be obtained from a certificate presented by the data subject claimant (for instance, taken from a certificate on a smart card inserted into a reader (the claimant). attached to the divide the claimant uses in the interaction). It becomes more complicated when the service provider (relying party) needs to obtain additional data, such as (certified) attributes and these can be, or even have to be obtained, from other sources than the user. In some cases, it may be possible, for instance, to collect the data from authentic registers in the claimant home member state. In these cases, also consent of the user may be required in order to make the processing legitimate. 11. What part of the current information of an eID can be use on electronic format directly by an application, through the owner consent? (to tick one or more as necessary, double-click and activate): All data in electronic format Part of the data in electronic format ( please, list them here) Only the data that can be read by humans on the support token None 12. In your country, online user consent for data contained on an eID is usually understood as: (to tick one or more as necessary, double-click and activate): Accessing user data (generally using PIN) and showing them to the user. Accessing user data (generally using PIN). There is NO need to show them to the user, it is supposed they what they are. User consent is granted through established online Policy, as user interacts with the site. . User consent is granted through a contract other (explain it in short) 13. Has the user available some other data in electronic format (from any public or private source) that may complement the one in the eID? (to tick one or more as necessary, double-click and activate):  STORK-eID Consortium Page 14 of 18
D4.1 Interim Report on eID Process Flows 03/03/2009 Item Question Only public eGovernment Only private provider service Both kind of services Actually, There is no available service for the moment other (name it): 14. Is there a previous user consent explicitly established by any law or regulation or depends from the ad-hoc user consent (to tick one or more as necessary, double-click and activate): Previous legal user consent Previous contractual service user consent Ad-hoc ( user has to give consent every time) other (name it): Authentication Obviously, this issue is only relevant in the broader context of identity management, but not vs. Consent when examining the narrower issue of authentication as such. After all, authentication by definition will be initiated by the data subject himself/herself, so that the only issue of consent is the determination of the data set required for authentication purposes. 15. Usually, the user consent must be given unequivocally. When registering for using online services (public or private) the user consent is given implicitly or must be given explicitly (online agreement “accept”, physical legal contract etc..)? Usually, there is an online contract. Usually, there is an offline physical contract Usually, there is an accepting disclaimer notice There are not any online or offline notice do not known Other (mention it) Attribute data In some cases, relying parties may want to obtain more attributes from a claimant than source present in the presented eID, or they may want to establish an attribute at a higher level of assurance than offered by the eID (e.g., the address, and even name, present on a smart card may be outdated). In many of the member states studied there are registers that offer authorised entities access to authentic data pertaining to citizens.  STORK-eID Consortium Page 15 of 18
D4.1 Interim Report on eID Process Flows 03/03/2009 Item Question 16. Does the nationality being obtained directly or with PIN from the eID by an application program (to tick one or more as necessary, double-click and activate): No, there is no nationality data No, nationality data is no machine-readable. It is “printed”. Yes, nationality data is accessible by program. 17. Which obligations and/or restrictions apply to updating, deleting storing, destructing etc…, for stored data from a service provider, controller or processor point of view? They are implemented as recommended from the DPD and grouped into security documents that need to fulfil the established conditions. Even, the can be reflected on contract. They are implemented as recommended from the DPD, but there is no formal document, as mentioned above, but they also may be reflected on contract. Security measures do not depend directly on DPD implementation other (explain it in short) Incident It seems reasonable that each participating member state should review their respective Handling legislations, because DPD transposition may arise some issues on incident handling: incident, notification and administration procedures should exist, and any incidences, that may affect the personal data, must be registered. Therefore, it is possible that cross- countries incidences must raise and the owners of the systems/files from the affected countries need to be aware. Perhaps, this foresees an international incident handling procedure that must be agreed on by all participating MS. 18. Is DPD transposition on your country aware of this responsibility for data controller? Yes No. do not know Other (mention it) 19. Does raise DPD transposition on your country the security need of an incident  STORK-eID Consortium Page 16 of 18
D4.1 Interim Report on eID Process Flows 03/03/2009 Item Question handling procedure when data treatment for the data controller is done by a processor in other MS? Yes No. do not know Other (mention it) 20. Data transferring is between a controller and a processor depends on a contract. Is incident notification directly regulated by the contract or it depends on the DPD transposition implementation? Incident handling depends on only contract Incident handling depends on, both contract and DPD transposition Incident handling depends only contract DPD transposition do not know Other (mention it)  STORK-eID Consortium Page 17 of 18
D4.1 Interim Report on eID Process Flows 03/03/2009 4 Project Plan  STORK-eID Consortium Page 18 of 18

Recommandé

Open meeting work group 3
Open meeting work group 3Open meeting work group 3
Open meeting work group 3
Friso de Jong
 
Changes To The Draft Business Plan As Agreed At The Kick Off Meeting On 2010 ...
Changes To The Draft Business Plan As Agreed At The Kick Off Meeting On 2010 ...Changes To The Draft Business Plan As Agreed At The Kick Off Meeting On 2010 ...
Changes To The Draft Business Plan As Agreed At The Kick Off Meeting On 2010 ...
Friso de Jong
 
E invoicing, e invoicing standardization in europe
E invoicing, e invoicing standardization in europeE invoicing, e invoicing standardization in europe
E invoicing, e invoicing standardization in europe
Friso de Jong
 
E invoicing, how to facilitate the adoption of by sm es
E invoicing, how to facilitate the adoption of by sm esE invoicing, how to facilitate the adoption of by sm es
E invoicing, how to facilitate the adoption of by sm es
Friso de Jong
 
CWA 16049, Assessing new business processess and technologies for eInvoicing
CWA 16049, Assessing new business processess and technologies for eInvoicingCWA 16049, Assessing new business processess and technologies for eInvoicing
CWA 16049, Assessing new business processess and technologies for eInvoicing
Friso de Jong
 
Cwa4 Emerging Network Infrastructure Of E Invoice Sp
Cwa4 Emerging Network Infrastructure Of E Invoice SpCwa4 Emerging Network Infrastructure Of E Invoice Sp
Cwa4 Emerging Network Infrastructure Of E Invoice Sp
Danny Gaethofs
 
Feedback on comments received on the mid-term report of the Expert-Group on e...
Feedback on comments received on the mid-term report of the Expert-Group on e...Feedback on comments received on the mid-term report of the Expert-Group on e...
Feedback on comments received on the mid-term report of the Expert-Group on e...
Friso de Jong
 
Mug 'core' cross industry invoice european message implementation guideline...
Mug 'core' cross industry invoice european message implementation guideline...Mug 'core' cross industry invoice european message implementation guideline...
Mug 'core' cross industry invoice european message implementation guideline...
Friso de Jong
 

Recommandé

Open meeting work group 3
Open meeting work group 3Open meeting work group 3
Open meeting work group 3
Friso de Jong
 
