The STORK project (www.eid-stork.eu) aims to make it easier for European citizens and businesses to access online public services across borders. Authentication is an important element to realize this ambition. However, most individual member states have their own eID solutions for citizen authentication thereby hampering successful provisioning of pan European services. Therefore, a common framework for mutual recognition of national electronic identities between participating countries must be developed and tested. Such a framework provides interoperability of national eID solutions and also ensures that the member states are aware of each other’s solutions and of the quality of eID assurance associated to each authentication solution.

eID interoperability

Novay has defined a common framework for eID interoperability. This so-called STORK QAA framework includes four levels of authentication assurance and facilitates mapping of national levels and eID solutions onto each other. The four levels are related to the requirements regarding the needed assurance of the user’s identity. The stronger the requirements, the higher the level of assurance will be. The STORK QAA levels contain an organizational and a technical component. Organizational aspects that must be taken into account are the quality of the identification procedure, the process of issuing identity tokens, and the quality of the certification authority. Technical aspects are related to the overall authentication procedure and include the type and robustness of the identity tokens provided and the quality of the mechanisms used for user authentication. Each of these five aspects is individually rated and the weakest component determines the over STORK QAA level for a certain eID. The presented STORK QAA framework allows for mapping of national eID solutions to STORK QAA levels and provides a means for mapping of national levels of different member states onto each other.

Mapping

This mapping however is not always straightforward. The following situations need attention:

·         There are member states that have multiple authentication solutions with different assurance on the national level but with equal assurance in the STORK framework (e.g. Luxembourg and France). To prevent undesired mappings we recommend in this case that the STORK QAA level must always be mapped onto the highest national level corresponding to the STORK level.

·         There are member states that have several authentication solutions with equal assurance on the national level but with different assurance in the STORK framework (e.g. Italy and Estonia). In this case a more fine-grained national level specification is required to prevent unsought mapping of levels. We recommend them to adopt the STORK QAA levels. Alternatively, a more detailed specification on the protocol level could be used. However, it is unlikely that SAML, as the default standard for identity information exchange, can facilitate this.

·         There are member states that do not have authentication solutions that map onto the highest STORK level (e.g. the Netherlands and the UK). In principle this is not a problem. Many member states are in the process implementing national identity cards (STORK level 4) or are at least thinking about it. This problem will be solved over time when all member states realize their roadmaps.

·         There are member states that have only a single authentication assurance level that corresponds to STORKS’s highest level (e.g. Austria). Service providers of those member states may be inclined to authenticate citizens with the highest level of assurance: Level 4 in STORK terminology. This inclination, however, implies that many citizens of other member states can never access their services. For these citizens, other more expensive solutions need to be provided. Service providers should therefore make a risk assessment regarding their services and decide for themselves if the highest level is the best choice. Less critical services may be rated with a lower assurance level thereby allowing more citizens access. This implies that service providers of such member states should have knowledge about other levels, and preferably STORK levels, as well. If service providers are given the option to conform to the STORK QAA framework instead of a national assurance framework, then they must express what type of assurance levels they adhere to (STORK and/or national). Otherwise mapping may go wrong.

Mapping of levels onto each other will be done in a distributed manner and, depending on the solution used, executed at the PEPS or by the middleware of the STORK infrastructure.

Legal aspects

Legal matters limit the use of eID solutions across Europe and can therefore be a major show-stopper for eID interoperability. They do not have a direct impact on the STORK QAA framework however but they may for instance forbid the communication of persistent identifiers between member states or require the use of qualified certificates. The latter matter is taken into account in the STORK QAA framework. The use of qualified or non-qualified certificates is an important element for the determination of the assurance level. Regarding the prohibition of using persistent identifiers several solution directions are available. These solutions directions include the use of opaque and transient identifiers, privacy enhancing technologies, and explicit user consent via user-centric identity management solutions.  

Supervision

Some form of supervision is required to enforce compliance to the STORK QAA framework and to take care of the contractual aspects regarding trusted eID interoperability. These aspects should be discussed and solved in STORK.

If you are interested in more information about STORK or eID interoperability please contact one of the members.