everis-rpam / RPaM-Ontology

Representation Powers and Mandates Core Vocabulary
5 stars 1 forks source link

Identifiers Policy #4

Open everis-rpam opened 5 years ago

everis-rpam commented 5 years ago

Please use this thread to discuss and propose possible solutions to the Identifier Policy. For example: it is important to know the scheme on which the identifier is based.

michal-o commented 5 years ago

Speaking about identification, eIDAS should be the starting point. Notified schemes must contain unique id of the natural/legal person, usually it is related to some scheme covering all natural/legal persons in the given country. It could be therefore relatively easy to use the eIDAS uid together with the reference to the notified scheme. The catch might be in case of countries, which don't allow for use of "raw" identifier in question. Instead, they use transformation functions which create specific ids for each sector or - specifically in cross-border scenarios - for each relying country. In such case, identifiers of the Mandator/Mandatee would be different in their "home" country than in the service provider country.

everis-rpam commented 5 years ago

@michal-o:

  1. Can you please provide references where we can study the eIDAS policy about natural person identifier scheme, agencies, etc.?
  2. Does eIDAS deal with legal person identifiers? I would have said that it does not...

Tks.

michal-o commented 5 years ago
  1. The eIDAS Regulation, implementation acts/technical standards set general rules. About the identifier they say it must be unique and has to be "as persistent as possible", interpretation of which is yet going to cause practical problems. Each notified scheme contains information about the identifier, best reference point is perhaps here . Under each country you will find the official documentation.

  2. eIDAS allows for electronic authentication of legal persons. Actually, The Netherlands recently pre-notified eHerkenning system for legal persons under eIDAS provisions. For me that implies also use of respective legal person identifier. The documentation is perhaps not public in this phase, but I guess that Dutch colleagues will be ready to answer your questions. This notification can be interesting for you to look at anyway, because it directly leads to the question how should the mandate of the actual natural person "at the other end of the wire" be understood in relationship to the legal person it represents in cross-border scenarios. AFAIU, in eHerkenning there is a possibility to define it precisely, but it uses Dutch services as a reference.

rollikai commented 5 years ago

What ever identification scheme is used , the user identifiers used in e-services (like in emandate service) should be end user friendly . The id should be easy to remember and if necessary, easy to be handled manually. For examble, if representation right is requested from the mandator the mandatee should be able to enter the id. Or if the eService needs to map the id in its own registries to allow electronic transactions.

IvarVennekens commented 5 years ago

As eIDAS UID eHerkenning will provide:

For validation of powers eHerkenning will initially configure 'proxy services' in the eHerkenning service catalogue, e.g. "apply for German public services". The natural person must have a valid mandate on this proxy service in order to succesfully authenticate 'on behalf of ' at a German public service provider.