Changes To The Draft Business Plan As Agreed At The Kick Off Meeting On 2010 ...
Changes To The Draft Business Plan As Agreed At The Kick Off Meeting On 2010 ...Changes To The Draft Business Plan As Agreed At The Kick Off Meeting On 2010 ...
Changes To The Draft Business Plan As Agreed At The Kick Off Meeting On 2010 ...
Friso de Jong
 
E invoicing, e invoicing standardization in europe
E invoicing, e invoicing standardization in europeE invoicing, e invoicing standardization in europe
E invoicing, e invoicing standardization in europe
Friso de Jong
 
E invoicing, how to facilitate the adoption of by sm es
E invoicing, how to facilitate the adoption of by sm esE invoicing, how to facilitate the adoption of by sm es
E invoicing, how to facilitate the adoption of by sm es
Friso de Jong
 
CWA 16049, Assessing new business processess and technologies for eInvoicing
CWA 16049, Assessing new business processess and technologies for eInvoicingCWA 16049, Assessing new business processess and technologies for eInvoicing
CWA 16049, Assessing new business processess and technologies for eInvoicing
Friso de Jong
 
Cwa4 Emerging Network Infrastructure Of E Invoice Sp
Cwa4 Emerging Network Infrastructure Of E Invoice SpCwa4 Emerging Network Infrastructure Of E Invoice Sp
Cwa4 Emerging Network Infrastructure Of E Invoice Sp
Danny Gaethofs
 
Feedback on comments received on the mid-term report of the Expert-Group on e...
Feedback on comments received on the mid-term report of the Expert-Group on e...Feedback on comments received on the mid-term report of the Expert-Group on e...
Feedback on comments received on the mid-term report of the Expert-Group on e...
Friso de Jong
 
Mug 'core' cross industry invoice european message implementation guideline...
Mug 'core' cross industry invoice european message implementation guideline...Mug 'core' cross industry invoice european message implementation guideline...
Mug 'core' cross industry invoice european message implementation guideline...
Friso de Jong
 
Code of practice and glossary of terms
Code of practice and glossary of termsCode of practice and glossary of terms
Code of practice and glossary of terms
Friso de Jong
 
E invoicing action plan, state of play
E invoicing action plan, state of playE invoicing action plan, state of play
E invoicing action plan, state of play
Friso de Jong
 
Telework In The European Union
Telework In The European UnionTelework In The European Union
Telework In The European Union
guest499e380
 
Presentation on PTCL
Presentation on PTCLPresentation on PTCL
Presentation on PTCL
Hammad Latif
 
Municipal Open Access Networks
Municipal Open Access NetworksMunicipal Open Access Networks
Municipal Open Access Networks
Inphotonics Research
 
Guide to URDG 758
Guide to URDG 758Guide to URDG 758
Guide to URDG 758
The Benche
 
e-SENS D3.6 Scenarios for governance models on short medium and long term_v1
e-SENS D3.6 Scenarios for governance models on short medium and long term_v1e-SENS D3.6 Scenarios for governance models on short medium and long term_v1
e-SENS D3.6 Scenarios for governance models on short medium and long term_v1
Monica ANGHEL
 
Stork Deliverable D7.3 List Of Commission A2 A Services Of Common Interest
Stork Deliverable D7.3 List Of Commission A2 A Services Of Common InterestStork Deliverable D7.3 List Of Commission A2 A Services Of Common Interest
Stork Deliverable D7.3 List Of Commission A2 A Services Of Common Interest
Friso de Jong
 
Smartcard Helsinki Public ID conference
Smartcard Helsinki Public ID conferenceSmartcard Helsinki Public ID conference
Smartcard Helsinki Public ID conference
Filipe Mello
 
Trade Digitalisation - Trade Trust
Trade Digitalisation - Trade TrustTrade Digitalisation - Trade Trust
Trade Digitalisation - Trade Trust
ssuserab62ef
 
Data policy and management plan (First version)
Data policy and management plan (First version)Data policy and management plan (First version)
Data policy and management plan (First version)
OlgaRodrguezLargo
 
PhD_Thesis
PhD_ThesisPhD_Thesis
PhD_Thesis
Dalibor Uhlir
 
SPOCS Presentation EEMA Conference London June 2010
SPOCS Presentation EEMA Conference London June 2010SPOCS Presentation EEMA Conference London June 2010
SPOCS Presentation EEMA Conference London June 2010
Dinand Tinholt
 
Using eID for business startup in Europe
Using eID for business startup in EuropeUsing eID for business startup in Europe
Using eID for business startup in Europe
Dinand Tinholt
 
Trackment
TrackmentTrackment
Trackment
meaannn
 
3D-ICONS - D7.2: Report on IPR Scheme
3D-ICONS - D7.2: Report on IPR Scheme3D-ICONS - D7.2: Report on IPR Scheme
3D-ICONS - D7.2: Report on IPR Scheme
3D ICONS Project
 
ICT349RDines31510992Assign1ResearchEssay
ICT349RDines31510992Assign1ResearchEssayICT349RDines31510992Assign1ResearchEssay
ICT349RDines31510992Assign1ResearchEssay
Rod Dines
 
NCA-#1985747-v3B-ARCHIVE_Memorundum_of_Understanding_Core_vs_non-core
NCA-#1985747-v3B-ARCHIVE_Memorundum_of_Understanding_Core_vs_non-coreNCA-#1985747-v3B-ARCHIVE_Memorundum_of_Understanding_Core_vs_non-core
NCA-#1985747-v3B-ARCHIVE_Memorundum_of_Understanding_Core_vs_non-core
Mikaël Meyer, BAA, MSc, ITIL, COBIT
 
IRJET-Securing Electronic Health Records using Blockchain
IRJET-Securing Electronic Health Records using BlockchainIRJET-Securing Electronic Health Records using Blockchain
IRJET-Securing Electronic Health Records using Blockchain
IRJET Journal
 
Sosialisasi BI-RTGS & BI-SSSS Gen II - 10 November 2011.pptx
Sosialisasi BI-RTGS & BI-SSSS Gen II - 10 November 2011.pptxSosialisasi BI-RTGS & BI-SSSS Gen II - 10 November 2011.pptx
Sosialisasi BI-RTGS & BI-SSSS Gen II - 10 November 2011.pptx
SambalIstigfar
 
Overview of the Federal Hazardous Waste Electronic Manifest Rule
Overview of the Federal Hazardous Waste Electronic Manifest RuleOverview of the Federal Hazardous Waste Electronic Manifest Rule
Overview of the Federal Hazardous Waste Electronic Manifest Rule
All4 Inc.
 
