Title: Digital Identity in Slovenia
1Digital Identity in Slovenia Davorka el and
Alenka uek Government Centre for Informatics,
Republic of Slovenia
2Slovenia
- Independent from 1991
- Area 20.273 km2
- Population 1.965.986
- Population density 98 inhabitants per km2
- Length of borders 1.382 km with Austia 330 km
with Italy 280 km with Hungary 102 km with
Croatia 670 km
3Missions of Government Centre for informatics
- Planning, implementation and maintenance of IT in
state institutions - Assuring the development and functioning of
common server infrastructure and common
telecommunication network and services - Preparation and realisations of a harmonized
common yearly plan of informatization - Professional education and training in IT for
governmental employees - Promoting informatics inside and outside
administration.
4National electronic identity card
5eID project - current situation
- 1) Electronic Communication and Electronic
Signature Act adopted in September 2000 - 2) Governmnetal Certification Authority
(SIGOV-CA) issues certificates to governmnetal
employees, operational since 1.6.2000 - 3) Governmetal Certification Authority (SIGEN-CA)
issues certificates to citizens and private
sector, operational since 9.7.2001 - 4) Registration Authority for digital certificate
issuance for citizens operates since 6.12.2001 at
the administrative units all over the country - 5) Unique ID number used in certificates and
stored in registers - 6) Official start of the national eID project
February 2003, (eID not mandatory) - 7) Official issuance of eID planned for the end
of 2004
6eID issuanceprocedure
7The card I
- Card (chip) CONTENT
- Personal data
- 2 digital certificates and corresponding private
keys - Place for biometrics
- Card (chip) REQUIREMENTS
- Modular stucture
- Application independent independent of the
choice of biometric method - Possible CHOICE
- Multi application card
- At least 64kB memory
8The card II
Card manager
Identity manager
name
Personal data
Biometrics
PKI
APIs
Hardware and Operating System
9eID - open questions
- Certificate issuance procedure (by CA or at the
desk office) - Number of passwords for private key access (1
password for all or different password each) - Post issuance management (forgotten password,
locked cards, etc.) - Need for applications search for killer
applications -
- and NR bit dilema
10E-ID White Paper V 0.6 Keys and certificates
11Debate on the NR (Non-repudiation) bit (standards
in EU)
- IETF and EESSI consensus about the rule that
an authentication key should not be used for
signing. - ETSI (based on RFC 3039) and CWA 14167-1
- If the key usage nonRepudiation bit is asserted
then it SHOULD NOT be combined with any other key
usage - CWA 14167-1 states also that
- TWSs providing the Subscriber Device Provision
Service, MUST ensure that subscriber keys for
creating electronic signatures are separate from
those used for other functions e.g. encryption.
12Implementation of NR bit
- An authentication key should not be used for
signing (i.e. qualified e-signature) - highly recommended from a security
viewpoint - it is not legally mandatory
European Commission is (probably) not considering
to make minimum of two certificates mandatory for
e-sign directive.
BUT We have to wait for its review (july 2003)!
13Common approach for e-ID application
- NR bit
- having an OID doesn't prevent an unauthorized
use - how to achieve applications architecture,
design and implementation
- Need for common approach for interoperability of
applications e-ID