HomeeRecognition: authentication and authorisation for legal entities

eRecognition: authentication and authorisation for legal entities


eRecognition: authentication and authorisation for legal entities


 


The Internet continues to gain importance for businesses. Therefore, the means to sufficiently identify oneself is a prerequisite for the further development of e-business and e-government.


For that reason eRecognition was launched in May 2010. The programme enables businesses to arrange their affairs with government bodies electronically by maximising public-private cooperation: accredited private sector providers issue businesses and authorities with proven e-identity, authentication and authorisation solutions.


 


One digital ‘master key’


Formerly, government organisations used a variety of parallel authentication and authorisation solutions. This yielded a multiple set of digital keys and caused poor user experience. The ensuing weak user adoption stunted the growth of eBusiness and eGovernment.


With eRecognition, each business is issued with a single e-Identity (EID) token that can be used for various government services. Thus, the multiple set of digital keys is replaced with one digital 'master key'. This will accelerate adoption, since user habits are formed by reusing the same authentication mechanism for various online services. (See also: How does it work?)


 


Temporary free-token service


An increasing number of Netherlands government organisations are convinced of its benefits. They also stimulate their 'customers' (businesses and public sector organisations) to use eRecognition. A temporarily free token-service is offered as an extra incentive to migrate legal entities towards eRecognition and has already drawn thousands of users.


By February 2011, transactions using eRecognition amounted to thousands per month.
In 2011, eRecognition is being consolidated further and be implemented on a larger scale by more government organisations.


See also eRecognition policy



eRecognition: How does it work?


 


When a legal (or designated) representative of a business logs on to the website of a government organisation, he (or she) uses the EID token issued by the EID service provider of his (or her) choice. EID tokens may include user name/password, texting, bank card, phone, one time password (OPT), or public key certificate.


Behind the scenes, authentication and authorisation at the relevant assurance level are carried out according to the policies set by the eRecognition governance organisation: an accredited eRecognition broker has access to an authentication service and an authorisation register. The broker identifies the person who logs on and the company (s)he represents and checks his/ her authorisation for the case in point. After logging on successfully, the representative can submit his/ her application, and the government organisation can be sure it is genuine.


 


Four assurance levels


Depending on the type of government service, eRecognition supports four assurance levels, which are based on the STORK classification. Other international standards, such as SAML 2.0, are used for the secure messaging.


 


Public-private cooperation


 


To achieve excellent (e-)services to business and citizens, the Dutch Ministry of Economic Affairs, Agriculture and Innovation has invited commercial experts to become involved in the development of a robust e-solution for authentication and authorisation. A considerable number of commercial parties have shown their interest by responding and participating, including major banks, Telco's, software developers and e-identity experts.


 


An initial group of ten private sector organisations has now formed the eRecognition network. Other parties are invited to participate in the network once they are accredited to offer eRecognition services.


 


Cooperative domain'


Within the eRecognition network, we define two domains: a 'cooperative domain' and a 'competitive domain'.


The cooperative domain is the minimal set of agreements for parties to cooperate in the areas of infrastructure, applications and business. The governance of this set of agreements is organised collectively and is currently supervised by the Ministry. Eventually, governance will be assigned to an independent party.


Accredited EID providers may assume one or more of four roles.


 


Competitive domain


The competitive domain is part of the market where market parties compete on the provision of services within the framework of the set of agreements established in de cooperative domain.


 


eAccessibility policy


 


eRecognition was initiated by the Dutch Ministry of Economic Affairs, Agriculture and Innovation. The aim is to enhance administrative efficiency and stimulate reduction of administrative burdens for businesses. To bring this about, the Ministry has commissioned experts and private suppliers to develop robust authentication and authorisation solutions by reusing tried and tested tokens and tools.