2015-0318 GAC Presentation - BCR - 05052015
2015-0318 GAC Presentation - BCR - 050520152015-0318 GAC Presentation - BCR - 05052015
2015-0318 GAC Presentation - BCR - 05052015
Jan Dhont
 

Contenu connexe

Tendances

Code of practice and glossary of terms
Code of practice and glossary of termsCode of practice and glossary of terms
Code of practice and glossary of terms
Friso de Jong
 
E invoicing action plan, state of play
E invoicing action plan, state of playE invoicing action plan, state of play
E invoicing action plan, state of play
Friso de Jong
 
Telework In The European Union
Telework In The European UnionTelework In The European Union
Telework In The European Union
guest499e380
 

Tendances (6)

Code of practice and glossary of terms
Code of practice and glossary of termsCode of practice and glossary of terms
Code of practice and glossary of terms
 
E invoicing action plan, state of play
E invoicing action plan, state of playE invoicing action plan, state of play
E invoicing action plan, state of play
 
Telework In The European Union
Telework In The European UnionTelework In The European Union
Telework In The European Union
 
Presentation on PTCL
Presentation on PTCLPresentation on PTCL
Presentation on PTCL
 
Municipal Open Access Networks
Municipal Open Access NetworksMunicipal Open Access Networks
Municipal Open Access Networks
 
Guide to URDG 758
Guide to URDG 758Guide to URDG 758
Guide to URDG 758
 

Similaire à Stork Deliverable D4.1 Interim Report On E Id Process Flows

e-SENS D3.6 Scenarios for governance models on short medium and long term_v1
e-SENS D3.6 Scenarios for governance models on short medium and long term_v1e-SENS D3.6 Scenarios for governance models on short medium and long term_v1
e-SENS D3.6 Scenarios for governance models on short medium and long term_v1
Monica ANGHEL
 
Stork Deliverable D7.3 List Of Commission A2 A Services Of Common Interest
Stork Deliverable D7.3 List Of Commission A2 A Services Of Common InterestStork Deliverable D7.3 List Of Commission A2 A Services Of Common Interest
Stork Deliverable D7.3 List Of Commission A2 A Services Of Common Interest
Friso de Jong
 
ICT349RDines31510992Assign1ResearchEssay
ICT349RDines31510992Assign1ResearchEssayICT349RDines31510992Assign1ResearchEssay
ICT349RDines31510992Assign1ResearchEssay
Rod Dines
 
NCA-#1985747-v3B-ARCHIVE_Memorundum_of_Understanding_Core_vs_non-core
NCA-#1985747-v3B-ARCHIVE_Memorundum_of_Understanding_Core_vs_non-coreNCA-#1985747-v3B-ARCHIVE_Memorundum_of_Understanding_Core_vs_non-core
NCA-#1985747-v3B-ARCHIVE_Memorundum_of_Understanding_Core_vs_non-core
Mikaël Meyer, BAA, MSc, ITIL, COBIT
 
2015-0318 GAC Presentation - BCR - 05052015
2015-0318 GAC Presentation - BCR - 050520152015-0318 GAC Presentation - BCR - 05052015
2015-0318 GAC Presentation - BCR - 05052015
Jan Dhont
 
D7.2 Data Deployment Stage 1
D7.2 Data Deployment Stage 1D7.2 Data Deployment Stage 1
D7.2 Data Deployment Stage 1
plan4all
 

Similaire à Stork Deliverable D4.1 Interim Report On E Id Process Flows (20)

e-SENS D3.6 Scenarios for governance models on short medium and long term_v1
e-SENS D3.6 Scenarios for governance models on short medium and long term_v1e-SENS D3.6 Scenarios for governance models on short medium and long term_v1
e-SENS D3.6 Scenarios for governance models on short medium and long term_v1
 
Stork Deliverable D7.3 List Of Commission A2 A Services Of Common Interest
Stork Deliverable D7.3 List Of Commission A2 A Services Of Common InterestStork Deliverable D7.3 List Of Commission A2 A Services Of Common Interest
Stork Deliverable D7.3 List Of Commission A2 A Services Of Common Interest
 
Smartcard Helsinki Public ID conference
Smartcard Helsinki Public ID conferenceSmartcard Helsinki Public ID conference
Smartcard Helsinki Public ID conference
 
Trade Digitalisation - Trade Trust
Trade Digitalisation - Trade TrustTrade Digitalisation - Trade Trust
Trade Digitalisation - Trade Trust
 
Data policy and management plan (First version)
Data policy and management plan (First version)Data policy and management plan (First version)
Data policy and management plan (First version)
 
PhD_Thesis
PhD_ThesisPhD_Thesis
PhD_Thesis
 
SPOCS Presentation EEMA Conference London June 2010
SPOCS Presentation EEMA Conference London June 2010SPOCS Presentation EEMA Conference London June 2010
SPOCS Presentation EEMA Conference London June 2010
 
Using eID for business startup in Europe
Using eID for business startup in EuropeUsing eID for business startup in Europe
Using eID for business startup in Europe
 
Trackment
TrackmentTrackment
Trackment
 
3D-ICONS - D7.2: Report on IPR Scheme
3D-ICONS - D7.2: Report on IPR Scheme3D-ICONS - D7.2: Report on IPR Scheme
3D-ICONS - D7.2: Report on IPR Scheme
 
ICT349RDines31510992Assign1ResearchEssay
ICT349RDines31510992Assign1ResearchEssayICT349RDines31510992Assign1ResearchEssay
ICT349RDines31510992Assign1ResearchEssay
 
NCA-#1985747-v3B-ARCHIVE_Memorundum_of_Understanding_Core_vs_non-core
NCA-#1985747-v3B-ARCHIVE_Memorundum_of_Understanding_Core_vs_non-coreNCA-#1985747-v3B-ARCHIVE_Memorundum_of_Understanding_Core_vs_non-core
NCA-#1985747-v3B-ARCHIVE_Memorundum_of_Understanding_Core_vs_non-core
 
IRJET-Securing Electronic Health Records using Blockchain
IRJET-Securing Electronic Health Records using BlockchainIRJET-Securing Electronic Health Records using Blockchain
IRJET-Securing Electronic Health Records using Blockchain
 
Sosialisasi BI-RTGS & BI-SSSS Gen II - 10 November 2011.pptx
Sosialisasi BI-RTGS & BI-SSSS Gen II - 10 November 2011.pptxSosialisasi BI-RTGS & BI-SSSS Gen II - 10 November 2011.pptx
Sosialisasi BI-RTGS & BI-SSSS Gen II - 10 November 2011.pptx
 
Overview of the Federal Hazardous Waste Electronic Manifest Rule
Overview of the Federal Hazardous Waste Electronic Manifest RuleOverview of the Federal Hazardous Waste Electronic Manifest Rule
Overview of the Federal Hazardous Waste Electronic Manifest Rule
 
