D4.2: Set of requirements for interoperability of Identity Management Systems

FIDIS IDEAL SCENARIO OF FULL INTEROPERABILITY

Ideal scenario of full interoperability

The experts described the systems which were in use in their countries. Some experts when discussing an ideal scenario shifted from the ecommerce to the egovernment context. We summarise what they answered regardless: 

- Austria (Leitold) says that the concept of the Austrian Citizen Card entirely fulfils the interoperability requirements on a national level. However, on a European level there is still much to do as currently only 2 countries (Italy and Estonia) have solutions interoperable with Austria. Additional countries (i.e. Finland and Belgium) will soon be integrated. The goal should be to have a solution which is fully interoperable with all European national authentication and identification solutions. The EU is still a long way from a European-wide interoperable eID solution. As mentioned earlier, European countries usually develop their national solutions without thinking in European terms first and only at a later stage think about European collaboration. Apart from some EU projects like GUIDE or FIDIS, there is hardly any structured EU-wide discussion about interoperable eID solutions. Relatively early on Austria passed laws such as the Electronic signature or egovernment law which are required for a national eID solution, while some European countries are far behind.

Although Austria passed a law which allows the acceptance of other countries eIDs for egovernment purposes, there is no structured integration process of other countries eID solutions. Integration processes are more or less individual projects and on ad-hoc basis.

- Belgium (Sel) There seems to be a difference between developments taking place in the public and those in the private sector. In the public sector, the developments for an interoperable eID are under way. From September 2004, electronic identity cards (eID) are being distributed to all Belgian citizens living in Belgium.  The eID is a plastic card, in the format of a banking card, with an electronic chip.  The eID contains personal information printed on the card, including picture, name and written signature. The personal information is also electronically stored on the card, and also includes the digital signature and certificates of the owner of the card. The eID allows the owners/users of the card to consult their own personal information kept in the central personal register, but also to contact, exchange or file information with the government.  

In the private sector, it seems that private companies have not yet made much progress in the development or use of interoperable identity management tools.  Initiatives exist, such as the IBM Tivoli software system, but are not yet widespread. 

- Other experts presented elements which should be considered as important in order to reach a system which would meet their requirements. For Weck, an interoperable system would be based on certificates. The problem is that what hinders the development of interoperability is incomplete or imprecise existing standards. Mr Lindmo presented a BankID project in Norway, which is a cooperation between the five major financial institutions/banks in Norway to establish a fully interoperable PKI based electronic ID system. He believes it could be the solution for the future.