The Dutch eNIK On Its Way Forward

The Dutch eNIK
on it’s way forward…

Workshop Belgian eID
Katholieke Universiteit Leuven
September 16, 2009
© TopForce B.V., Rotterdam www.topforce.com Elisabeth de Leeuw, September 2009 1
Objectives of the eNIK – to – be 1
Like passports, intended for use in public (G2C) and private (B2B, B2C)
domain
Though expected to be used mostly in private domain (by some of us)
The Dutch
1http://digitaalbestuur.nl/nieuws/vooral-privaat-gebruik-enik-als-hij-er-komt eNIK
Objectives
G2C (need doubted by government officials)

• access to personal records (health database)
• access to e-government
• electronic signature
B2B, B2C (need strongly felt by the market)

• access to workplace and tele working
• physical security
• access to schools and hospitals
• access to chat boxes
• car and video rentals
The Dutch
• identification for financial transactions eNIK
Introduction postponed
By decision of Staatsecretaris Bijleveld, Minister of the Interior and

Kingdom Relations d.d. 9 december 2008:
No short term need for High level DigID (read: eNIK)
• Needed only for Health Database

• No general need
The Dutch
eNIK
Context of the eNIK – to – be
eNIK is strongly linked to
• DigID
• Dutch Travel Documents
• Dutch Identity Documents
The Dutch
eNIK
Context: eNIK vs DigID
DigID – stands for Digital IDentity
• Shared between cooperating governmental agencies
• Digital authentication of person(s) who apply for a public

transaction service via internet
• Used in G2G, G2B, G2C
The Dutch
eNIK
• DigID security levels
1. High – qualified eSignature compliant with EU legislation
2. Medium – user name & password, SMS ticket /mobile phone
3. Basic – user name & password
• eNIK : High level DigID
The Dutch
eNIK
DigID
G2C
Level
High eNIK – level 3
Medium DigID - level 2 / 2+
Basic DigID - level 1 The Dutch

eNIK
Context:(e)NIK vs Dutch ID Documents
NIK: Travel Document

• Limited validity
NIK: Identity Document

• Just as passport, driving licence
• (To be) used in G2C, G2B, B2B, B2C
The Dutch
eNIK
Context: (e)NIK ~ Dutch Travel Document
• Passport
• NIK
The Dutch
eNIK
Context: (e)NIK ~ Dutch Passport
• High security level
• Compliant with
international travel
document legislation
The Dutch
September 2009 © TopForce B.V., Rotterdam eNIK
Context: (e)NIK ~ Dutch Passport
• Traveldocument, valid in 35 countries, mainly EC
• Each citizen legally entitled:
– Paspoortwet Artikel 16a - Iedere Nederlander die als ingezetene in

de basisadministratie persoonsgegevens van een gemeente is
ingeschreven, of die woonachtig is in een land waarvoor de
Nederlandse identiteitskaart geldig is, heeft binnen de grenzen van
deze wet bepaald, recht op verstrekking van een Nederlandse
identiteitskaart, geldig voor vijf jaren
The Dutch
eNIK
Current developments
• Passport
• ConsumentenID
• DigID level 2+
• eHerkenning
The Dutch
eNIK
Current development: passport
• Application of biometrics
• Face (26.08.2006)
• Fingerprint (21.09.2009)
The Dutch
• Storage of biometric features in public database eNIK
Current development: consumentenID
The Dutch
eNIK
Current development: consumentenID
Principles
• Open ID
• Single sign on (single authentication)
• Federation
• Low level of trust
• High participation
Initiators
• ecp.nl
• diginotar.nl
• holder.nl
The Dutch
• evidos.nl eNIK
Current development: DigID level 2+
DigID & SMS+

Validation of cell phone number at location of identity provider
• IDPa sends BSN to DigIDs

