HJP_ENISA_STORK_PRESS RELEASE_R1 ... - HJP Consulting
HJP_ENISA_STORK_PRESS RELEASE_R1 ... - HJP Consulting
HJP_ENISA_STORK_PRESS RELEASE_R1 ... - HJP Consulting
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>PRESS</strong> <strong>RELEASE</strong><br />
<strong>HJP</strong> <strong>Consulting</strong> and <strong>ENISA</strong> collaborated on the latest eID study initiated and<br />
published by <strong>ENISA</strong>:<br />
Mapping security services to authentication levels<br />
Paderborn, 4. April 2011<br />
The latest eID report published by the European Network and Information Security Agency<br />
(<strong>ENISA</strong>) is a collaborative effort of <strong>ENISA</strong> and <strong>HJP</strong> <strong>Consulting</strong> (<strong>HJP</strong>). This is the second<br />
collaboration between <strong>HJP</strong> and <strong>ENISA</strong> after the publication of the report titled “Security<br />
Issues in Cross-border Electronic Authentication”.<br />
The new report published in March is titled “Mapping security services to authentication<br />
levels” was authored by <strong>HJP</strong>’s eID experts Stephan Körting and Diana Ombelli and<br />
supervised by Slawomir Gorniak from Enisa’s Technical Competence Department.<br />
The authors introduce the reader to the general topic of electronic identity management<br />
and authentication, using real world examples. They explain the key concepts needed to<br />
understand the necessity of having a European Union-wide common approach to quality<br />
and security for the providers and users of electronic services. Services for instance<br />
include electronic tax declarations or receiving benefits from health care services based on<br />
identification using an eID card (smart card).<br />
The applicability of a known quality model developed by European initiatives<br />
(authentication levels) has been reviewed. The mappings are illustrated using everyday life<br />
examples. The report explains encountered or potential issues with applying the model of<br />
authentication levels to electronic services and provides recommendations for further<br />
improvements of the model.<br />
Moreover this report provides a general overview of recent European efforts, with particular<br />
emphasis on the activities of European project <strong>STORK</strong> (Secure Identity Across Borders<br />
Linked) in relation to the authentication levels and their mappings. <strong>STORK</strong> aims to<br />
implement an EU wide eID interoperability platform that will allow citizens to establish new<br />
e-relations with other countries in the EU by using means of cross border eID identification<br />
and authentication.<br />
After the authors, it can be said that the technological barriers to establish cross-border<br />
interoperability of eGovernment solutions and services are on a good way to be overcome,<br />
provided that authentication level definitions will be further clarified to remove any<br />
ambiguity and room for interpretation. In the face of ever increasing computing power and<br />
new technological innovations, no security measure can be considered to be valid<br />
indefinitely. Therefore definitions and mappings need to be periodically re-evaluated in<br />
order to increase the mutual levels of trust.<br />
<strong>STORK</strong> project started the bases for the QAA levels, which has to be fine tuned with the<br />
consent of the Member States, for example by the ISA programme. Current cooperation<br />
between some Member States seems to provide sufficient grounds to begin providing basic<br />
electronic services across European borders.<br />
Page 1 of 3
Markus Hartmann, Managing Director of <strong>HJP</strong> <strong>Consulting</strong> states: “The European Union is<br />
heading towards a common service market. Therefore citizens must be enabled to<br />
authenticate themselves online cross border without any barriers. We are proud that<br />
<strong>ENISA</strong> once again has used our expertise on designing large eID systems to promote this<br />
mission to European politicians and opinion leaders”.<br />
For further information, please review the report, which can be downloaded on the <strong>ENISA</strong><br />
website: http://www.enisa.europa.eu/act/it/library/deliverables/map-auth-lev.<br />
About <strong>ENISA</strong><br />
The European Network and Information Security Agency (<strong>ENISA</strong>) is an EU agency created<br />
as a response to security issues of the European Union. The Agency's Mission is essential<br />