 


Building block


As the successor of DigiD for businesses, eRecognition is one of the building blocks of the Dutch National Implementation Programme (NUP), a joint priorities programme of municipal and provincial authorities, regional water boards and central government. This programme sets out to provide excellent (e-)services to business and citizens, one of the primary goals of the Netherlands administration. To achieve this goal, e-government services need to be accessible and reliable.


 


EU Services Directive


Furthermore, eRecognition offers a significant contribution to the implementation of cross-border electronic services within Europe, as initiated by the EU Services Directive


 


Scope for expansion


Currently, the use of eRecognition in the Netherlands focuses on business-to-government. However, the developments within eRecognition can be rolled out to other domains: machine-to-machine, eSignature, government-to-government and business-to-business.


Moreover, eRecognition can be replicated in other countries involving local market parties. And last but not least, eRecognition has been designed for European interoperability, since any party can apply, irrespective of the country of residence.


 


Roles within the network:


 


Providers may assume one or more of four roles:



  1. eRecognition broker. This role is completely dedicated to the public service. It is the interface through which the public service 'talks' with the eRecognition network. The public service asks the network for an identification (a Chamber of Commerce reference) through the broker. The online user is then redirected to his or her authentication provider of choice.

  2. Mandate register. This register stores all authorisations of a person on behalf of the business. The authorisations can only be created and maintained by an authorised person of that particular business. In the case of small businesses, this is usually the owner.

  3. Authentication service. This role makes the authentication tokens available in the network in real time.

  4. Token issuer. The issuers provide authentication tokens (texting, OTP, certificates, user name/password) to businesses and their users.

 


This 4-party model connects existing means of authentication or keys (e.g. cards, mobile phones, tokens, passwords) to eService Providers. The user is registered in the Mandate register and, through the Authentication service, a reliable and fast verification of this user can be accomplished.


The roles of 'token issuer', 'authorisation register' and 'authentication service' can be executed by multiple commercial parties. All parties are to connect to each other. Therefore, both the public service and the business only need a contract and connection to a single provider of their choice.


 


This division of roles can be represented in a diagram


 




Four-party model for identity services


 


Note: The roles of 'token issuer', 'mandate register' and 'authentication service' are all related to service provision towards the user ('Company and user' in the scheme) and are seen as one role when we use the term 'four-party model'.


 


Benefits


 


eRecognition offers advantages to the public and business sectors alike.


 


Benefits for the public sector:



  • By (re)using already available solutions, authentication and authorisation are outsourced to the commercial market. This improves and stimulates the development of public e-services.

  • The accessibility and reliability of these services will continue to be improved and thus become more attractive and more frequently used. E-government services will really take off once citizens can reuse authentication mechanisms they already have (e.g. for online banking and e-commerce).

  • The public sector sets the requirements and can select a standardised solution -with multilevel assurance - from competing providers.

  • Government organisations can choose their preferred eRecognition supplier.

  • Government organisations can set the assurance level of their particular services provision.

  • With a single connection to the eRecognition network a government services provider gains access to all eRecognition tools and authorisations that have been made available in the network.

Benefits for the business sector:



  • Businesses can choose their preferred eRecognition supplier.

  • Only accredited suppliers can offer eRecognition services, which enhances reliability.

  • A single set of credentials for identification at all public e-services (instead of several identification tools).

  • Specific authorisation for employees and/or positions, according to the set assurance level.

  • The possibility to authorise a third party to conduct e-business on behalf of the company.

  • Registration of all authorised representatives and employees.

  • Digital interaction with the public sector 24/7 is more efficient and less time-consuming than the analogical alternative.

Benefits on a European scale:



  • The delivery of cross-border services and the stimulation of mobility for citizens and businesses once eRecognition becomes interoperable with other national e-Identity solutions.

  • eRecognition will offer a significant contribution to the implementation of cross-border electronic services within Europe, as initiated by the Services Directive.
Factsheet - General information about eRecognition153.9 kb
Factsheet - eRecognition for government organisations220.8 kb
Factsheet - eRecognition for businesses141.6 kb