• DigIDs sends unique code to CPn and IDPa
• IDPe validates CPn in IDPa for Digid level 2+
The Dutch
IDPa = IDP application
IDPe = IDP employee
DigIDs = Digid server
CPn = Cell Phone number eNIK
Authentication for Health Database1:

a. Short term: DigID level 2+
b. Long term: eNIK
Sub a. DigID level 2+

• DigID & SMS+
Face-to-face authentication of cell phone number used to receive SMS tickets
• DigID & RTDA (Remote Travel Document Authentication)
Authentication by means of (e) travel documents
1 Beveiligingeisen ten aanzien van identificatie en authenticatie voor toegang

The Dutch
eNIK
zorgconsument tot het Elektronisch Patiëntendossier (EPD),
http://www.minvws.nl/includes/dl/openbestand.asp?File=/images/meva-
2899251b-_tcm19-176979.pdf

Sub a. DigID & RTDA

Authentication at website Health Database
• Automatic link from HDw to DigIDW

• Login at DigIDw level 2 (username, password, sms ticket)
• Read eTD
• travel document, chip inside, issue date > 26.08.2006, 100% proliferation > 26.08.2011
• Write eTD number and valid through date to DigIDw
• Authentication of eTD by DigIDw (BSN, eTD number, valid through date)
• DigIDw authenticates for DigID level 3
eTD = electronic Travel Document

The Dutch
HDw = Health Database Web Application
DigIDw = DigID Web Application
eNIK
Current development: eHerkenning
Primary goal: e-government G2B

access to public e-services
electronic signature, non-repudiation
Primary requirements: based on Bedrijvenregister (authentieke registratie)

compatible with infrastructures abroad
The Dutch
eNIK
Functions
• Authentication of a natural person (employee, civil servant)
• Authentication of a legal entity (company, public organisation)
• Authorization of a natural person representing a legal entity

(direct or by delegation)
The Dutch
eNIK
identity providers identity providers
Authorisations Authorisations
Organisations Organisations
The Dutch
eNIK
Services
Government Business

Functions
• Access / single sign on to public e-services
• Advanced and qualified electronic signatures in accordance with

EU legislation
• Management of entitlements
• Direct entitlements
• Delegated entitlements
The Dutch
• Assured time stamping
eNIK
Public private network
Multiple identity providers, multiple credentials

• From both public (Ministry of Finance) and private sector
(banking and finance, telecom)
• Both new and existing
Agreement on framework by the end of 2009

DigID
G2C G2B
Level
High eNIK – level 3 eHerkenning
Medium DigID - level 2 / 2+ eHerkenning
Basic DigID - level 1 eHerkenning The Dutch

eNIK
Framework: public private cooperation, mutual consultation
Public domain
• Launching customers: Antwoord voor Bedrijven (government
communications), de Belastingdienst (Tax Office), Kamer van Koophandel
(Chambers of Commerce)
• Early adopters: Kadaster (Land Register), UWV (Unemployment Benefits),
MinLNV (Ministry of Agriculture), SenterNovem (Innovation)
Private domain
• ECP- EPN
• Het CIO platform The Dutch
• VNO-NCW (Employers Federation)
• MKB Nederland (Small and Medium Enterprises)
eNIK
•© TopForce B.V., Rotterdam www.topforce.com Elisabeth de Leeuw, September 2009
Roles
• NP – Natural Person
• PR – PRivate party (companies and NGO's)
• PU – PUblic party: government organizations offering e-services
• IB – Identity Broker: connection between PR, PU and EB
• EB – Entitlement Broker: management and judgment of entitlements
• CI – Credential Issuer: issuing, management and verification of credentials
• R – Router: routing of requests from PR via EB to CI
Process sequence
• NP –> PR –> PU –> IB –> EB –> CI –> PU –> PR -> NP
The Dutch
eNIK
Considerations
• Complex, multi (3*n) parties1, multi solutions, distributed ownership
• Focus on government business case
• Mixed focus, on both legal entities and natural persons

• Authentication of natural persons
• Authorization legal entities
(represented by natural persons)
• Void: national eID (eNIK) for *2C postponed The Dutch

1 I.e. different instances of Services, Companies and Employees
eNIK
Considerations
• Secure life cycle management multiple credentials
• Private initiatives might weaken business case
• Public and private business cases not necessarily compatible (security and
validity of -, entitlement to credentials)
• Link between physical-, legal entity and credential
• Complex, distributed, multi party infrastructure The Dutch

