Important legal notices
 
Search on EUROPA   
Back to IDABC home page Back to IDABC home page
 
 

IDA(BC) Authentication Policy

Authentication Policy
   

With electronic exchanges of information taking place across Europe every day, security is becoming an increasingly important issue. Security can be tackled by ensuring that exchange takes place over a secure channel, but also by guaranteeing that the identity of the persons exchanging information is known and authenticated. In order to facilitate the exchange of information over sectoral networks or Projects of Common Interest (PCIs) in a reliable and secure manner, IDA has set up a horizontal security measure to develop an authentication policy.


Last update: 11/2004

top
What is IDA(BC) Authentication Policy?
Objectives

What does the IDA(BC) Authentication Policy Document contain?

Achievements

Who benefits?

The role of IDABC

Technical information
Documentation

What is IDA(BC) Authentication Policy

Authentication is about the establishment and verification of identity for security purposes, a feature that has become essential to any secure information exchange process. In keeping with the IDA(BC) mission to facilitate the electronic exchange of information, IDA(BC) has gathered in an Authentication Policy Document a series of recommendations and guiding principles for the establishment of appropriate authentication mechanisms for the participants (member state administrations and EU institutions) in IDA(BC) sectoral networks.

Top of page

Objectives

The IDA(BC) Authentication Policy Document aims at providing an instrument that helps managers of IDA(BC) sectoral networks and horizontal security-related projects to assess and establish appropriate authentication mechanisms for their projects. The experience and insight gained through this activity provides also input to the IDABC PKI related projects.

Top of page

What does the IDA(BC) Authentication Policy Document contain?

The IDA(BC) Authentication document describes a methodology to develop a customized authentication policy which suggests the use of the following steps:

  • Step 1: Conduct a rapid risk assessment of the sectoral application or network.
  • Step 2: Map Identified risks to the applicable Authentication Assurance level.
  • Step 3: Select procedures and technology.
  • Step 4: Sign a Mutual Recognition Agreement.
  • Step 5: Validate that the implemented system has achieved the required assurance level.
  • Step 6: Periodically reassess the system to determine technology refresh requirements.

It also includes suggestions for the distribution of responsibilities for the registration and electronic authentication phases of the authentication process of a given sectoral project between the Commission, the relevant member state administration and, when applicable, a third party.

The Document foresees a Certificate Practise Statement that describes different policies for the four levels of assurance defined –Minimal, Low, Substantial and High. These policies relate to both, registration and electronic authentication phases, as well as to the choice of token type and authentication protocol for each level of assurance.

In order to facilitate the application of the suggested methodology and in particular of the above mentioned steps, the IDA(BC) Authentication Policy Document provides in an Annex, an Authentication Policy Framework that contains a number of important elements, such as how to define and select the appropriate assurance levels - and the available procedures and technologies for achieving the registration and electronic authentication per level, including token types (hard crypto token, soft crypto token, one-time password, PIN) and authentication protocols (private key, symmetric key, tunnelled password).

Top of page

Achievements

The guiding principles for the authentication policy were defined in 2003 and the basic IDA(BC) Authentication Policy Document was completed in July 2004.

Top of page

Who benefits?

All users of the sectoral networks and IDA(BC) projects with authentication requirements, in particular those related to the PKI-based solutions.

Top of page

The role of IDABC

IDA(BC) Authentication Policy is one of the security actions developed and funded by the IDA(BC) Programme.

Top of page

Technical information

Project Start Date

2003

Project Completion Date

2004

IDA Budget

2003 € 27,490

Responsible Service

DG Enterprise - IDABC Unit

Project Coordinator

Gzim Ocakoglu

Contact

idabc@ec.europa.eu

Top of page

Documentation on Authentication Policy

Back to:

Other Horizontal Actions and Measures