2015-0318 GAC Presentation - BCR - 05052015
2015-0318 GAC Presentation - BCR - 050520152015-0318 GAC Presentation - BCR - 05052015
2015-0318 GAC Presentation - BCR - 05052015
 
D7.2 Data Deployment Stage 1
D7.2 Data Deployment Stage 1D7.2 Data Deployment Stage 1
D7.2 Data Deployment Stage 1
 
User Documentation Verification Portal
User Documentation Verification PortalUser Documentation Verification Portal
User Documentation Verification Portal
 
EMI-DNA1.2.1-1277517-SLA_Template-v0.6.doc
EMI-DNA1.2.1-1277517-SLA_Template-v0.6.docEMI-DNA1.2.1-1277517-SLA_Template-v0.6.doc
EMI-DNA1.2.1-1277517-SLA_Template-v0.6.doc
 
Isa programme 2014 - guidelines for public administrations on e-document en...
Isa programme 2014 - guidelines for public administrations on e-document en...Isa programme 2014 - guidelines for public administrations on e-document en...
Isa programme 2014 - guidelines for public administrations on e-document en...
 

Plus de Friso de Jong

E-invoicing Yearbook 2017 - Q1
E-invoicing Yearbook 2017 - Q1E-invoicing Yearbook 2017 - Q1
E-invoicing Yearbook 2017 - Q1
Friso de Jong
 
Elektronische facturatie binnen heineken
Elektronische facturatie binnen heineken Elektronische facturatie binnen heineken
Elektronische facturatie binnen heineken
Friso de Jong
 
Electronic invoice processes in europe and enablement of sm es to use them ef...
Electronic invoice processes in europe and enablement of sm es to use them ef...Electronic invoice processes in europe and enablement of sm es to use them ef...
Electronic invoice processes in europe and enablement of sm es to use them ef...
Friso de Jong
 
Demonstration compliance toolbox
Demonstration compliance toolboxDemonstration compliance toolbox
Demonstration compliance toolbox
Friso de Jong
 
Cwa sustainable compliance guidelines
Cwa sustainable compliance guidelinesCwa sustainable compliance guidelines
Cwa sustainable compliance guidelines
Friso de Jong
 
Awareness and promotion of electronic e invoicing
Awareness and promotion of electronic e invoicingAwareness and promotion of electronic e invoicing
Awareness and promotion of electronic e invoicing
Friso de Jong
 
Agenda workshop electronic invoices, phase 3
Agenda workshop electronic invoices, phase 3Agenda workshop electronic invoices, phase 3
Agenda workshop electronic invoices, phase 3
Friso de Jong
 
E invoicing as accelerator for cross-industry edi
E invoicing as accelerator for cross-industry ediE invoicing as accelerator for cross-industry edi
E invoicing as accelerator for cross-industry edi
Friso de Jong
 
Wetsvoorstel implementatie richtlijn factureringsregels
Wetsvoorstel implementatie richtlijn factureringsregelsWetsvoorstel implementatie richtlijn factureringsregels
Wetsvoorstel implementatie richtlijn factureringsregels
Friso de Jong
 
Nader rapport implementatie richtlijn factureringsregels
Nader rapport implementatie richtlijn factureringsregelsNader rapport implementatie richtlijn factureringsregels
Nader rapport implementatie richtlijn factureringsregels
Friso de Jong
 
Memorie van toelichting implementatie richtlijn factureringsregels
Memorie van toelichting implementatie richtlijn factureringsregelsMemorie van toelichting implementatie richtlijn factureringsregels
Memorie van toelichting implementatie richtlijn factureringsregels
Friso de Jong
 
Advies raad van state implementatie richtlijn factureringsregels
Advies raad van state implementatie richtlijn factureringsregelsAdvies raad van state implementatie richtlijn factureringsregels
Advies raad van state implementatie richtlijn factureringsregels
Friso de Jong
 
Ricoh case carante group sep 2011
Ricoh case carante group sep 2011Ricoh case carante group sep 2011
Ricoh case carante group sep 2011
Friso de Jong
 
Rules of procedure of the european multi stakeholder forum on electronic invo...
Rules of procedure of the european multi stakeholder forum on electronic invo...Rules of procedure of the european multi stakeholder forum on electronic invo...
Rules of procedure of the european multi stakeholder forum on electronic invo...
Friso de Jong
 
Proposal for a work programme of the european multi stakeholder forum on e-in...
Proposal for a work programme of the european multi stakeholder forum on e-in...Proposal for a work programme of the european multi stakeholder forum on e-in...
Proposal for a work programme of the european multi stakeholder forum on e-in...
Friso de Jong
 
Fundtech white paper, e invoicing provides new avenues for credit
Fundtech white paper, e invoicing provides new avenues for creditFundtech white paper, e invoicing provides new avenues for credit
Fundtech white paper, e invoicing provides new avenues for credit
Friso de Jong
 
Quadira, e invoicing, digital signatures and document archiving
Quadira, e invoicing, digital signatures and document archivingQuadira, e invoicing, digital signatures and document archiving
Quadira, e invoicing, digital signatures and document archiving
Friso de Jong
 
Ketenmaatregelen in de ict branche: Case 1 - E-factureren
Ketenmaatregelen in de ict branche: Case 1 - E-facturerenKetenmaatregelen in de ict branche: Case 1 - E-factureren
Ketenmaatregelen in de ict branche: Case 1 - E-factureren
Friso de Jong
 
Efficient versturen van e-facturen met Ricoh
Efficient versturen van e-facturen met RicohEfficient versturen van e-facturen met Ricoh
Efficient versturen van e-facturen met Ricoh
Friso de Jong
 

Plus de Friso de Jong (20)

E-invoicing Yearbook 2017 - Q1
E-invoicing Yearbook 2017 - Q1E-invoicing Yearbook 2017 - Q1
E-invoicing Yearbook 2017 - Q1
 
Elektronische facturatie binnen heineken
Elektronische facturatie binnen heineken Elektronische facturatie binnen heineken
Elektronische facturatie binnen heineken
 
Electronic invoice processes in europe and enablement of sm es to use them ef...
Electronic invoice processes in europe and enablement of sm es to use them ef...Electronic invoice processes in europe and enablement of sm es to use them ef...
Electronic invoice processes in europe and enablement of sm es to use them ef...
 