• Régie eNIK
Summary
The principal Dutch travel document Paspoort (passport), and it's little brother Nederlandse
Identiteits Kaart or NIK, exist since the 19th century. For many years, the Dutch government has
been considering plans to turn the NIK into a so called eNIK, an electronic identity card, in order
to facilitate G2C and B2C transactions. However, no decision has been taken yet on the
introduction of the eNIK.
In this presentation, Elisabeth de Leeuw will outline the position of the eNIK-to-be in the future
public identity landscape. The eNIK is intended to fulfill the requirements of the Dutch Digital
Identity Scheme or Digid. Yet being a travel document, the eNIK has also to comply with laws
and regulations on travel documents. Differences in the business cases for travel documents and
electronic identity cards are a potential cause of frictions.
Meanwhile, as time passes by, the urge for electronic identities is still
growing and private initiatives are on their way, which may have an
impact on the role and position of the eNIK-to-be.
The Dutch
eNIK
The Dutch eNIK
Thank you for listening!

The Dutch eNIK On Its Way Forward

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

The Dutch eNIK On Its Way Forward

Hochgeladen von

Copyright:

Verfügbare Formate

The Dutch eNIK

on it’s way forward…

Though expected to be used mostly in private domain (by some of us)

G2C (need doubted by government officials)

B2B, B2C (need strongly felt by the market)

By decision of Staatsecretaris Bijleveld, Minister of the Interior and

No short term need for High level DigID (read: eNIK)

• Needed only for Health Database

eNIK is strongly linked to

• Dutch Travel Documents

• Dutch Identity Documents

DigID – stands for Digital IDentity

• Shared between cooperating governmental agencies

• Digital authentication of person(s) who apply for a public

• Used in G2G, G2B, G2C

• DigID security levels

1. High – qualified eSignature compliant with EU legislation

2. Medium – user name & password, SMS ticket /mobile phone

3. Basic – user name & password

• eNIK : High level DigID

High eNIK – level 3

Medium DigID - level 2 / 2+

Basic DigID - level 1 The Dutch

NIK: Travel Document

NIK: Identity Document

• High security level

• Traveldocument, valid in 35 countries, mainly EC

• Each citizen legally entitled:

– Paspoortwet Artikel 16a - Iedere Nederlander die als ingezetene in

DigID & SMS+

• IDPa sends BSN to DigIDs

Authentication for Health Database1:

Sub a. DigID level 2+

1 Beveiligingeisen ten aanzien van identificatie en authenticatie voor toegang

© TopForce B.V., Rotterdam www.topforce.com Elisabeth de Leeuw, September 2009 18

Sub a. DigID & RTDA

• Automatic link from HDw to DigIDW

eTD = electronic Travel Document

Primary goal: e-government G2B

Primary requirements: based on Bedrijvenregister (authentieke registratie)

• Authentication of a natural person (employee, civil servant)

• Authentication of a legal entity (company, public organisation)

• Authorization of a natural person representing a legal entity

© TopForce B.V., Rotterdam www.topforce.com Elisabeth de Leeuw, September 2009 22

• Access / single sign on to public e-services

• Advanced and qualified electronic signatures in accordance with

Public private network

Multiple identity providers, multiple credentials

Agreement on framework by the end of 2009

© TopForce B.V., Rotterdam www.topforce.com Elisabeth de Leeuw, September 2009 24

High eNIK – level 3 eHerkenning

Medium DigID - level 2 / 2+ eHerkenning

Basic DigID - level 1 eHerkenning The Dutch

Framework: public private cooperation, mutual consultation

• Complex, multi (3*n) parties1, multi solutions, distributed ownership

• Focus on government business case

• Mixed focus, on both legal entities and natural persons

• Void: national eID (eNIK) for *2C postponed The Dutch

• Secure life cycle management multiple credentials

• Private initiatives might weaken business case

• Link between physical-, legal entity and credential

• Complex, distributed, multi party infrastructure The Dutch

Thank you for listening!