SSEDIC: Scoping the Single European Digital Identity Community

Session Topic: SSEDIC: Scoping the Single European Digital Identity Community (T4D)

Convener: Christian Schunck

Notes-taker(s): Christian Schunck and Allen Friedman

Tags for the session - technology discussed/ideas considered:

Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:

Both the US, Canada and Europe undertake great efforts to create the infrastructure for a digital identity ecosystem.

SSEDIC is a think tank preparing an actionable roadmap towards a proposed Single European Digital Identity Community as envisaged by the Digital Agenda for Europe.

The SSEDIC network comprises 35 core partners and more than 60 associated partners from across Europe. US and Canadian organizations and businesses can join the network as Associated Partners.

How may the EU & the US play together? AND How do the EU member states itself play together?

SSEDIC:	www.ssedic.eu	3 year project funded by the European Commission Coordinated by Nestor Lab (Italy) EU can't do it alone – international coordination is desired Starting point: what are the needs of sectors & citizens Confidentiality, Privacy, Ease of use/access Cross-border challenges…

EU - 450 million consumers, 27 member states Open if you use paper / post based processes Different states have different tech in built in ID	No homogeneous regulatory framework except for e-signature Variations: regulations, liability, legal issues Many eID uses in the EU are government driven, not user driven BUT - people only interact with their govt in official capacity 1.7 x / year

Who provides Many countries in Europe provide eID using a large variety of technologies. Government issued, ID card-based solutions exist for example in Germany, 	Austria, Italy, Spain, Belgium etc.	Other states use TAN based systems Access varies: citizen, resident, just ask for it

Role of “nationality” in government issued eIDs: just an “attribute”? Claim: if you need to be a citizen to obtain government issued eID, then nationality is moot. Distinction: Claim to be Irish for St. Patrick's day bargain Claim to be Irish for Irish pension

Why not start federating now? There are pilot programs like Stork. But there exists difficulties like implementing LoA (QAA levels) without regulatory framework. Federation is going to solve the technical aspects, but the laws and policies need to be harmonized

In the EU exists regulation for e-signature exists (qualified electronic signature) Electronic models: Person (who is) vs. signature (what role) Some one has to validate Who can prove that person is X			Birth certificate / record (local) Government ID (national)

Importance of contracts: French person can bind contract with an American w/out either govt What does the government demand? Standards (levels of assurance) What does this imply for digital identities and liabilities?

Claim: key challenges are legal & organizational Need accountability before you can have liability