Demonstration compliance toolbox
Demonstration compliance toolboxDemonstration compliance toolbox
Demonstration compliance toolbox
 
Cwa sustainable compliance guidelines
Cwa sustainable compliance guidelinesCwa sustainable compliance guidelines
Cwa sustainable compliance guidelines
 
Awareness and promotion of electronic e invoicing
Awareness and promotion of electronic e invoicingAwareness and promotion of electronic e invoicing
Awareness and promotion of electronic e invoicing
 
Agenda workshop electronic invoices, phase 3
Agenda workshop electronic invoices, phase 3Agenda workshop electronic invoices, phase 3
Agenda workshop electronic invoices, phase 3
 
E invoicing as accelerator for cross-industry edi
E invoicing as accelerator for cross-industry ediE invoicing as accelerator for cross-industry edi
E invoicing as accelerator for cross-industry edi
 
Tax-compliant global electronic invoice lifecycle management
Tax-compliant global electronic invoice lifecycle managementTax-compliant global electronic invoice lifecycle management
Tax-compliant global electronic invoice lifecycle management
 
Wetsvoorstel implementatie richtlijn factureringsregels
Wetsvoorstel implementatie richtlijn factureringsregelsWetsvoorstel implementatie richtlijn factureringsregels
Wetsvoorstel implementatie richtlijn factureringsregels
 
Nader rapport implementatie richtlijn factureringsregels
Nader rapport implementatie richtlijn factureringsregelsNader rapport implementatie richtlijn factureringsregels
Nader rapport implementatie richtlijn factureringsregels
 
Memorie van toelichting implementatie richtlijn factureringsregels
Memorie van toelichting implementatie richtlijn factureringsregelsMemorie van toelichting implementatie richtlijn factureringsregels
Memorie van toelichting implementatie richtlijn factureringsregels
 
Advies raad van state implementatie richtlijn factureringsregels
Advies raad van state implementatie richtlijn factureringsregelsAdvies raad van state implementatie richtlijn factureringsregels
Advies raad van state implementatie richtlijn factureringsregels
 
Ricoh case carante group sep 2011
Ricoh case carante group sep 2011Ricoh case carante group sep 2011
Ricoh case carante group sep 2011
 
Rules of procedure of the european multi stakeholder forum on electronic invo...
Rules of procedure of the european multi stakeholder forum on electronic invo...Rules of procedure of the european multi stakeholder forum on electronic invo...
Rules of procedure of the european multi stakeholder forum on electronic invo...
 
Proposal for a work programme of the european multi stakeholder forum on e-in...
Proposal for a work programme of the european multi stakeholder forum on e-in...Proposal for a work programme of the european multi stakeholder forum on e-in...
Proposal for a work programme of the european multi stakeholder forum on e-in...
 
Fundtech white paper, e invoicing provides new avenues for credit
Fundtech white paper, e invoicing provides new avenues for creditFundtech white paper, e invoicing provides new avenues for credit
Fundtech white paper, e invoicing provides new avenues for credit
 
Quadira, e invoicing, digital signatures and document archiving
Quadira, e invoicing, digital signatures and document archivingQuadira, e invoicing, digital signatures and document archiving
Quadira, e invoicing, digital signatures and document archiving
 
Ketenmaatregelen in de ict branche: Case 1 - E-factureren
Ketenmaatregelen in de ict branche: Case 1 - E-facturerenKetenmaatregelen in de ict branche: Case 1 - E-factureren
Ketenmaatregelen in de ict branche: Case 1 - E-factureren
 
Efficient versturen van e-facturen met Ricoh
Efficient versturen van e-facturen met RicohEfficient versturen van e-facturen met Ricoh
Efficient versturen van e-facturen met Ricoh
 

Dernier

Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al MizharAl Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
allensay1
 
Nashik Call Girl Just Call 7091819311 Top Class Call Girl Service Available
Nashik Call Girl Just Call 7091819311 Top Class Call Girl Service AvailableNashik Call Girl Just Call 7091819311 Top Class Call Girl Service Available
Nashik Call Girl Just Call 7091819311 Top Class Call Girl Service Available
pr788182
 
Pre Engineered Building Manufacturers Hyderabad.pptx
Pre Engineered Building Manufacturers Hyderabad.pptxPre Engineered Building Manufacturers Hyderabad.pptx
Pre Engineered Building Manufacturers Hyderabad.pptx
Roofing Contractor
 
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
daisycvs
 
Challenges and Opportunities: A Qualitative Study on Tax Compliance in Pakistan
Challenges and Opportunities: A Qualitative Study on Tax Compliance in PakistanChallenges and Opportunities: A Qualitative Study on Tax Compliance in Pakistan
Challenges and Opportunities: A Qualitative Study on Tax Compliance in Pakistan
vineshkumarsajnani12
 
GUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book now
GUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book nowGUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book now
GUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book now
kapoorjyoti4444
 

Dernier (20)

WheelTug Short Pitch Deck 2024 | Byond Insights
WheelTug Short Pitch Deck 2024 | Byond InsightsWheelTug Short Pitch Deck 2024 | Byond Insights
WheelTug Short Pitch Deck 2024 | Byond Insights
 
Arti Languages Pre Seed Teaser Deck 2024.pdf
Arti Languages Pre Seed Teaser Deck 2024.pdfArti Languages Pre Seed Teaser Deck 2024.pdf
Arti Languages Pre Seed Teaser Deck 2024.pdf
 
Putting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptxPutting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptx
 
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al MizharAl Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
 
Organizational Transformation Lead with Culture
Organizational Transformation Lead with CultureOrganizational Transformation Lead with Culture
Organizational Transformation Lead with Culture
 
Getting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAI
Getting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAIGetting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAI
Getting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAI
 
Nashik Call Girl Just Call 7091819311 Top Class Call Girl Service Available
Nashik Call Girl Just Call 7091819311 Top Class Call Girl Service AvailableNashik Call Girl Just Call 7091819311 Top Class Call Girl Service Available
Nashik Call Girl Just Call 7091819311 Top Class Call Girl Service Available
 
Pre Engineered Building Manufacturers Hyderabad.pptx
Pre Engineered Building Manufacturers Hyderabad.pptxPre Engineered Building Manufacturers Hyderabad.pptx
Pre Engineered Building Manufacturers Hyderabad.pptx
 
Buy gmail accounts.pdf buy Old Gmail Accounts
Buy gmail accounts.pdf buy Old Gmail AccountsBuy gmail accounts.pdf buy Old Gmail Accounts
Buy gmail accounts.pdf buy Old Gmail Accounts
 
Kalyan Call Girl 98350*37198 Call Girls in Escort service book now
Kalyan Call Girl 98350*37198 Call Girls in Escort service book nowKalyan Call Girl 98350*37198 Call Girls in Escort service book now
Kalyan Call Girl 98350*37198 Call Girls in Escort service book now
 
Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1
 
New 2024 Cannabis Edibles Investor Pitch Deck Template
New 2024 Cannabis Edibles Investor Pitch Deck TemplateNew 2024 Cannabis Edibles Investor Pitch Deck Template
New 2024 Cannabis Edibles Investor Pitch Deck Template
 
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
 
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
 
Challenges and Opportunities: A Qualitative Study on Tax Compliance in Pakistan
Challenges and Opportunities: A Qualitative Study on Tax Compliance in PakistanChallenges and Opportunities: A Qualitative Study on Tax Compliance in Pakistan
Challenges and Opportunities: A Qualitative Study on Tax Compliance in Pakistan
 
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...
 
