“DigiD model”from studentchipcards to

trust federationsa story

Jaap Kuipers

Stichting SURF

kuipers@surf.nlEuroCAMP, Malaga, October 19 2006

attributes, acknowledgements

KPMG, IT auditor

Dutch government computer centre, head of IT audit and security

Rabobank, financial control computer centre

Sabbtical, IT in Africa

SURF Foundation, programme manager Identity management, trustfederations, standards

A lot of fun working together with SURFnet’s Bart Kerver, Klaas

Wierenga, Maarten Koopmans, Ton Verschuren on IdM

Mission

A nationwide authentication service

(inter)national trustfederations

how ?

Look for strategic alliances• (Education with eGovernment, Healthcare, Business)

U-turn: help ourselves by helping others ( problem

in eGov greater than in Education, others pay a fair

share)

Education and research is not an island in the

knowledge economy

shared interests

there is a clear need forhorizontal initiatives in thefield of authentication,payment systems andsecurityprovide a ‘breakthroughenvironment’

From Rethinking The European ICT Agenda

History

1996 Student chipcards, 15 MEuro later, lessons

learned a hard way

Gigaport programme: pragmatic authentication with

tools users already have (bankcards, SMS-OTP)

2001 TrustSURF programme: from chipcard to

authentication, to federations and standards

2001 asked ECP.NL (eNetherlands group) to join

the steering committee

History

2002 A-Select software, freedom of choise

e-OK framework for definition of levels of trust: Basic,

Middle, High

2003 Government programme “an Other Government” 65%

services online by 2007

18-6-2003 13h. seminar on Finread standard: notion of

proportional security presented by National Manifesto Group

2 weeks later demo of A-Select at Social Insurance Bank

building the National Authentication Facility (NAV)

24-06-2004 A-Select Open source software (mandatory for use

within eGov)

Many authentication tools

Freedom of choise

Growthpath

PKI- government

Bank Chipkaart

Password

SMS-passcode

SMS-TANcode

High

Middle

Low

“ease of use”costtime

AuthSP’s

History

1-12-2005 NAV renamed to DigiD

Public libraries in federation with A-Select

2006 350.000 users for MyStudent loan using A-

Select with SMS-on time passwords

2006 1,3 mln account, signing 500.000

taxforms

2007 6,5 mln users planned,

mandatory use for taxforms

authentication high on agenda

selling federations:passport metaphore helps

UK

DE

BE

GBA

SA

burger

X

SA

ZYXFR

GBADEBEUK

DigiD-federation

GBA

burger

X

selling federations:Financial federation metaphore

Parties involved

Advisory board for A-Select open source:

SURFnet

Kennisnet (K-12 education)

BKWI (Social security insurances)

ICTU, (eGovernment)

Interpay (Clearinghouse for banks)

Diginotar (Digital Notary)

En betrokkenheid van ABN AMRO, Rabobank, Openbare Bibliotheken, Alfa&Ariss

Public libraries

Healthcare

Academic hospital Leiden:

Citrix with bankcards and

RSA-calculator for strong

authentication for home use

CIBG UZI PKI card ?

Businesses

DigiNotar (authenticatie serviceprovider and services)

ABN-AMRO Bank (authentication serviceprovider)

Rabobank (authenticatie serviceprovider)

Interpay

Postbank (SMS-TAN) is invited

Publishers

Software leveranciers (software vendors)

Results

Open source, standards based Federated IdM broad support for A-Select open software

U-turn worked well for Dutch education

Sharing of IdM knowledge over all sectors

open infrastucture for Education, Government,

Healthcare, Business

The offer

Ease of use better security

Freedom of choise passwords, tokens, passwords-via-SMS, bank, PKI certificate,

IP-adres and more

A migrationpath, no vendor lock-in less passwords, migrate to stronger authentication when necessary

Middleware, open source software, free

Levels of assurance( basic, middle, high)

Single sign-on

Federative model: authenticate local, act global