Identifiers Policy

[everis-rpam]

Please use this thread to discuss and propose possible solutions to the Identifier Policy. For example: it is important to know the scheme on which the identifier is based.

[michal-o]

Speaking about identification, eIDAS should be the starting point. Notified schemes must contain unique id of the natural/legal person, usually it is related to some scheme covering all natural/legal persons in the given country. It could be therefore relatively easy to use the eIDAS uid together with the reference to the notified scheme. The catch might be in case of countries, which don't allow for use of "raw" identifier in question. Instead, they use transformation functions which create specific ids for each sector or - specifically in cross-border scenarios - for each relying country. In such case, identifiers of the Mandator/Mandatee would be different in their "home" country than in the service provider country.

[everis-rpam]

@michal-o:

1. Can you please provide references where we can study the eIDAS policy about natural person identifier scheme, agencies, etc.?
2. Does eIDAS deal with legal person identifiers? I would have said that it does not...

Tks.

[michal-o]

1. The eIDAS Regulation, implementation acts/technical standards set general rules. About the identifier they say it must be unique and has to be "as persistent as possible", interpretation of which is yet going to cause practical problems. Each notified scheme contains information about the identifier, best reference point is perhaps here . Under each country you will find the official documentation.

2. eIDAS allows for electronic authentication of legal persons. Actually, The Netherlands recently pre-notified eHerkenning system for legal persons under eIDAS provisions. For me that implies also use of respective legal person identifier. The documentation is perhaps not public in this phase, but I guess that Dutch colleagues will be ready to answer your questions. This notification can be interesting for you to look at anyway, because it directly leads to the question how should the mandate of the actual natural person "at the other end of the wire" be understood in relationship to the legal person it represents in cross-border scenarios. AFAIU, in eHerkenning there is a possibility to define it precisely, but it uses Dutch services as a reference.

[rollikai]

What ever identification scheme is used , the user identifiers used in e-services (like in emandate service) should be end user friendly . The id should be easy to remember and if necessary, easy to be handled manually. For examble, if representation right is requested from the mandator the mandatee should be able to enter the id. Or if the eService needs to map the id in its own registries to allow electronic transactions.

[IvarVennekens]

As eIDAS UID eHerkenning will provide:

• for the legal entity: the national legal entity identifier (as issued by the business register).
• for the natural person representing the legal entity: a persistent pseudonym (for privacy reasons NL never uses the national citizens number in case of legal entity representation. Not within NL and not cross border). The legal entity UID can be used to 'query' more info on the legal entity. The natural person UID can't be used this way because of the pseudonimisation. Information on a natural person's powers will be provided by eHerkenning as part of the eIDAS authentication flow. And not afterwards.

For validation of powers eHerkenning will initially configure 'proxy services' in the eHerkenning service catalogue, e.g. "apply for German public services". The natural person must have a valid mandate on this proxy service in order to succesfully authenticate 'on behalf of ' at a German public service provider.