Resources
- Identity Use Cases & Scenarios.
- FIDIS Deliverables.
- Identity of Identity.
- Interoperability.
- D4.1: Structured account of approaches on interoperability.
- D4.2: Set of requirements for interoperability of Identity Management Systems.
- D4.4: Survey on Citizen's trust in ID systems and authorities.
- D4.5: A Survey on Citizen’s trust in ID systems and authorities.
- D4.6: Draft best practice guidelines.
- D4.7: Review and classification for a FIDIS identity management model.
- D4.8: Creating the method to incorporate FIDIS research for generic application.
- D4.9: An application of the management method to interoperability within e-Health.
- D4.10: Specification of a portal for interoperability of identity management systems.
- D4.11: eHealth identity management in several types of welfare states in Europe.
- Profiling.
- Forensic Implications.
- HighTechID.
- Privacy and legal-social content.
- Mobility and Identity.
- Other.
- IDIS Journal.
- FIDIS Interactive.
- Press & Events.
- In-House Journal.
- Booklets
- Identity in a Networked World.
- Identity R/Evolution.
D4.2: Set of requirements for interoperability of Identity Management Systems
John Baptista, LSE
In deliverable WP 4.1 we reviewed the literature and projects on the interoperability of Identity Management Systems. We proposed an adapted conceptualisation of this topic and illustrated its applicability using case studies. We also highlighted key issues in the literature which we found to be critical in this area of research. In this deliverable we use the key findings from the review in the first deliverable to canvass 23 experts in 5 countries in Europe on their views of those key topics. The interviews were conducted by 11 interviewers from the 4 core FIDIS institutions that contributed to this deliverable.
Owing to the number of people involved in this process (11 researchers) and the decentralised nature of the project (4 institutions working in 5 different countries) considerable effort was put into maintaining a consistent methodology and project management. Coordination was mostly conducted by email but the editorial team also met face to face during the analysis stage.
In the first stage we analysed D4.1 looking for key themes that, based on the literature review, looked to be critical. We then sent a list of topics to the network of researchers and asked for suggestions, and we assessed the relevance of the three suggested sectors of analysis (ecommerce, egovernment and ehealth). As a result of this interaction we developed a final list of topics that we then converted into questions. In the next stage, we sent the interview questionnaire to all contributors and requested all partners to organise interviews with key experts in identity management in the three sectors.
The interviews took place during the summer months of 2005 in June, July and August (see appendix 1 for the complete schedule). This timing proved to be difficult because most interviewees were on holiday or busy during most parts of this period. Because of the delays in conducting the interviews, this report suffered some delay given its original deadline.
In order to maintain standardisation and consistency and to help during the analysis stage, all participants used the same questionnaire. Some interviews were recorded and where recording was not possible, interview notes were taken. The LSE, as coordinator of this deliverable, wrote the first interview report and circulated among the 11 researchers to be used as a reference for all other interview reports. All reports followed this guideline and a selection of 13 can be consulted in the Annexes of this document.
A small editorial team was then created between the LSE and KUL to analyse all interview reports and write this final deliverable based on the 23 interview reports received. We first read the interviews and discussed key common themes among the interviews. We then agreed on a structure of themes and analysed the interview using those key themes as guides. We then summarised the findings from the interviews in the three chapters of this document creating three different sections for each of the three sectors of ecommerce, egovernment and ehealth.
We do not include all 23 interviews reports in the annexes of this deliverable document due to space limitations. We selected 13 of the most relevant for inclusion and aimed to include at least three reports from each partner. Out of the 23 reports from all partners we selected 13 with the following distribution among the partners: 3 reports from LSE, 4 reports from KUD, 2 reports from ICPP and 4 from TUD. Each report contains a combination of direct transcriptions of the most relevant quotes from the interviewee and contextual information added after the interview for a better understanding of the issues discussed. This additional effort in providing context to the interviews makes the reports rich and of independent significance, providing a valuable contribution to FIDIS research. Therefore, the analysed summaries of the interviews in the three core chapters of this deliverable are intended as guidelines only and they do not substitute the reading of the rich interview reports included in the annexes.
The selection of experts was decentralised and decided by the four institutions separately according to their own contacts in the three sectors. The key requirements for all partners were that the interviewees had to be recognised experts in their field and that they were available and happy for their views to be published in this report. Some respondents requested that certain documentation and parts of the transcripts of the interviews to be kept confidential. However all agreed that we could use their views for the analysis.