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
 
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfDr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
 
GUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book now
GUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book nowGUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book now
GUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book now
 
PHX May 2024 Corporate Presentation Final
PHX May 2024 Corporate Presentation FinalPHX May 2024 Corporate Presentation Final
PHX May 2024 Corporate Presentation Final
 

Stork Deliverable D4.1 Interim Report On E Id Process Flows

  • 1. COMPETITIVENESS AND INNOVATION FRAMEWORK PROGRAMME ICT Policy Support Programme (ICT PSP) Towards pan-European recognition of electronic IDs (eIDs) ICT PSP call identifier: ICT-PSP/2007/1 ICT PSP Theme/objective identifier: 1.2 Project acronym: STORK Project full title: Secure Identity Across Borders Linked Grant agreement no.: 224993 D4.1 Interim Report on eID Process Flows Deliverable Id : D4.1 Deliverable Name : Interim Report on eID Process Flows Status : Final Dissemination Level : Public Due date of deliverable : M8 Actual submission date : 03/03/2009 Work Package : 4 Organisation name of lead contractor for UK IPS this deliverable : Author(s): Neil Clowes and Jim Purves UK, SI, EE, ES. Other member states have contributed Partner(s) contributing : through providing legal and other contextual information and through review Abstract: This document provides an overview of the current process flows that will be the input for the pilots. Project funded by the European Community under the ICT Policy Support Programme  Copyright by the STORK-eID Consortium
  • 2. D4.1 Interim Report on eID Process Flows 03/03/2009 History Version Date Modification reason Modified by 1.0 13/01/2009 Draft document Neil Clowes and Jim Purves (UK IPS) 2.0 20/02/2009 Updating Davorka Sel (SI MPA) 3.0 03/03/2009 Last editing Neil Clowes  STORK-eID Consortium Page 2 of 18
  • 3. D4.1 Interim Report on eID Process Flows 03/03/2009 Table of contents HISTORY........................................................................................................................................ 2 TABLE OF CONTENTS ............................................................................................................... 3 1 EXECUTIVE SUMMARY ................................................................................................... 4 2 PROCESS FLOWS ............................................................................................................... 5 3 LEGAL QUESTIONS TO MEMBER STATES................................................................. 9 3.1 FIRST SET OF LEGAL QUESTIONS ..................................................................................... 9 3.2 SECOND SET OF LEGAL QUESTIONS ............................................................................... 10 4 PROJECT PLAN ................................................................................................................. 18  STORK-eID Consortium Page 3 of 18
  • 4. D4.1 Interim Report on eID Process Flows 03/03/2009 1 Executive Summary For successful completion of deliverable 4.1, it is necessary that the legal and trust environments are understood as well as the technical and non-technical interactions. It is only possible to carry out cross border service transactions if the IT architecture can operate legally in all the member states applying it and convey with it confidence in the identity of the user notwithstanding technical interoperability. In the early stages of the work the focus was on understanding each action, who would carry them out and in what sequence. Exchanges of e-mails, meetings and workshops acted to clarify thinking and drive forward emerging solutions for further exploration. As the discussions broadened out to encompass more stakeholders it soon became apparent that data protection legislation rendered some potential solutions impractical and not legal. The work also identified that the legal concept of vires would play an important part even in a customer centric solution. In order to ensure the legal environment within each member state as regards STORK was understood in developing the process flows the initial questionnaire shown below was sent out on 3 December. Further questions which needed to be answered were identified at a further workshop and a second questionnaire sent out on 23 December. As the questionnaire explains, it is important to determine what legal issues may affect the proposed interactions and transactions, described for the pilots, involving personal data held on government or private databases within the Member State. It is important to determine what legal issues may affect the proposed interactions and transactions because the pilots will involve real personal data held on government or private databases within the member state. The responses have enabled further development of the process flows and the current process flows are shown below. They represent the current physical manifestation of the final deliverable for this Work package but are still being discussed and reviewed. There is currently significant discussion going on about the eSignature process flow. This is due to be resolved over the course of the next month.  STORK-eID Consortium Page 4 of 18
  • 5. D4.1 Interim Report on eID Process Flows 03/03/2009 2 Process Flows The following diagrams show the process flows that have been delivered to date. These are still draft and are under review by the Member States. Figure 1 presents process flow for cross border authentication where service provider (SP) country and identity provider (IDP) country use PEPS approach. The whole authentication process is split into three phases being service selection phase, identification phase, and assertion validation and login phase. The division into three phases is important as they can be also parts of other processes, such as for example user registration process. In the continuation the description of the authentication process flow as presented in Figure 1 is given. Let us suppose that the service is provided by MS B. The user starts the authentication process by selecting to authenticate with the SP. SP sends the request for authentication and the information of the QAA level that it requires to MS B PEPS to proceed with the authentication of the user. The MS B PEPS then ask the user which MS issued the eID he is planning to use for the authentication and provides a list of MS. The user selects from the list the MS which eID he/she plans to use. According to the user selection of the MS the request for authentication and required QAA level of the service are sent from MS B PEPS to MS A PEPS (the latest being MS which was selected by the user). The MS A PEPS then provides the user with a list of eIDs that are suitable for the authentication as they satisfy condition of required QAA level. The user selects eID he/she wants to authenticate with. The validation of the provided eID is then carried out based on MS A specific interaction with the user. Upon successful validation of the eID, MS A PEPS creates assertion with the authentication statement and a unique, minimum, persistent representation of the user’s identity and sends this assertion to MS B PEPS. The latter first validates received assertion. Conversion of the received assertion and transmission of received data to SP is carried out according to MS B procedure. The user is finally authenticated with the MS B SP and can proceed with the use of service.  STORK-eID Consortium Page 5 of 18
