1 / 12

Experience from Use of a Common Authentication Service for the Norwegian Public Sector

Experience from Use of a Common Authentication Service for the Norwegian Public Sector. Jon Ølnes, jon.olnes@difi.no Difi – Agency for Public Management and eGovernment, Norway ePractice Workshop “Reaping the benefits of eID in different business sectors within the EU and beyond”

anneke
Télécharger la présentation

Experience from Use of a Common Authentication Service for the Norwegian Public Sector

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Experience from Use of a Common Authentication Service for the Norwegian Public Sector Jon Ølnes, jon.olnes@difi.no Difi – Agency for Public Management and eGovernment, Norway ePractice Workshop “Reaping the benefits of eID in different business sectors within the EU and beyond” Brussels, 29th September 2011

  2. eID in Norway (pop. 5 million) • MinID (MyID) – Difi’s common eGov eID (open source) • > 2.6 million users, about 800 services from 200 public service owners • One-time password based, medium security (level 3 of 4) • BankID – common solution for all banks • > 2,5 million users, > 300 services (mainly bank, finance, payment) • PKI-based, closed, proprietary solution, high security (level 4) • Buypass – smart card solutions • > 2 million cards, mostly National Lottery cards, many services • National Lottery cards issued at security level 3 (3DES, non-PKI) • Cards are easily upgraded to PKI-based (level 4), about 350.000 users • Main model: Closed, proprietary – but also open solutions • Commfides – small actor, open (and open source) solutions • Aiming particularly at employee eID using USB sticks (level 4) • FEIDE – common eID in higher education • Password-based (level 2) • “Kalmar-2” union across Nordic countries

  3. Have used Internet last 3 months, Norwegian population (Q2 2010) Women Men Source: Statistics Norway

  4. ID-porten (the ID-portal) – common authentication to eGov services … ID-porten authentication portal About 800 services from about 200 public agencies (about 130 federations) Currently no agreement on use of BankID National ID-card with eID is a future option Nasjonalt ID-kort

  5. Authentication via ID-porten SAML token identifying user, eID used and assurance level of eID Service Back-channel between service and ID-porten ID-porten Redirect to ID-porten Autenticate Set session cookie to enable single sign-on eID

  6. Service requiring level 3 eID

  7. Service requiring level 4 eID

  8. Per month: Growth in use of ID-porten

  9. MinID – % coverage by age

  10. - bruksmønster use per hour of day

  11. Experiences • 14 million authentications in 2010 • By end August 2011: 17 million authentications • 17 million / 2.6 million users = average 6.5 per user • Extrapolate to end of year: average 10 per user in 2011 • Add services not yet using ID-porten • Add expected potential for further growth • eGovernment services: Average use 20-25 times per year (?) • Provided good, user friendly services • And simple authentication with uniform user experience (does not have to be centralised) • ... and we used to learn “about 1.8 times per year”? • Implications – food for thought: • Business case for government issued eID and for private eID issuers with agreement for use for public services? • Business case for eGovernment services?

More Related