identity and access management and electronic identities _ belgian federal government
DESCRIPTION
IAM within eGovernment context in Belgium. eID Project. Presentation held by Mr. Walter van Assche, within the first session of the FORUM „INFORMATION TECHNOLOGY IN GOVERNMENT”, dedicated to interoperability, held at Chisinau, January 16th 2012.TRANSCRIPT
![Page 1: Identity and Access Management and electronic Identities _ Belgian Federal Government](https://reader034.vdocuments.us/reader034/viewer/2022042715/557d2c9bd8b42a5a448b50a9/html5/thumbnails/1.jpg)
Identity and Access Mgmt and
electronic Identities
Belgian Federal Government
Walter Van Assche
January 16th, 2012
Chisinau
![Page 2: Identity and Access Management and electronic Identities _ Belgian Federal Government](https://reader034.vdocuments.us/reader034/viewer/2022042715/557d2c9bd8b42a5a448b50a9/html5/thumbnails/2.jpg)
ELECTRONIC IDENTITY
(CARD)
![Page 3: Identity and Access Management and electronic Identities _ Belgian Federal Government](https://reader034.vdocuments.us/reader034/viewer/2022042715/557d2c9bd8b42a5a448b50a9/html5/thumbnails/3.jpg)
Goal eID project• To give Belgian citizens an electronic identity
card enabling them to authenticate themselves
towards diverse applications and to put digital
signatures
Proof of identity
Signature tool
![Page 4: Identity and Access Management and electronic Identities _ Belgian Federal Government](https://reader034.vdocuments.us/reader034/viewer/2022042715/557d2c9bd8b42a5a448b50a9/html5/thumbnails/4.jpg)
eID partners
![Page 5: Identity and Access Management and electronic Identities _ Belgian Federal Government](https://reader034.vdocuments.us/reader034/viewer/2022042715/557d2c9bd8b42a5a448b50a9/html5/thumbnails/5.jpg)
The eID as an e-gov. building block
![Page 6: Identity and Access Management and electronic Identities _ Belgian Federal Government](https://reader034.vdocuments.us/reader034/viewer/2022042715/557d2c9bd8b42a5a448b50a9/html5/thumbnails/6.jpg)
Belgian eID Project Time line
22 Sept 2000: Council of Ministers approves eID card concept study
2000
19 July 2001: Council of Ministers approves basic concepts (smart card, citizen-
certificates, no integration with SIS card, Ministry of Internal Affairs is
responsible for RRN’s infrastructure, pilot municipalities, helpdesk, card
production, legal framework,… Fedict for certification services
2001
Start of 2009: all citizens have an eID
card
2009
13 Dec 1999: European Directive 1999/93/EC on Electronic Signatures
1999
3 Jan 2002: Council of Ministers assigns RRN’s infrastructure to NV Steria
2002
27 Sept 2002: Council of
Ministers assigns card
production to NV Zetes,
certificate services to NV
Belgacom
2002
9 May 2003: first pilot municipality
starts issuing eID cards 25 July 2003: eleventh pilot municipality started
31 March 2003: first 4 eID cards
issued to civil servants
2003 2004
25 January 2004: start of pilot phase evaluation
September 2005: all newly issued ID
cards are eID cards
2005
27 September 2004: start of nation-wide roll-out
![Page 7: Identity and Access Management and electronic Identities _ Belgian Federal Government](https://reader034.vdocuments.us/reader034/viewer/2022042715/557d2c9bd8b42a5a448b50a9/html5/thumbnails/7.jpg)
The eID “product family”
Kids-ID
Foreigner-ID
eID
![Page 8: Identity and Access Management and electronic Identities _ Belgian Federal Government](https://reader034.vdocuments.us/reader034/viewer/2022042715/557d2c9bd8b42a5a448b50a9/html5/thumbnails/8.jpg)
8
The eID: results• eID:
– More than 8.6 Million cards issued (2nd wave)
• Kids-ID:
– Potential: 1,3 Million cards
– More than 100.000 cards issued since March 2009
• Foreigner-ID:
– Potential: 1,5 Million cards
– More than 150.000 cards issued since 2008
![Page 9: Identity and Access Management and electronic Identities _ Belgian Federal Government](https://reader034.vdocuments.us/reader034/viewer/2022042715/557d2c9bd8b42a5a448b50a9/html5/thumbnails/9.jpg)
Internet
Web Server
External Portal
Application
Server
Web Server
Federal ePortal
ePortal
User
LDAP
External Firewall
Application
Server
1) Request
3) Login in ePortal
Authentication page
4.2) Checking Credetials
2) Redirect to ePortal
Login page
5.1) Redirect with SAML
Response (Posting with
JavaScript)
5.2) Redirect with SAML
Response
External Firewall
4.1) Checking Credetials
6) Session Creation
How does it work?