to achieve a high and effective level of Network and Information Security within the<br />
European Union. Together with the EU-institutions and the Member States, <strong>ENISA</strong> seeks<br />
to develop a culture of Network and Information Security for the benefit of citizens,<br />
consumers, business and public sector organisations in the European Union.<br />
<strong>ENISA</strong> is a centre of expertise for the European Member States and European institutions<br />
in network and information security, giving advice and recommendations and acting as a<br />
switchboard of information for good practices. Moreover, the agency facilitates contacts<br />
between European institutions, the Member States and industry players.<br />
For further information please contact:<br />
Slawomir Gorniak<br />
Technical Competence Department<br />
<strong>ENISA</strong> - European Network and Information Security Agency<br />
Vassilika Vouton<br />
P.O. Box 1309<br />
71001 Heraklion<br />
Crete, Greece<br />
Slawomir.Gorniak@enisa.europa.eu<br />
http://www.enisa.europa.eu<br />
About <strong>HJP</strong> <strong>Consulting</strong><br />
<strong>HJP</strong> <strong>Consulting</strong>, based in Borchen near Paderborn (Germany), is an internationally<br />
operating firm of IT consultants specialising in the planning and testing of eID solutions with<br />
a focus on eID and e-health applications.<br />
The manufacturer-independent specialists at <strong>HJP</strong> <strong>Consulting</strong> supervise large-scale<br />
projects for introducing e-passports and eID systems at both the technical and strategic<br />
level. The firm’s consulting services encompass the areas of system architecture, software<br />
specification, tenders, quality and security management, and project management. Both<br />
governments and system integrators profit from <strong>HJP</strong>’s comprehensive expertise. At<br />
present, the <strong>HJP</strong> team is working on the introduction of e-passport systems for the<br />
ministries of the interior in the UAE, Sudan and the Sultanate of Oman as well as on<br />
architecture projects for the introduction of the telematic infrastructure in the German health<br />
sector.<br />
Since 2008, Markus Hartmann, Managing Director of <strong>HJP</strong> <strong>Consulting</strong>, has also been a<br />
member of the ICAO Implementation and Capacity Building Working Group (ICBWG), a<br />
working group commissioned by the International Civil Aviation Organization (ICAO) to<br />
support states with the introduction of machine-readable travel documents.<br />
Page 2 of 3
Markus Hartmann<br />
Managing Director<br />
<strong>HJP</strong> <strong>Consulting</strong> GmbH<br />
Hauptstraße 35<br />
33178 Borchen (Germany)<br />
Phone: + 49 5251 417760<br />
markus.hartmann@hjp-consulting.com<br />
https://www.hjp-consulting.com<br />
http://www.globaltester.org<br />
Anke Larkworthy<br />
Consultant, Sales & Marketing<br />
anke.larkworthy@hjp-consulting.com<br />
About <strong>STORK</strong><br />
<strong>STORK</strong> is an ICT Policy Support Programme under the Competitiveness and Innovation<br />
Framework Programme (CIP). It involves 17 EU Member States: Austria, Belgium,<br />
Estonia, Finland, France, Germany, Italy, Lithuania, Luxembourg, Netherlands, Portugal,<br />
Slovak Republic, Slovenia, Spain, Sweden, the UK and Iceland (as an EEA member). The<br />
EU's Competitiveness and Innovation Framework Programme (CIP) aims to encourage the<br />
competitiveness of European enterprises. Part of CIP, the ICT Policy Support Programme,<br />
focuses on stimulating innovation and competitiveness through the wider uptake and<br />
optimal use of ICT by citizens, businesses and governments. The timing and objectives of<br />
<strong>STORK</strong> are ideal for producing high impact and contributing to the proposed objectives of<br />
the Lisbon Ministerial Declaration (2007), that is to say interoperability among Member<br />
States and reduction of administrative bureaucracy. In the i2010 eGovernment Action<br />
Plan, EU Member States recognized the importance of electronic identification<br />
management. By 2010, they aim to provide secure and convenient electronic systems for<br />
European citizens and businesses accessing public services in any country of the<br />
European Union. These should work at local, regional or national levels and comply with<br />
data protection regulations.<br />
For more information:<br />
https://www.eid-stork.eu/<br />
Editorial Contacts:<br />
<strong>STORK</strong> Press Office<br />
press@eid-stork.eu<br />
Page 3 of 3