EU scheme aims for ID card interoperability

E-business trade association Eema has revealed plans to make national identity card services in the European Union transferable across member states.

The initiative was unveiled at the Information Security Solutions Europe (ISSE) conference in Warsaw last week and christened Stork. It is intended to bring national governments together to tackle non-standardisation of electronic identity systems across EU countries, according to Eema’s executive director, Roger Dean. The deadline for this is 2010, when the EU’s European eID Management Framework comes into force.

“It’s a three-year project and the UK government is playing a significant part,” Dean said. “But each government has its own agenda. You have to show the benefits to government, citizens and businesses [to get buy-in].”

Supporters say a pan-European ID card agreement could provide help in migration between member states, and accessing social security services, medical prescriptions and pension payments. It could also ease cross-border student enrolment in colleges, as well as provide identification in lieu of a driving licence.

However, experts warned that there is a long way to go before the framework is assured of success. “The technology to achieve the goal of allowing electronic ID cards to work in multiple states is available but has never been commercialised on this scale before,” argued Dan Blum of analyst Burton Group.

Blum argued that commercial organisations should persevere with their identity-based projects despite the problems many encounter early on.

“The elephant in the road is trust and how you audit your partners,” Blum told delegates. “But the incentives are transactional revenue, new business opportunities and lower admin costs.”

Blum recommended firms think about the SAML 2.0 standard as the basis for projects because it has the most industry buy-in, but warned that interoperability issues may still arise. “We need to pressure the standards organisations and the vendor groups so there is no friction,” he added.

Also at ISSE, experts rejected the suggestion that vendors should be held legally liable for product faults, as recommended by a recent Lords report on internet security.

“Liability and legislation can have unintended consequences for innovation, competitiveness, product acceptance and the supplier ecosystem,” said Steve Lipner, Microsoft senior director of security engineering.