Kantara eGov Working Group   Teleconference

Date and Time

  •                    Date:   1. Oct 2012
  •                    Time:   11:00 PDT | 14:00 EDT | 20:00 CET | 07:00 NZ(+1)

Attendees

Rainer Hoerbe, Kismed, Austria

Sal D’Agostino, ID Machines, USA

Thomas Grundel, IT Crew, Denmark

Colin Wallis, DIA NZ Govt, NZ

Mark King, UK (Special Guest)

Minutes

Minute taker: Rainer.

June minutes need approval. Minutes review/approval not done due to lack of Quorum

New Members

We are welcoming James Glennon (Delta, British Columbia) and Andre Boysen (SecureKey) both of Canada who joined in August!

EU proposal for mutual eRecognition Regulation and Trust Services (talk by Mark King)

 

Related material:   http://ec.europa.eu/information_society/policy/esignature/eu_legislation/regulation

 

e-signature Directive did not have the wanted effect. There is only one provider in UK, plus Germany, Spain, Portugal, Estonia, but user uptake is minimal. 

In general the EC can only propose items within their scope of competence. This regulation is perceived by some Member States (MS) as a “back way in” to get action in the area by requiring a specific method/approach and augmented through ‘discretionary instruments’(??). The regulation tries to impose eID-functionality by regulating what MSs are required to do for interoperability, although eID is not within their scope of competence. The proponents claim they are not requiring governments to change their local systems, which is unrealistic.

 

2 parts of the regulation: eID, and provision of electronic trust services.

These are intertwined, but separate. Intermarket provisions operate in the UK. The need to have legal certainty does not work in common law countries and this is not understood by civil law countries. The UK, Cyprus, Ireland, Hong Kong (common law countries that resort to the law only to resolve disputes) do not align with the civil law basis of the proposed regulation.

 

Government notification is optional. -> Why notify? Because their citizens (vague!) to use their local IdPs, even councils?, to vouch for their identity when transacting with other MSs. Need to provide that for free with unlimited liability, no limit to application. Very tight timescales for that interop process/requirement to bed in.

 

The project team working on the regulation relied on expertise in Brussels. There were no opportunities for Q&A or feedback, and no new information was provided. This raised questions of whether correct process has been followed for this drafting.

 

Concern in UK, US -> uniqueness is a problem; no common citizen or organization register, will not happen in the near future. Matching to an unique identifier will be very hard.

 

Interop is a major issue in the regulation. It is prefaced on the assumption of a single system with a unique identifier to be federated.  There is no comparable system in the UK, for example the Scottish Card has to interoperate with non card identification schemes. -> questionable. Should people be required to have a unique number?

 

Strong enthusiasm to do things that support STORK, like KYC -> mixture of what they want to do and what is imposed on them, but with no real interest. Little information available what kind of LoA is required for their services, or adoption rates at various levels for services. Leads to ‘forgot password’ issues due to it only being used once per year for example.

 

Mutual recognition in the proposed EU regulation does not line up with international standards, like ISO and trust framework developers like Kantara.

 

Dates for consultation is closing soon. Consultations from groups that represent multiple countries and industries are better regarded than single voices. Can Kantara co-ordinate a response?

 

Addendum: UK originally planned a service of secure delivery of online public services. -> the agency doing it, stopped funding it and unilaterally transferred it elsewhere where it has stalled.  In its place is a series of Good Practice Guides (GPGs) to assist – RSDOPS Requirements for Secure Delivery Of Public Services (43), Security Policy framework (44)  Credentials (45) People (46).  However, the LoAs in one GPG do not correspond to other LoAs in other GPGs.

 

eGov Charter Repositioning  

Status report from Colin

AI: publish it -> Colin

eGov Membership Invitation Letter

Status report from Colin

Letter is ready, check again for  more target names, go ahead with the next F2F meeting.

Public consultation of eHerkenning SAML profile

Related material on this   wiki .

Report from Rainer.

eGov SAML Profile migration to FIWG  

Report from Rainer

AI: Rainer move outside contributions.

Face to Face meeting, Washington DC, 31stOct/Nov 1st

Who is attending? Colin. Rainer, Thomas will not be able to join.

What topics will we work on? We will work with the other groups present where the work intersects. The “unofficial” F2F in August was well attended; single room; good agenda with common areas of interest. That format will be used again.

A.O.B.