  • 6. D4.1 Interim Report on eID Process Flows 03/03/2009 Figure 2 presents MS specific validation of the user’s eID as mentioned in the description of Figure 1. There are at least two options for validation, as presented in Figure 2. In the first option the user selects from the list provided by MS A PEPS for authentication for example digital certificate. MS A PEPS forwards request for the validation of the certificate to the IDP which has issued the certificate. In the second case the user select eID from the list that is provided by MS A PEPS, according to the selection the user receives the request for authentication directly from the IDP (for example to enter user name and password). Upon entering user name/password the identity is validates at IDP. Figure 3 presents process flow for cross border authentication where the user wants to authenticate with the smart card and SP country uses PEPS approach. Again the authentication process flow is divided into three phase, the same as presented in Figure 1. The user starts the authentication process by selecting to authenticate with the SP provided by MS B. SP sends the request for authentication and the information of the QAA level that it requires to MS B PEPS. The MS B PEPS then asks the user which MS issued the eID he is planning to use for the authentication and provides a list of MS. The user selects from the list the MS which eID he/she plans to use. According to the user selection of the MS the request for authentication and required QAA level of the service are passed to Virtual IDP of the MS selected by the user (let us suppose this is MS A). Note that Virtual IDP of MS A is hosted by MS B. Virtual IDP checks if the eID (smart card) of MS A satisfies the QAA level required by SP. If yes, the authentication request is redirected from MS A Virtual IDP to MS A middleware, which ask the user to provide the token. This is followed by the MS specific interaction with the user needed for validation of provided eID. If the validation is successful, Virtual IDP creates assertion with the authentication statement which is then sent to MS B PEPS. The latter first validates received assertion. Conversion of the received assertion and transmission of received data to SP is then carried out  STORK-eID Consortium Page 6 of 18
  • 7. D4.1 Interim Report on eID Process Flows 03/03/2009 according to MS B procedure. The user is finally authenticated with the MS B SP and can proceed with the use of service.  STORK-eID Consortium Page 7 of 18
  • 8. D4.1 Interim Report on eID Process Flows 03/03/2009  STORK-eID Consortium Page 8 of 18
  • 9. D4.1 Interim Report on eID Process Flows 03/03/2009 3 Legal Questions to Member States Two sets of legal questions were sent to the suppliers: These can be seen below: 3.1 First set of legal questions Q1: Is the administration that is the data controller, within the context of the STORK pilots, legally allowed to share data with a third party across borders with user consent? Q2: For the service provider, what obligations are there about data access by the subject to update, see, delete etc? What are the requirements relating to storage and destruction? What restrictions exist on subsequent use of the data? Does the data have to be deleted at the end of the pilot? Q3: In the case of the unique identifying number, what is the answer to the same questions in Q.2 above? Q4: Within the same Member State, where a computer server containing the relevant information is run by a separate organization to the authority who needs to confirm the identity information given, can that authority access the data for the use of a cross border service? Q5: What legal restrictions, if any, relate solely to the electronic component of sending data from one Member State to another? Q6: Is there a difference if the control of the electronic transfer of data is run by the private sector? Q7: Is the administration that is the data controller, within the context of the STORK pilots, legally allowed to share data across borders without user consent? Q8: What are the specifics involved in providing informed consent? Q9: Is there a legal difference between a person having control of the data during the transactions envisaged in the pilot and the subject giving consent to the transfer of data but not having control over the transaction?  STORK-eID Consortium Page 9 of 18
  • 10. D4.1 Interim Report on eID Process Flows 03/03/2009 Q10: Can a user give consent or be said to be in control if they cannot read the data in question because it is encrypted? Q11: Is the answer to the above question different if there is a simultaneous sending to the user in plain text with a statement that this is the same information as placed within the encryption? 3.2 Second set of legal questions Item Question Authentic The identity of the controller has to be specified, as well as the purposes for the data source principle collection (articles 6 and 10, DPD). Data minimisation has to be observed (art. 6) and data should be accurate and up to date. These requirements may be difficult to meet in cases where no direct access is available to reliable data sources (such as authentic registries). These mean a dataset that allows the data subject to be uniquely identified (i.e. an identifier). 1. Which attributes are controlled by the users on using their passwords or PINs? All data that are in the token Part of the data that are in the token They do not need any password or PIN: data are freely accessible. Other (mention it) eSignatures A certificate is an electronic attestation, which links signature-verification data to a person Directive & and confirms the identity of that person. "Qualified certificate" meets the requirements laid Credentials down in Annex I of eSignature Directive and is provided by a certification-service-provider who fulfils the requirements laid down in Annex II of the Directive. By definition, authentication certificates, can be used to authenticate the holder (confirm the identity); because qualified certificates are issued (involving face-to-face verification procedures of the claimant/citizen) and verified in a more tightly controlled process than for other (advanced) certificates as outlined in Directive Annexes: the proof is stronger (assurance level is higher). Member states may also determine for which purpose a particular certificate may be used. Most differentiate between the authentication certificate and the non-repudiation digital signature and consider it undesirable that the authentication certificate is used for signature purposes and vice versa... It is up to the individual member states to determine whether they accredit certification-service providers and give them the right to issue qualified certificates and whether their eIDs make use of qualified certificates or other certificates.  STORK-eID Consortium Page 10 of 18
  • 11. D4.1 Interim Report on eID Process Flows 03/03/2009 Item Question The basic legal effects of these QC's is handled by the e-signature Directive and its transposition in national legislation. The liability in the case of Qualified certificates rests on the CA (but also certain limitations.) that issued the certificate, whereas this is more complicated for non qualified certification-service providers. These are likely to have provisions (waiving) regarding their liability in their terms of service. Because there are potentially, many certification-service providers this may lead to a complicated mesh of different liability regimes. 2. In your country, which is more formal from the legal point of view to verify a private person identity? Using a authentication QC Using a signing QC Both have the same legal validity. Other (mention it) Privacy Applications Services should Yield indispensable data than is strictly necessary for the Directive purposes of the application or service. 3. Has the user to sign an offline or online contract with the service provider for the pilots? Alternatively, the user has only to accept/disclaimer page in the website? Yes, online Yes, offline No, only an online disclaimer No, only an offline disclaimer Do not known Other (mention it) 4. With informed user consent, are identification data attributes collected to the minimum necessary (adequate, relevant and non-excessive)? Yes, only what we need No, we get more data than are usually need No, only an online disclaimer No, only an offline disclaimer Do not known Other (mention it)  STORK-eID Consortium Page 11 of 18
  • 12. D4.1 Interim Report on eID Process Flows 03/03/2009 Item Question 5. Has been the data acquisition process checked to confirm the previous affirmative answer? Yes No Do not known Other (mention it) 6. Do the Directive implementation or any MS law (National Register Acts, Identity Card Acts, eGovernment Acts, and so forth) restrict the use of identifiers (numeric or data attributes combinations) to link it to the person? Yes, (mention it) No Do not known Other (mention it) 7. In case that linking identifiers to privates persons would be restricted, could they be used “virtual” identifiers? Yes No Do not known Other (mention it) Services The recent Services Directive of 12 December 2006 (to be transposed by the Member States Directive by 28 December 2009) might have effect on facilitating the interoperability of information Applicability to systems and use of procedures by electronic means between service providers. In some the issue of cases, relying parties may want to obtain more attributes from a claimant than present in the presented eID, or they may want to establish an attribute at a higher level of assurance identity than offered by the eID (e.g., the address, and even name, present on a smart card may be management outdated). In many of the member states studied, There are authentic registers that offer authorised entities access to authentic data pertaining to citizens. 8. Are there any eGov or private service implementation in your country for serving additional data not present in the eID? Yes, (mention it)  STORK-eID Consortium Page 12 of 18
