Jacques Bus received his PhD in Science and Mathematics at the University of Amsterdam. He worked as a researcher for 12 years and subsequently as research program manager for 5 years at CWI/NWO in Amsterdam (NL).
From 1988 he worked at the European Commission in leading positions in various parts of the Research programmes ESPRIT and ICT, including IT infrastructure, program management, software engineering and since 2004 in trust and security. He has been strongly involved in the establishment of the Security Theme in FP7, the EC Research funding programme.
Since 2010 he works as an independent advisor on Trust, Security, Privacy and Identity in the digital environment. He has been 3 years business director of the Dutch Privacy and Identity Lab (www.pilab.nl) He is Secretary General of Digital Enlightenment Forum.
Short Report:
In his presentation, Andrea Servida starts with quoting Andrus Ansip, VP of the EC for the Digital Single Market: “Building trust in the online world is crucial to accomplish the Digital Single Market. Coupling mobile authentication credentials, such as Mobile Connect, with the identity security provided by eISs under the eIDAS Regulation is the way towards this goal.”
eIDAS provides a consistent set of rules for digital ID management throughout the EU. On this moment 65% of EU citizens is covered by (pre-)notified eIDs.
eIDAS gives the opportunity to citizens to:
- Control and selectively disclose ID data when accessing online services cross border,
- Limit collection of ID data to those strictly needed for the transaction, ensuring full accountability .
It reinforces existing regulation, incl. on data protection, privacy, cyber security and is important for various other policy initiatives.
eIDAS can bring Citizens, Public Administrations, ID and Attribute Providers, and Service Providers together in one cross border eID ecosystem for verified IDs.
Elly Plooij – van Gorsel presented some of the problems and successes of The Netherlands making use of notification under eIDAS. It showed some of the complexities and political problems in doing so.
Then three speakers followed, each presenting an approach to responsible eID management within an eIDAS-based eID ecosystem.
Bart Jacobs presented the IRMA attribute-based authentication system originating from the Radboud Univ in Nijmegen (NL). IRMA is freely available and gains traction in NL (mainly in local government and health care). It is an Open Source community effort and will not lead to a monopoly.
Ghassan Karame presented the use of Block Chain in eID to ensure privacy preservation, customer control of their data and the ability to verify and let it be re-used.
Stephan Krenn presented Self-Sovereign ID systems, based on attribute-based authentication (examples are Idemix and U-Prove) which allow privacy preserving ID management with: multicredential presentations, revocation, inspection and controlled linkability.
The discussion was sometimes technical, sometimes more general.
Essential for trusted use of eID systems is the ability to bring all stakeholders (citizens, public administration, ID and attribute providers and service providers) together in a broad cross-border eIDAS based ecosystem that preserves privacy, gives the citizen control on his/her data and is convenient in use. It also made it clear that ID management as a service must be independent from the general service providers using it for authenticated access to their services. This is all the more important as behavioural data is in fact the bulk of data being collected from citizens by certain service providers. Companies (including...