As described before, we looked for experts in the three chosen sectors: ecommerce, egovernment and ehealth. Each partner had to identify experts in the three sectors to interview. The following tables show the interviews conducted in the three sectors.
Table 1: Interviews in the ecommerce sector
| Country | Interviewer | Interviewee | Profile |
1 | Belgium
| KU Leuven, Els Kindt | Marc Sel | Director Pricewaterhousecoopers, Antwerp, Belgium. Responsibility for projects, including the Belgian Electronic ID card project as well as the Belgian Digital Tachograph Project.
|
5 | Germany
| ICPP, Martin Meints | Bernd Burckard | Technical project manager for the PKI-infrastructure of the Federal Land of Hessen. Project manager for the project “HCN 2004”, which is one of four elements of the so called “egovernment Masterplan” of the Federal Land of Hessen.
|
7
8 | Germany | TUD, Andreas Westfeld and Sandra Steinbrecher | Hannes Federrath
Gerhard Weck | Full professor for management of information security at University Regensburg. His research interests are security and privacy in communication networks, development of systems that provide anonymity and unobservability, location management strategies considering privacy in mobile communication systems, cryptography, steganography and data security. He is the leader of the project AN.ON/JAP, Anonymity Online, which enables users to surf the Internet anonymously and unobservably.
Gerhard Weck is a licenced IT Baseline Protection Auditor and Chief IT Security Officer at INFODAS. His working focus is security of operating and information systems and the development of the IT security database at INFODAS. He is IT security lecturer at the Ulm Academy for Data Protection and IT Security (Ulmer Akademie für Datenschutz und IT-Sicherheit, www.udis.de) and spokesman of the DECUS professional group for security (www.decus.de)
|
11 12
13
14
15 | Norway | LSE, Christopher Lovold | Virginia T. Ringnes Arild Lund and CasperChristophersen Semming Austin
Erik Lindmo
Nils Inge Brurberg | Central Bank of Norway Casper Christophersen is in the payments department, and works with technical issues that are associated with payments that involved the Central Bank. Arild Lund is the head of the financial stability department at the Central Bank of Norway. Virginia Ringnes works as a translator in the communications department. Semming Austin works in the Financial Stability department under Payment Systems.
DNB NOR bank Erik Lindmo has a MSc in civil engineering from Stanford, CA, and has been working in the banking sector for 25 years.
Nordea Bank Nils Inge Brurberg has been involved with the Norwegian BankID project and has been instrumental in formulating business logic, application requirements and implementation. He has also been involved in talks with Nordea (and other banks) in Sweden and Denmark in exploring the possibilities for BankID expansion across borders in Scandinavia. |
19 | Austria | LSE, Stephan Freh | Herbert Leitold | Mr. Herbert Leitold holds the position of Director Technology at A-SIT, Zentrum für sichere Informationstechnologie – Austria. A-SIT is a friendly society and was founded by the Austrian Ministry of Finance, the Austrian National Reserve Bank and the Technical University Graz in 1999. Its mission is to undertake ICT research for the use of egovernment. In recent years A-SIT worked closely with the IKT-Board and the CIO of Office of the Austrian Federal Chancellor. Mr. Leitold is the author of several international recognized studies including topics on eVoting, eID Solutions and electronic signatures. Mr. Leitold is further an advisor to the Austrian government on egovernment projects.
|
22
23 | UK
| LSE, James Backhouse, John Baptista and Chris Lovold | Mark Drew
Tom Buschman | British Telecom Mark Drew is Principal Researcher in the BT Security Research Team (BT Research Labs). He has over 30 years experience in IT security in banking and consultancy sectors.
Shell Tom Bushman is within Shell responsible for the TWIST project (Transaction Workflow Innovation Standards Team). TWIST is a not-for-profit industry group delivering non-proprietary XML standards aimed to enable straight through payments processing between businesses from end to end.
|
Table 2: interviews in the egovernment sector
| Country | Interviewer | Interviewee | Profile |
2
3 | Belgium
| KU Leuven, Michaël Vanfleteren | Olivier Libon
Paul Timmers | Project Manager, FedICT Security Architect (FedICT: Federal Public Service on Information and Communication Technology; www.fedict.be). Adviser for the Tractebel Group and the European Commission, he then joined GlobalSign (the European leading certification authority) as Vice President. He joined FedICT (the Belgian ministry of ICT) in 2002 before the launch of the BelPIC project (Belgian electronic Personal Identity Card) as security architect and PKI expert
Paul Timmers is head of unit for egovernment in the European Commission, Directorate-General Information Society & Media. Previously he was a member of the Cabinet of the European Commissioner for Enterprise and Information Society. Dr. Timmers has also been deputy head of unit for electronic commerce in the European Commission, where he was involved in policy and program development. He has published on a wide range of topics, including a book on electronic commerce strategies and business models. A visiting professor and lecturer at various universities and business schools.
