The Belgian Federal Government has implemented an electronic identity (eID) project to provide Belgian citizens with an electronic identity card. This eID card allows citizens to authenticate themselves digitally and apply digital signatures. The eID project timeline began in 1999 and saw full national rollout by 2009. Over 8.6 million eID cards have been issued. The eID functions as an e-government building block and has expanded to include Kids-ID and Foreigner-ID cards. Identity and access management (IAM) is also discussed as relevant to eGovernment for ensuring security, transparency, autonomy, and governance. Fedict provides an IAM offering and the presentation discusses IAM evolution and EU cross-border interoperability pilots.
3. Goal eID project
• To give Belgian citizens an electronic identity Proof of identity
card enabling them to authenticate themselves
towards diverse applications and to put digital
signatures
Signature tool
6. Belgian eID Project Time line
13 Dec 1999: European Directive 1999/93/EC on Electronic Signatures
22 Sept 2000: Council of Ministers approves eID card concept study
19 July 2001: Council of Ministers approves basic concepts (smart card, citizen-
certificates, no integration with SIS card, Ministry of Internal Affairs is
responsible for RRN’s infrastructure, pilot municipalities, helpdesk, card
production, legal framework,… Fedict for certification services
3 Jan 2002: Council of Ministers assigns RRN’s infrastructure to NV Steria
1999 2000 2001 2002 2002 2003 2004 2005 2009
27 Sept 2002: Council of Start of 2009: all citizens have an eID
Ministers assigns card card
production to NV Zetes,
certificate services to NV September 2005: all newly issued ID
Belgacom cards are eID cards
31 March 2003: first 4 eID cards 27 September 2004: start of nation-wide roll-out
issued to civil servants
25 January 2004: start of pilot phase evaluation
9 May 2003: first pilot municipality
starts issuing eID cards 25 July 2003: eleventh pilot municipality started
8. The eID: results
• eID:
– More than 8.6 Million cards issued (2nd wave)
• Kids-ID:
– Potential: 1,3 Million cards
– More than 100.000 cards issued since March 2009
• Foreigner-ID:
– Potential: 1,5 Million cards
– More than 150.000 cards issued since 2008
8
9. How does it work?
Internet
1) Request
2) Redirect to ePortal
Login page
6) Session Creation
5.2) Redirect with SAML
Response
ePortal External Firewall
User Web Server Application
External Portal Server
5.1) Redirect with SAML
Response (Posting with
JavaScript)
External Firewall
3) Login in ePortal
Authentication page
4.1) Checking Credetials 4.2) Checking Credetials
Web Server Application LDAP
Federal ePortal Server
10. Alternatives with different security
levels
• Different security levels : Level 0
– level 0 : Public access Level 1
– level 1 : User name + Password Level 2
– level 2 : User name + Password + Token
Level 3
– level 3 : Electronic identity card
• Future evolutions (based on eID) :
– Mobile Identity
– One Time Password Generators?
23. Fedict IAM offering
Trusted Third Party Application A
Relying Party
…
User
Circle of Trust
Application X
Authentic sources
RR
FAS
BIS
Admin
Role
Admin
KBO
24. Fedict IAM evolution
Current building blocks Optimized building blocks
Self Role Definition
CSAdmin
Registration Management
Citizen Admin
Role Admin
Self Role
User Role Management
User Role Assignment
Mgt Mgt VOSync Mgt Mgt
Reporting
TUM Self Management
Reporting User Lifecycle Organization
Service
Management Assignment
Risk
Magma Management
Authentication Authentication
Attribute
MagmaWS Relying Party
Service Identification &
Authentication Management
FAS+ FAS1 Attribute
Publication
26. Overview of LSP’s Collaborations
Transport
Infrastructure
Company
Dossier
Company ID
Infrastructure
Citizen ID
Transport
Citizen ID
Transport
Infrastructure
Company
Dossier
Company ID
Citizen ID
Citizen ID
Privacy
Privacy