Docstoc

MODINIS-IDM-Questionnaire

Document Sample
MODINIS-IDM-Questionnaire Powered By Docstoc
					                  Prepared for the eGovernment Unit
                  DG Information Society and Media
                  European Commission




                   Modinis
         Study on Identity
Management in eGovernment

        Standardised Questionnaire
                              SQ1
                                                                               31th May 2005




The opinions expressed in this study are those of the authors and do not necessarily reflect the
                             views of the European Commission.


 Reproduction is authorised, provided the source (eGovernment Unit, DG Information
Society, European Commission) is clearly acknowledged, save where otherwise stated.




ggggg
gggg
gggg
ggg

          eGovernment Unit                                   K.U.Leuven, Belgium
    DG Information Society and Media                           Lawfort, Belgium
         European Commission                                    A-SIT, Austria
Dear eGovernment or Identity Management Expert!
Under the MODINIS Programme, the European Commission, DG Information Society and Media
has contracted K.U. Leuven, Lawfort, and A-SIT to carry out a study on Identity Management in
eGovernment. This initiative is part of (“Lot 3” of) a Service Contract on an eGovernment Good
Practice Framework: http://www.egov-goodpractice.org
In this initiative that is carried out over a period covering 2005 and 2006 the project will inter alia:
           gather case studies in the field of Identity Management
           organise workshops on aspects of identity management in eGovernment
           establish, organise, and assist an “Identity Management Working Group”
           provide periodic newsletters to interested parties


One of our major targets is to gather case studies and examples of Good Practice Cases in the
field of Identity Management. Therefore, we are sending you this questionnaire and kindly ask for
your advice.
This questionnaire is structured in two sections. In the first section, we kindly ask you to name us
examples of Good Practices, projects, systems, etc. in the field of Identity Management in your
country. In the second section of this questionnaire, we ask you for information on one or more
Identity Management project(s) which you are familiar with in more details.
If you consider it useful to report on more than one Identity Management case in detail
separately, feel free to duplicate this questionnaire.


Personal Information
First of all, we kindly ask you to give us some information about yourself in order to be able to
contact you if necessary.
Privacy notice: The personal information below will not be distributed. We ask for contact
addresses in case we have questions on the answers given (leave empty in case you e.g. do not
wish to be contacted).


  No.                     Question                                    Answer

                                             Name:            ________________________
                                             Organisation:            ___________________
                                             Position:        ________________________
                                             Governmental?                  _ Yes           _ No
                                             Address:         ________________________
  A.1       Personal Information of
            Respondent                       Country:         ________________________
                                             Email:           ________________________
                                             Phone:           ________________________
                                             Further persons in case of multiple
                                             respondents:
                                             __________________________________




Invitational Newsletter                    17/05/2005, version 1.0                             1
In case you are interested in this initiative, we will keep you informed on the project (in case no
answer is given, we will not register you for any of our newsletters/send-outs):



            Do you want to be                Periodic Newsletter             _ Yes        _ No
  A.2       informed of progresses           Project Workshops               _ Yes        _ No
            of the study (default is
            “No”).                           Final Study                     _ Yes        _ No




Part I: Information on Good Practice Cases in your Country
The study will identify good practice projects on identity management. In case you are aware of
any project, Good Practice Case, Identity Management System, etc. you consider a candidate for
being listed in the Good Practice Framework, an indication of the project / contact information is
highly appreciated. If you can also give us brief descriptions, this would be very helpful.
Feel free to extend this list arbitrarily by duplicating the following sections.


Identity Management System/-Project/Good Practice Case 1:
            Please indicate, which           ___________________________________
            Identity Management
 I.1.1      System/Project/Good
            Practice Case this
            answers relate to?
                                             Name:             ________________________
                                             Organisation:             ___________________
                                             Position:         ________________________
                                             Governmental?                   _ Yes        _ No

 I.1.2                                       Address:          ________________________
            Contact information?
                                             Country:          ________________________
                                             Email:            ________________________
                                             Phone:            ________________________
                                             Further persons if necessary:
                                             ___________________________________
 I.1.3      Brief Description, if            ___________________________________
            known?




Invitational Newsletter                     17/05/2005, version 1.0                          2
Identity Management System/-Project/Good Practice Case x:
            Please indicate, which         ___________________________________
            Identity Management
 I.x.1      System/Project/Good
            Practice Case this
            answers relate to?
                                           Name:           ________________________
                                           Organisation:           ___________________
                                           Position:       ________________________
                                           Governmental?                 _ Yes           _ No

 I.x.2                                     Address:        ________________________
            Contact information?
                                           Country:        ________________________
                                           Email:          ________________________
                                           Phone:          ________________________
                                           Further persons if necessary:
                                           ___________________________________
 I.x.3      Brief Description, if          ___________________________________
            known?