|
6 | Germany
| ICPP, Martin Meints | Bettina Neke | Ministry of Social Affairs of the Federal Land of Schleswig-Holstein, working for the e-health card project in Schleswig-Holstein. Mrs. Neke works as officer in the Ministry of Social Affairs Schleswig-Holstein. Within the Ministry she is co-ordinating all political activities concerning this project. She has a professional background as lawyer.
|
16 | Norway | LSE, Christopher Lovold | Asbjørn Følstad
| Asbjørn Følstad is a research scientist in the ICT division working on interoperability, quality assurance and usability of information systems.
|
20 | Austria | LSE, Stephan Freh | Arno Hollosi and Bernd Martin | Mr. Arno Hollosi (2005) joined the Stabstelle IKT-Strategie des Bundes in 2001 and he was since then been its Technical Director. The Stabstelle IKT-Strategie des Bundes is also called Chief Information Office (CIO) of the Austrian government. Mr. Hollosi is responsible for developing and coordinating the technical aspects of the egovernment projects in Austria.
|
Table 3: interviews in the ehealth sector
| Country | Interviewer | Interviewee | Profile |
4 | Belgium
| KU Leuven, Xavier Huysmans | Frank Robben | Mr. Robben is general manager of the Crossroads Bank for Social Security, an institution he conceived and founded.
|
6 | Germany
| ICPP, Martin Meints | Bettina Neke | Ministry of Social Affairs of the Federal Land of Schleswig-Holstein, responsible for the e-health card project in Schleswig-Holstein. Mrs. Neke works as officer in the Ministry of Social Affairs Schleswig-Holstein. Within the Ministry she is responsible for all political activities concerning this project. She has a professional background as lawyer.
|
9
10 | Germany | TUD, Andreas Westfeld & Sandra Steinbrecher | Bettina Müller
Rüdiger Dierstein
| Bettina Müller is specialist in neurology and specialist in psychiatry and psychotherapy. Since fifteen years she is senior consultant and for more than ten years head of a neurological department. She is an expert in IT security for the medical area of application at the Gesellschaft für Informatik (GI, http://www.gi-ev.de)
Mr Dierstein is founder member and honorary member of the Gesellschaft für Datenschutz und Datensicherung (GDD, German Society for Data Protection and Data Security), member and fellow of the Gesellschaft für Informatik (GI, German Society for Informatics), spokesman of the executive board IT security of the GI for several years, and lecturer for IT security at the Technische Universität München since 1972
|
17
18 | Norway | LSE, Christopher Lovold |
Espen Haavardsholm
Ingunn Hellebostad Toft | Hospital Doctors in Norway Espen Haavardsholm is currently working as a doctor at Diakonhjemmet Sykehus in Oslo.
Ingunn Hellebostad Toft reports on her experience working in a hospital in Eid and in the medical centre at Stryn on the West coast of Norway.
|
21 | Austria | LSE, Stephan Freh | Heinz Otter | Director of Chipkarte. Mr. Heinz Otter (2005a) joined the SVA (Sozial Versicherungsanstalt – Social Security Office) as project manager in 1997. Mr. Otter was since then responsible for coordinating the eCard Project and he recently became appointed to Director Strategy at SV-Chipkarten Betriebs- und Errichtungsges.m.b.H.
|
One key requirement for the interviews was to have expert views on each sector from various countries in Europe so that in the analysis we could compare and contrast the approaches of different countries. We also wanted to involve experts from various backgrounds to cover the legal, technical and social dimensions.
The tables above show the diversity and richness of the contributions for this deliverable. For example, in the ecommerce sector we interviewed a Director of PriceWaterhouseCoopers in Belgium, representatives of three large banks in Scandinavia and the Director of the A-SIT European project. In egovernment we interviewed Austrian and German government officials and the Director of egovernment for the European Commission. In ehealth we interviewed hospital doctors in Scandinavia, ministers for ehealth in Germany and the government manager for ehealth card in Austria.
We believe that the above interviews have provided a solid basis for deriving key requirements for interoperability in Identity Management Systems.
Denis Royer | 7 / 43 |