Security and interoperability of eID systems across Europe is a current topic. European eID Management [eIDM] presently stands at crossroads. This is a vital and delicate stage, as pilot studies and models are now transformed into actual working systems. The ENISA report is a milestone, as it is the Agency’s first experts’ snapshot of Europe’s state of play in eIDM. The study charts the origins and scope of European eID interoperability. It focuses specifically at the triangle of three intrinsically connected drivers:
- At Policy level; an examination of the eID Roadmap, and the eID -2010 goals to be reached by 2010.
- The recently initiated 20 Mn € STORK Project is analysed, as one of several EU projects focusing on eID. This initiative develops a series of pilot projects for citizens of 13 EU Member States, using their governments’ eID/authentication systems. Thus, the STORK project pilots a basic infrastructure in the EU for cross-border eID systems. But, the report strongly underlines that although STORK is significant, it is not to be seen as the panacea for all eID interoperability problems. Many European eIDM projects overlap but the solution does not lie in any single project. Instead the outcomes of all eID building blocks must eventually be put together to create a coherent and pragmatic infrastructure for European eID interoperability.
- Third, the report examines the implementation of the Services Directive. The Directive requires Member States to put electronic points of single contact in place by 28 Dec. 2009. By then, service providers from any Member State should be able to complete formalities, to offer their services and to identify themselves electronically in a reliable way.
The report identified the four main policy priorities for European eIDM:
- In 2009, the policy objectives of the eID Roadmap will need to be reviewed and updated.
- To examine the results of the STORK project and how the pilot infrastructure can be expanded into a full-scale system.
- Once an interoperability infrastructure is in place, Member States will need to decide on the security requirements of their applications which do not discriminate against foreign citizens and enterprises.
- A greater emphasis on the citizen-centric approach to eID. It is crucial to give users sufficient personal control over their identity.
The Agency commented:
“This report shows that the pioneer eID systems soon must move into interoperable systems. This is a crucial time for EU Member States to make the right decisions, not only to guarantee interoperability, but also security and usability."