![Page 10: Identity and Access Management and electronic Identities _ Belgian Federal Government](https://reader034.vdocuments.us/reader034/viewer/2022042715/557d2c9bd8b42a5a448b50a9/html5/thumbnails/10.jpg)
Alternatives with different security
levels• Different security levels :
– level 0 : Public access
– level 1 : User name + Password
– level 2 : User name + Password + Token
– level 3 : Electronic identity card
• Future evolutions (based on eID) :
– Mobile Identity
– One Time Password Generators?
Level 0
Level 1
Level 2
Level 3
![Page 11: Identity and Access Management and electronic Identities _ Belgian Federal Government](https://reader034.vdocuments.us/reader034/viewer/2022042715/557d2c9bd8b42a5a448b50a9/html5/thumbnails/11.jpg)
IDENTITY AND ACCESS
MANAGEMENT IN EGOV
![Page 12: Identity and Access Management and electronic Identities _ Belgian Federal Government](https://reader034.vdocuments.us/reader034/viewer/2022042715/557d2c9bd8b42a5a448b50a9/html5/thumbnails/12.jpg)
UserApplication
Getting access
© Fedict 2009. All rights reserved | p. 12
What is IAM?
A simple story…
![Page 13: Identity and Access Management and electronic Identities _ Belgian Federal Government](https://reader034.vdocuments.us/reader034/viewer/2022042715/557d2c9bd8b42a5a448b50a9/html5/thumbnails/13.jpg)
UserApplication
Identification
& authentication
Getting access
© Fedict 2009. All rights reserved | p. 13
What is IAM?
A simple story…
![Page 14: Identity and Access Management and electronic Identities _ Belgian Federal Government](https://reader034.vdocuments.us/reader034/viewer/2022042715/557d2c9bd8b42a5a448b50a9/html5/thumbnails/14.jpg)
UserApplication
Identification
& authentication
Attributes
(Name,
Company,…)
NRNKBO
Notarissen …
Getting access
What is IAM?
A simple story…
![Page 15: Identity and Access Management and electronic Identities _ Belgian Federal Government](https://reader034.vdocuments.us/reader034/viewer/2022042715/557d2c9bd8b42a5a448b50a9/html5/thumbnails/15.jpg)
UserApplications
Identification
& authentication
Attributes
(Name,
company,…)
NRNKBO
Notarissen …
Getting access
What is IAM?
A simple story…
Permissions
Roles
![Page 16: Identity and Access Management and electronic Identities _ Belgian Federal Government](https://reader034.vdocuments.us/reader034/viewer/2022042715/557d2c9bd8b42a5a448b50a9/html5/thumbnails/16.jpg)
Chief Security Mgr
UserApplication
Identification
& authentication
Attributes
(Name,
Company,…)
NRNKBO
Notarissen …
Getting access
Legal Representative
KBO
Granting access
© Fedict 2009. All rights reserved | p. 16
What is IAM?
A simple story…
Permissions
Work
flow
Security Manager
Roles
![Page 17: Identity and Access Management and electronic Identities _ Belgian Federal Government](https://reader034.vdocuments.us/reader034/viewer/2022042715/557d2c9bd8b42a5a448b50a9/html5/thumbnails/17.jpg)
© Fedict 2009. All rights reserved | p. 17
IAM…. In a complex reality
Manage
Identity
Manage
Virtual
Identity
Attestation
Reporting
Risk
Definition
Relying Party
Management
Auditing
Manage
Organizationa
l Membership
Manage Role
Definition
Manage
Permission
Mandate
Management
Manage
Domains
Manage
Contexts
Request
Permission
Authenticate
Process overview
![Page 18: Identity and Access Management and electronic Identities _ Belgian Federal Government](https://reader034.vdocuments.us/reader034/viewer/2022042715/557d2c9bd8b42a5a448b50a9/html5/thumbnails/18.jpg)
© Fedict 2009. All rights reserved | p. 18
Relevance of IAM within
eGovernment context
Transparance:
• Granting of transparant access to different applications and information sources of the Belgian government
Security:
• Avoid unauthorized access to information sources and applications of the federal government
Trust and trustworthy:
• Decent service provider
Autonomy:
• Ensure the “uniqueness” of each of the partners
Governance structure:
• The rules and agreements within an IAM context
![Page 19: Identity and Access Management and electronic Identities _ Belgian Federal Government](https://reader034.vdocuments.us/reader034/viewer/2022042715/557d2c9bd8b42a5a448b50a9/html5/thumbnails/19.jpg)
© Fedict 2009. All rights reserved | p. 19
Security management
>> An historical agreement
An agreement is being defined between Belgian government partners, providing a
basis for an integrated security management
A joint security management platform will be offered as a managed service
All partners can participate in the steering group of the joint platform
…..