Part II: Detailed Information on a Good Practice Case
which you are familiar with
In this section, we kindly ask you to give more detailed information on a Good Practice Case, a
project or Identity Management system, etc. in the field of Identity Management in your country.
In case you consider it useful to report on several Good Practice Cases/projects/systems in detail
separately, feel free to duplicate the following sections.



            Please indicate, which         ___________________________________
            Identity Management
  II.0      System(s)/Good
            Practice Case/Project
            the answers relate to?




Invitational Newsletter                  17/05/2005, version 1.0                           3
A.       General Questions

  No.                     Question                                    Answer

                                            _ Identification numbers or alike
            Identification in E-
  A.1       Government is based             _ Personal data (e.g. name, address, etc.)
            on.                             _ Others (e.g. usernames, please specify):
            (multiple answers possible)
                                            ___________________________________

In case identification (A.1) is based on identification numbers:

                                            _ Single registers (e.g. population register)
                                            _ Federated registers
            Identification numbers
 A.2a       are based on?                   _ Application-specific registers (e.g. tax,
                                            health,..)
            (multiple answers possible)
                                            _ Others (please specify): _____________
                                            _ Do not know

In case identification (A.1) is based on personal data:

                                            _ Name(s)              _ Surname(s)     _ Degree
                                            _ Gender                      _ Place of Birth
            Which personal data is          _ Date of Birth               _ Nationality
 A.2b       used to identify the
            person?                         _ Address              _ Parent names
            (multiple answers possible)     _ Do not
                                            know
                                            _ Others (please specify): _____________


                                            _ Centralized (e.g. national registers)

            By whom are/is the              _ By regions / provinces
            identification system/s         _ Municipalities / cities
  A.3       driven (responsible
            authority)?                     _ Application-specific (e.g. tax authorities)
            (multiple answers possible)     _ Others (please specify): _____________
                                            _ Do not know




Invitational Newsletter                   17/05/2005, version 1.0                            4
                                        _ Central residents/population register
                                        _ Tax number
            If centralized registers
  A.4       are used, what is its       _ Social security number
            basis (source)?
                                        _ Others (please specify): _____________
                                        _ Do not know


                                        _ Yes               _ No       _ Do not
  A.5       Is the identification                                      know
            necessarily unique?
                                        Further clarifications: _________________


            Does the identifier         _ Yes               _ No        _ Do not
  A.6       remain the same                                             know
            throughout the person’s
                                        Further clarifications: _________________
            lifetime?


            Is the identification       _ Yes               _ No        _ Do not
  A.7       system obligatory for                                       know
            every citizen?              Further clarifications: _________________


            Is the identification       _ Yes               _ No        _ Do not
  A.8       system open to                                              know
            foreigners?                 Further clarifications: _________________


            Are specific data-          _ Yes               _ No        _ Do not
  A.9       protection measures in                                      know
            place?                      Please indicate which: _________________


                                        _ Yes               _ No        _ Do not
 A.10       Is the system limited to                                    know
            E-Government?
                                        Please indicate which: _________________


            Please indicate the main    ___________________________________
            features of the
 A.11       identification system
            that you consider
            important?




Invitational Newsletter                17/05/2005, version 1.0                    5
A.1.     Interoperability
  No.                     Question                                  Answer

                                           _ eEurope Smart Card Charta
                                           _ EESSI standards
                                           _ CEN TC224
                                           _ Porvoo Group
            Have interoperability
            initiatives been / will be     _ CEN eAuthentication Workshop
 A.12
            considered - which?            _ EUCLID
            (multiple answers possible)
                                           _ PRIME
                                           _ eEpoch
                                           _ Others (please specify): _____________
                                           _ Do not know




B.       Technical Questions

  No.                     Question                                  Answer

                                           _ National electronic ID card
                                           _ Other public sector smart cards (please
                                           specify):
                                           ___________________________________
                                           _ Private sector smart cards: (please
            Which technologies are         specify):
  B.1       used?                          ___________________________________
            (multiple answers possible)
                                           _ Other tokens (e.g. mobile phones) (please
                                           specify): ___________________________
                                           _ Username / password
                                           _ Others (please specify): _____________
                                           _ Do not know


                                           ___ months          _ unlimited   _ Do not
  B.2       Validity of the issued                                           know
            tokens (in months)?
                                           Further clarifications: __________________




Invitational Newsletter                   17/05/2005, version 1.0                   6
                                         _ Password (PIN)
                                         _ One time passwords (TAN)

            How is a person              _ Electronic Signatures
  B.3
            authenticated?               _ Biometrics
                                         _ Others (please specify): _____________
                                         _ Do not know


B.1.     IT-Security Aspects

  No.                     Question                                Answer

            Are Public Key               _ Yes               _ No          _ Do not
  B.4       Infrastructures (PKI)                                          know
            used?                        Further information: ___________________

If you answered “No”, jump to section “Standards and Norms”.



