Prof. Dr. Reinhard Posch, CIO for the Austrian Federal Government, Republic of Austria
April 17, 2012 15:00
KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Prof. Dr. Reinhard Posch, CIO for the Austrian Federal Government, Republic of Austria
April 17, 2012 15:00
Prof. Dr. Reinhard Posch, CIO for the Austrian Federal Government, Republic of Austria
April 17, 2012 15:00
Our next keynote presenter, who would please come up to the platform who is professor Dr. Reinhardt push, who is the chief information officer of the Austrian federal government first posh. Good afternoon. Let me talk you to you a little bit on the challenges, the digital agenda and the cloud computing will bring us. And I will only talk about the challenges with regard to E I D with lots of other challenges like on legal challenges, contractual challenges, data protection, challenges, et cetera, etcetera.
So let, let me focus on this one specific item and before I'm doing so I'm going a little back on what we did in Europe and I'm stressing the word Europe because cloud computing is and will become also a challenge in terms of countries and economies. That based on small and medium enterprises, versus those who are more directed towards global players and countries like Germany, Austria, and others in Europe are based on small and medium enterprises.
And that is going to be, or will, will be a big question on how we handle that now, concerning E I D we had have a lot of experience in Europe in the stalk project, for example, where we experience the common framework cross border, where we focused on existing technology member states for communication and identification towards government services have in place and getting those infrastructures interoperable interoperable in a technological way, which is not easy, but feasible interoperable from a legal point of view, which is already a very complicated issue, but also interoperable in terms of products and applications.
And what stalk focuses on is a series of pilots that should show that you can have this interoperability in reality. And that has been done along with some pilots that try to represent the overall landscape online authentication of services like portals.
That's what we think first about, you know, that's obvious, but we also tried to, to, to, to is to investigate in other areas like in minus safer chat, like in the area, which is going from administration from government to business a little bit, which is the student mobility, where you have this in one member state, you have it as a government driven institution or university. And in the other, you have it in more private sector oriented driven institution. And the interoperability on that level is interesting as well.
The fourth one was E delivery, which is extremely interesting and extremely complicated because at, as it is right now, delivery of official documents is based on bilateral, not on union law exchange of address is a very common thing, but the most important thing to my view is the last one, the eco, the European commission access service. Why is it that so important? Because every transaction with the European commission is transporter. There is no nationality of the European commission as such. So you have to, and therefore this is most probably the pilot.
We have learned a lot and most from now, where do we stand? Where do we want to go? We still are in an area where we are very application oriented when it comes to E I D each application. And that was also an outcome of this pilot projects. It's very project and out and application oriented. It's very national.
Just think about countries that have laws, which do not even allow to use E I D cross border it's for, for example, in, in, in the Netherlands, the identity is as of now not yet allowed to be used cross border talking about a European E I D interoperability becomes complicate from, from these issues as the liability, as the legal framework is not thinking about services that are outside the member state, and it's not easy to, to make a regulation. Therefore the commission has in the digital agenda.
And I will briefly talk on that focused on this item and will put legal regulations in place that allow for this. Also, we have to think about things like the act, and I will come back to that a little later.
Now we, with the cloud, we have a certain set of constraints already pointed to some of the constraints, like the legal constraints, like the data protection constraints, like constraints that you are not able to encrypt in the cloud because you cannot encrypt against the cloud provider easily. That's very interesting, even academic task, which still has to be fulfilled. And we have the challenge of the buy your own device, or bring your own device, which has been addressed this afternoon already.
Now, having this background, we want to have E I D that goes cross private individuals, business, and governments, or going all these sectors because these sectors are when you look into the various member states and into, into services, somewhat not clearly separated. On the other hand, we need interoperability. We need regulation to some extent, so that you have legal certainty and to enable legal certainty, nearly some type of liability to generate seamless general purpose, ubiquitous and privacy aware identity.
Now, what does it mean in terms of cloud cloud? To some extent, exchanges, reality, tangible reality, by some services that are somewhere out by doing this, it exchanges things that you can touch by contract. You need trust, but you don't need trust.
In, in, in the pure sense, you need much more trustworthiness and that's much more complicated trust. You can generate by advertisement. You can convince someone that he should trust you and he will trust, or probably will trust you. We have seen that in history, but trustworthiness is a totally it's something which is reality.
You can, something is either trans trustworthy, or its not trustworthy will not be changed by any, by any awareness, by any advertisement, et cetera, cetera. And that that will be, and that is the, the big issue with the cloud. Nobody knows what really is.
So it's, it's a little fuzzy. The challenges now are in the cloud per se, but they're also in the environment in the environment that tablets in the environment of new technology, which is there, which will come up, which will not allow for conventional technology like card readers on a PCM, a card, you know, PCM a is something which is just now fading out integrated card readers in devices. Will we have that in five or 10 years? I don't know.