![Page 20: Identity and Access Management and electronic Identities _ Belgian Federal Government](https://reader034.vdocuments.us/reader034/viewer/2022042715/557d2c9bd8b42a5a448b50a9/html5/thumbnails/20.jpg)
Federated context
>> co-existance
![Page 21: Identity and Access Management and electronic Identities _ Belgian Federal Government](https://reader034.vdocuments.us/reader034/viewer/2022042715/557d2c9bd8b42a5a448b50a9/html5/thumbnails/21.jpg)
Context of OCMW Context of Federale governmentContext of local governments
© Fedict 2009. All rights reserved | p. 21
Federated context: Example
>> Digiflow
UserDigiflow
Identification
& authentication
Attributes
(Name,
Company,…)
NRNKBO
Notarissen …
Permissions
Getting access
![Page 22: Identity and Access Management and electronic Identities _ Belgian Federal Government](https://reader034.vdocuments.us/reader034/viewer/2022042715/557d2c9bd8b42a5a448b50a9/html5/thumbnails/22.jpg)
UserTax on web
Identification
& authentication
Attributes
(Name,
Company,…)
NRNKBO
…
Getting access
Legal represetative
Head Security Mgr
Permissions
Security Mgr
Roles
Work
flo
w
KBO
Granting access
© Fedict 2009. All rights reserved | p. 22
Federated context: Example
>> Tax on Web for accountants Mandate Mgt
![Page 23: Identity and Access Management and electronic Identities _ Belgian Federal Government](https://reader034.vdocuments.us/reader034/viewer/2022042715/557d2c9bd8b42a5a448b50a9/html5/thumbnails/23.jpg)
Fedict IAM offeringTrusted Third Party
Auth
entic
sourc
es
Circ
le o
f Tru
stFAS
Role
Adm
in
Application A
Application X
RR
BIS
KBO
User
Rely
ing P
arty
Admin
…
![Page 24: Identity and Access Management and electronic Identities _ Belgian Federal Government](https://reader034.vdocuments.us/reader034/viewer/2022042715/557d2c9bd8b42a5a448b50a9/html5/thumbnails/24.jpg)
Fedict IAM evolutionCurrent building blocks Optimized building blocks
RoleMgt
Authentication
UserMgt
Role Admin
Citizen Admin
TUM Self
Service
Magma
MagmaWS
FAS1FAS+
Attribute
Service
CSAdmin
VOSync
Reporting
RoleMgt
Authentication
UserMgt
Self
Registration
Self
Management
User Lifecycle
ManagementRisk
Management
Role Definition
Management
Role
Assignment
Organization
Assignment
Identification &
Authentication
Attribute
Publication
Relying Party
Management
Reporting
Management
![Page 25: Identity and Access Management and electronic Identities _ Belgian Federal Government](https://reader034.vdocuments.us/reader034/viewer/2022042715/557d2c9bd8b42a5a448b50a9/html5/thumbnails/25.jpg)
EU pilots that work on
cross-border interoperability
© fedict 2011. All rights reserved
![Page 26: Identity and Access Management and electronic Identities _ Belgian Federal Government](https://reader034.vdocuments.us/reader034/viewer/2022042715/557d2c9bd8b42a5a448b50a9/html5/thumbnails/26.jpg)
Company Dossier
Citizen IDC
itiz
en
ID
Co
mp
any
ID
Privacy
TransportInfrastructure
Company Dossier
Citizen ID
Cit
ize
n ID
Co
mp
any
ID
Privacy
TransportInfrastructure
Tra
nsp
ort
In
fra
stru
ctu
re
Overview of LSP’s Collaborations
![Page 27: Identity and Access Management and electronic Identities _ Belgian Federal Government](https://reader034.vdocuments.us/reader034/viewer/2022042715/557d2c9bd8b42a5a448b50a9/html5/thumbnails/27.jpg)
Thank you
Fedict
Maria-Theresiastraat 1/3 Rue Marie-Thérèse
Brussel 1000 Bruxelles
TEL. +32 2 212 96 00 | FAX +32 2 212 96 99
[email protected] | www.fedict.belgium.be