                                         _ single governmental CA
                                         _ multiple governmental CAs
            If B.4, which
 B.5a       Certification Authority      _ governmental or private sector CAs
            (CA) issues certificates?
                                         _ Others (please specify): _____________
                                         _ Do not know


            If B.4: Are unique           _ Yes               _ No          _ Do not
            identifiers (tax number,                                       know
 B.5b       public register numbers,
                                         Further clarifications: __________________
            …) held in the
            certificate?


                                         _ qualified signature (SSCD + qualified
                                         certificate)
            If B.4, which quality    _ qualified certificate only (no SSCD)
 B.5c       levels for electronic
                                     _ non-qualified certificate
            signatures are required?
                                     _ Others (please specify): _____________
                                         _ Do not know




Invitational Newsletter                 17/05/2005, version 1.0                    7
B.2.     Standards and Norms

  No.                     Question                                Answer

            List standards and           ___________________________________
  B.6       norms used or required
            for the identification
            system?



C.       Legal Issues

  No.                     Question                                Answer

                                         _ Yes               _ No           _ Do not
            Has any specific                                                know
            regulation regarding
                                         If yes, please provide a reference (name,
            electronic
  C.1                                    date, source):
            authentication been
                                         ___________________________________
            enacted, or is such
            regulation in                Please provide a brief description of the
            preparation?                 principal rules:
                                         ___________________________________



        Does the applicable regulatory framework define the following concepts:


                                _ Yes            _ No                  _ Do not know
        Entity                  If yes, please provide the definition:
                                ___________________________________
                                _ Yes            _ No                  _ Do not know
C.2     Attribute/Chara
        cteristic               If yes, please provide the definition:
                                ___________________________________
                                _ Yes            _ No                  _ Do not know
        Identity                If yes, please provide the definition:
                                ___________________________________

                                _ Yes            _ No                  _ Do not know
        Mandate/Role            If yes, please provide the definition:
                                ___________________________________
        Registration            _ Yes            _ No                  _ Do not know




Invitational Newsletter                 17/05/2005, version 1.0                    8
                           If yes, please provide the definition:
                           ___________________________________
                           _ Yes                 _ No               _ Do not know
        Authentication     If yes, please provide the definition:
                           ___________________________________



            Does the applicable          _ Yes               _ No        _ Do not
            regulatory framework                                         know
  C.3       define which
                                         If yes, please indicate which information:
            information will
                                         ___________________________________
            constitute proof of
            identity?



            Does the applicable          _ Yes               _ No        _ Do not
            regulatory framework                                         know
            define a concept for role
  C.4                                    If yes, please describe how:
            management and
                                         ___________________________________
            mandates (e.g. legal
            representation of
            minors)?



            Does the applicable          _ Yes               _ No        _ Do not
            regulatory framework                                         know
            define a method for
            interoperability with
            other identity               If yes, please describe how:
  C.5
            management systems           ___________________________________
            (including through
            international
            interoperability
            agreements)?




Invitational Newsletter                 17/05/2005, version 1.0                 9
            Does the applicable             _ Yes                _ No                _ Do not
            regulatory framework                                                     know
            provide a multi-tiered
  C.6       identification system
            (i.e. by recognising            If yes, please describe how:
            different methods of            ___________________________________
            identification with a
            different security level)?




D.       Further Information
Please list any information you consider of specific interest in the identification system:


________________________________________________________________
________________________________________________________________
________________________________________________________________




                          !! Thank you for your effort !!




Invitational Newsletter                    17/05/2005, version 1.0                            10
                                                                Prepared by:


                                                   The Modinis IDM Study Team
                                                       B-3000 Leuven, Belgium

              https://www.cosic.esat.kuleuven.ac.be/modinis-idm/workshop/



                                                          Lead contractor:
                                K.U.Leuven Research & Development, Belgium
                                          Project manager: prof. Bart Preneel
                                          http://www.esat.kuleuven.be/cosic
                                     Subproject manager: prof. Jos Dumortier
                                                          http://www.icri.be


                                                              Subcontractor:

                       Secure Information Technology Center, Austria (A-SIT)
                                              Director: prof. Reinhard Posch
                                                         http://www.a-sit.at


                                                              Subcontractor:

                                       Lawfort – ICT Law Department, Belgium
                                                     Head: prof. Jos Dumortier
                                                        http://www.lawfort.be




For further information about the eGovernment Unit

     European Commission
     Information Society and Media Directorate-General
     eGovernment Unit

     Tel   (32-2) 299 02 45
     Fax   (32-2) 299 41 14

     E-mail  EC-egovernment-research@cec.eu.int
     Website europa.eu.int/egovernment_research

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:7
posted:11/15/2011
language:English
pages:12