  • 13. D4.1 Interim Report on eID Process Flows 03/03/2009 Item Question No Do not known Other (mention it) 9. If yes, could it be accessed (freely or on previous agreement) from any other MS? Yes No Do not known Other (mention it) Item Question Identifiers Authentication (identification process) has been defined above as ‘the corroboration of the claimed identity of an entity or of a set of its observed attributes’. A distinction should Identifiable therefore be made between two situations: data- identifiers 1. Authentication of the status: entity must have specific required quality, it is not in the surveyed necessary for an application to know who a specific entity is, exactly. The countries application determines the entity’s status, not his/her identity. 2. Authentication of the identity: application needs to authenticate the entity by determining his/her exact identity. Thus, authentication can sometimes be done by merely establishing a quality (case 1), or by determining the precise identity of an entity (case 2). In both cases, the final goal would obviously be served by presenting any and all attributes regarding a specific entity. By definition, determining an identity uniquely requires the use of a unique identifier. Understanding it as ‘an attribute or a set of attributes of an entity which uniquely identifies the entity within a certain context’. Identifiers reference to a unique object used by an entity to be uniquely represented within the specific context of the object; the validity of the identifier is limited to the entity and object lifecycle; examples are passport numbers, credit card numbers, identity card numbers, driver’s licence numbers; the validity of a identifier may depend on a number of factors (e.g., context, time. For pilots, it should be possible to create a new identifier on the basis of a national identifier by means of a one-way transformation function and use this new number as the identifier in the relying party's system. Presently, this is similar to how derived identifiers are created in some Member States. 10. Can unique identifiers or a set of identifying attributes data from foreign claimants be legally stored in eGovernment transaction process? Yes,  STORK-eID Consortium Page 13 of 18
  • 14. D4.1 Interim Report on eID Process Flows 03/03/2009 Item Question No, Do not known Other (mention it) Unambiguous User consent will not be too problematic when data is provided by the claimant directly consent of the (e.g., in an online form), or when data can be obtained from a certificate presented by the data subject claimant (for instance, taken from a certificate on a smart card inserted into a reader (the claimant). attached to the divide the claimant uses in the interaction). It becomes more complicated when the service provider (relying party) needs to obtain additional data, such as (certified) attributes and these can be, or even have to be obtained, from other sources than the user. In some cases, it may be possible, for instance, to collect the data from authentic registers in the claimant home member state. In these cases, also consent of the user may be required in order to make the processing legitimate. 11. What part of the current information of an eID can be use on electronic format directly by an application, through the owner consent? (to tick one or more as necessary, double-click and activate): All data in electronic format Part of the data in electronic format ( please, list them here) Only the data that can be read by humans on the support token None 12. In your country, online user consent for data contained on an eID is usually understood as: (to tick one or more as necessary, double-click and activate): Accessing user data (generally using PIN) and showing them to the user. Accessing user data (generally using PIN). There is NO need to show them to the user, it is supposed they what they are. User consent is granted through established online Policy, as user interacts with the site. . User consent is granted through a contract other (explain it in short) 13. Has the user available some other data in electronic format (from any public or private source) that may complement the one in the eID? (to tick one or more as necessary, double-click and activate):  STORK-eID Consortium Page 14 of 18
  • 15. D4.1 Interim Report on eID Process Flows 03/03/2009 Item Question Only public eGovernment Only private provider service Both kind of services Actually, There is no available service for the moment other (name it): 14. Is there a previous user consent explicitly established by any law or regulation or depends from the ad-hoc user consent (to tick one or more as necessary, double-click and activate): Previous legal user consent Previous contractual service user consent Ad-hoc ( user has to give consent every time) other (name it): Authentication Obviously, this issue is only relevant in the broader context of identity management, but not vs. Consent when examining the narrower issue of authentication as such. After all, authentication by definition will be initiated by the data subject himself/herself, so that the only issue of consent is the determination of the data set required for authentication purposes. 15. Usually, the user consent must be given unequivocally. When registering for using online services (public or private) the user consent is given implicitly or must be given explicitly (online agreement “accept”, physical legal contract etc..)? Usually, there is an online contract. Usually, there is an offline physical contract Usually, there is an accepting disclaimer notice There are not any online or offline notice do not known Other (mention it) Attribute data In some cases, relying parties may want to obtain more attributes from a claimant than source present in the presented eID, or they may want to establish an attribute at a higher level of assurance than offered by the eID (e.g., the address, and even name, present on a smart card may be outdated). In many of the member states studied there are registers that offer authorised entities access to authentic data pertaining to citizens.  STORK-eID Consortium Page 15 of 18
  • 16. D4.1 Interim Report on eID Process Flows 03/03/2009 Item Question 16. Does the nationality being obtained directly or with PIN from the eID by an application program (to tick one or more as necessary, double-click and activate): No, there is no nationality data No, nationality data is no machine-readable. It is “printed”. Yes, nationality data is accessible by program. 17. Which obligations and/or restrictions apply to updating, deleting storing, destructing etc…, for stored data from a service provider, controller or processor point of view? They are implemented as recommended from the DPD and grouped into security documents that need to fulfil the established conditions. Even, the can be reflected on contract. They are implemented as recommended from the DPD, but there is no formal document, as mentioned above, but they also may be reflected on contract. Security measures do not depend directly on DPD implementation other (explain it in short) Incident It seems reasonable that each participating member state should review their respective Handling legislations, because DPD transposition may arise some issues on incident handling: incident, notification and administration procedures should exist, and any incidences, that may affect the personal data, must be registered. Therefore, it is possible that cross- countries incidences must raise and the owners of the systems/files from the affected countries need to be aware. Perhaps, this foresees an international incident handling procedure that must be agreed on by all participating MS. 18. Is DPD transposition on your country aware of this responsibility for data controller? Yes No. do not know Other (mention it) 19. Does raise DPD transposition on your country the security need of an incident  STORK-eID Consortium Page 16 of 18
  • 17. D4.1 Interim Report on eID Process Flows 03/03/2009 Item Question handling procedure when data treatment for the data controller is done by a processor in other MS? Yes No. do not know Other (mention it) 20. Data transferring is between a controller and a processor depends on a contract. Is incident notification directly regulated by the contract or it depends on the DPD transposition implementation? Incident handling depends on only contract Incident handling depends on, both contract and DPD transposition Incident handling depends only contract DPD transposition do not know Other (mention it)  STORK-eID Consortium Page 17 of 18
  • 18. D4.1 Interim Report on eID Process Flows 03/03/2009 4 Project Plan  STORK-eID Consortium Page 18 of 18