The, in this environment, the European commission has put this digital gender where it's addressing a lot of services from ePRO procurement, from e-services cetera, et cetera. But the baseline of all of this is trust in security. And in this area of trust in security, the commissioner Cruz has one initiative, which we have closely to follow. This is this initiative to have a regulation on E ID and the signature and the proposal by the commission will be out sometime around June or end of may. And it will not be a, a, a directive anymore.
So the signature directive will in a few years be outdated. It will be a regulation, which means that we have a law which applies in a more or less identical way in all the member states, which is an experience out of the past. We have implementation of signature of E I D et cetera. It's very different in member states. And that is hopefully going to, to be enhanced and therefore enabling cross border services. What do we expect from that regulation? We expect a increasingly homogeneous approach, which is the regulation rather than directive. We do expect also the focusing on yet essentials.
It's, it's not necessarily that we have every detail regulated, but the basics have to be common. And there it's, this will be the, the big task to have it simple so that it can be implemented. If it's very complicated, no one will take up and we have to harvest from the, the benefit from the experience, the experience, which is in the pilots, which is in the past, like in the stalk project, there we have value experiences cannot be identically.
They can onboard, but there's a lot of good points in there which can then be as a generic approach, come into the implementation of such future regulation, because what is the goal? The goal is that we get take up.
The, the main problem is we have approaches on E I D in all in many member states. But the take up in all member states is very low. Why is it low? Because it's so siloed. You can use it there, but you can not use it one mile next to that. And we need something which is quick in terms of easy to implement. Otherwise the small companies will not do that. And the small medium companies that is the majority in many member states. And we have to enable that. Now what I will do for the rest of the, this talk of this presentation today is I will try to give you an idea.
What's the difference between E I D and the signature in terms of transaction. And I will give you two examples.
One, which is an E I D example, and another one, which is an e-signature example. No, no problem. The difference between these two is basically E I D is before you start the transaction, you identify, then you are in the transaction and e-signature you do all your transaction more or less anonymous. And after that, you say that was me and I sign it. So it's the same technology.
And I, I, I will just, now I don't have a cursing in here. And for time's sake, I will just not play the, the video. It's no problem. This is one example, which is the system. I will come back to that later on, we use in all our ministries to avoid paper, we are not allowed to use paper in our S we only use electronic documents. And the electronic document system is this fiber soft software. And it's using a electronic identities. The second example is using a simple set of tools to enable electronic signature and to enable applications, simple application.
What, what I use here is Google documents. What I use an I icon, I use a logo. And what I then do is I write a simple script, a script, which is embedded in, into an XML.
And I, I did that this morning, did that in, in reality this morning on the airport. And what comes out is an app which goes on, on any mobile device and probably the technology could put to the button so that this is now playing okay.
What, what you see here? It, it just calls the app. It adds it to the home screen, so that it looks like a normal app.
And it, what does it rates talks on this conference? So you could go to the website and you could use this app if you had the E I D and it says, which speaker are you rating? Now it's a fake speaker. What talk are you rating? It's not a talk, which is given today. So I'm not judging in the morning before the talk is going on. And I'm obviously rating every talk today is excellent. Anything else is not viable before you start to do that.
And what happens now, this is rendered to a document on, on the mobile, and it shows the, into the seamless integration of electronic signature HDML five and mobile devices. Now, the electronic signature is issued by entering the phone number. It's a server based signature with a qualified signature, with a qualified signature device in the background. And by receiving an SMS at this point in time, the document is signed. It's then transferred back to the user. And at the same time, it's also entered into a database and then can be as a summary retrieved.
So it just shows you, we need to have a Lego type security. Anyone has to be able to use it instantly.
Now, as I said, in our, all our ministries, we are using a documentary system and a workflow system, which is based on identification. And this identification you see here on the left hand side, and the bottom is available for a series of mechanisms like the German personnel advice, the Austrian identity system, and it's will also be, or is already available to some others like the Swiss, the Portugal and Spanish. And now you see the a, which is spanning from this product via stalk to cross border and European E I D.
Now it's, it's really doing various different approaches where the German personnel device is a totally different technology based on NFC, where the Austrian is based on, on mobile phones and centralized HSM security service. But what is in common, it's evaluated security, techno technology is based on the same regulation. I will finish in two seconds or in 10 seconds.
And what, what happens after that? It can be used on mobile device, it's device independent, but still, we have to think about the boundary conditions for which are data protection, which is things like the Patriot act, but I'm not going into detail on that because I get the second sign that I have to stop. And I have to say, thank you. Thank you very much. Thank you Much, sir. Thank.