Last update: 11/2004
top
What is IDA(BC) Authentication Policy?
Objectives
What does the IDA(BC) Authentication Policy Document contain?
Achievements
Who benefits?
The role of IDABC
Technical information
Documentation
What is IDA(BC) Authentication Policy
Authentication is about the establishment and verification of identity for security purposes, a feature that has become essential to any secure information exchange process. In keeping with the IDA(BC) mission to facilitate the electronic exchange of information, IDA(BC) has gathered in an Authentication Policy Document a series of recommendations and guiding principles for the establishment of appropriate authentication mechanisms for the participants (member state administrations and EU institutions) in IDA(BC) sectoral networks.
Top of page
Objectives
The IDA(BC) Authentication Policy Document aims at providing an instrument that helps managers of IDA(BC) sectoral networks and horizontal security-related projects to assess and establish appropriate authentication mechanisms for their projects. The experience and insight gained through this activity provides also input to the IDABC PKI related projects.
Top of page
What does the IDA(BC) Authentication Policy Document contain?
The IDA(BC) Authentication document describes a methodology to develop a customized authentication policy which suggests the use of the following steps:
- Step 1: Conduct a rapid risk assessment of the sectoral application or network.
- Step 2: Map Identified risks to the applicable Authentication Assurance level.
- Step 3: Select procedures and technology.
- Step 4: Sign a Mutual Recognition Agreement.
- Step 5: Validate that the implemented system has achieved the required assurance level.
- Step 6: Periodically reassess the system to determine technology refresh requirements.
It also includes suggestions for the distribution of responsibilities for the registration and electronic authentication phases of the authentication process of a given sectoral project between the Commission, the relevant member state administration and, when applicable, a third party.
The Document foresees a Certificate Practise Statement that describes different policies for the four levels of assurance defined –Minimal, Low, Substantial and High. These policies relate to both, registration and electronic authentication phases, as well as to the choice of token type and authentication protocol for each level of assurance.
In order to facilitate the application of the suggested methodology and in particular of the above mentioned steps, the IDA(BC) Authentication Policy Document provides in an Annex, an Authentication Policy Framework that contains a number of important elements, such as how to define and select the appropriate assurance levels - and the available procedures and technologies for achieving the registration and electronic authentication per level, including token types (hard crypto token, soft crypto token, one-time password, PIN) and authentication protocols (private key, symmetric key, tunnelled password).
Top of page
Achievements
The guiding principles for the authentication policy were defined in 2003 and the basic IDA(BC) Authentication Policy Document was completed in July 2004.
Top of page
Who benefits?
All users of the sectoral networks and IDA(BC) projects with authentication requirements, in particular those related to the PKI-based solutions.
Top of page
The role of IDABC
IDA(BC) Authentication Policy is one of the security actions developed and funded by the IDA(BC) Programme.
Top of page
Technical information
|
Project Start Date
|
2003
|
|
Project Completion Date
|
2004
|
|
IDA Budget
|
2003 € 27,490
|
|
Responsible Service
|
DG Enterprise - IDABC Unit
|
|
Project Coordinator
|
Gzim Ocakoglu
|
|
Contact
|
idabc@ec.europa.eu
|
Top of page
Documentation on Authentication Policy
Back to:
Other Horizontal Actions and Measures
|
Print
