Europe has a well developed digital identity infrastructure across several countries, however there has been lack of standards for identity proofing. The European Telecommunications Standards Institute’s (ETSI) has now established a Taskforce to address this. Signicat’s expert Jon Ølnes, has been appointed as a member of the Taskforce and explains what is coming next.
The European Telecommunications Standards Institute’s (ETSI) Technical Committee on Electronic Signatures and Infrastructures (ESI) is the leading standardisation body for digital signatures and trust services in the world. Signicat is an active participant in ETSI/ESI, meaning we do not only follow the standards, but also contribute to writing them.
One of the identified gaps in existing standards for digital signatures and trust services is the topic of identity proofing. How does one verify the identity of an end-user? To address this, ETSI has established a Specialist Task Force (STF), which is a group of specially appointed experts that are assigned the responsibility of rapidly progressing the work on the European standards in identity proofing, which is the process of initial verification of a person’s identity. The STF work is funded by the EU Commission and started April 2020. The group consists of six experts, among them Signicat’s representative in ETSI/ESI, Jon Ølnes. Jon has been appointed the prestigious role as editor of the standard that will be produced, namely ETSI TS 119 461 Electronic Signatures and Infrastructures (ESI); Policy and security requirements for trust service components providing identity proofing of trust service subjects which is to be published July 2021.
The title of the latter standards reflects the fact that identity proofing may be provided as a separate component, just like Signicat does today, carrying out this function for the overall service that is offered to the identified person, e.g. by Signicats’ customer.
The rationale for the work is explained by a quote from the terms of reference for the STF: “The current European standards published by ETSI on trust services specify identity proofing only by generic requirements like ‘physical presence’ or ‘means which provide equivalent assurance as physical presence’. Physical presence as a benchmark is not well-defined as no requirements are posed neither for the quality of physical identity documents nor for the competence or procedures to be carried out by the person performing the check. What constitutes equivalent assurance as physical presence is up to subjective judgement. Consequently, practices for identity proofing for trust services vary a lot across the EU Member States, hampering provision of trust services in the internal market. In particular, guidelines for remote identity proofing are needed to avoid cumbersome and expensive physical presence procedures when possible.
Formally, the scope of the STF work is limited to identity proofing for trust services, notably for issuing (qualified) certificates. But identity proofing is relevant for many other application areas, like issuing of electronic identity schemes (eIDs) and Know Your Customer (KYC) in various service areas but in particular for financial services. It is observed, and explicitly stated by ETSI, that the specification to be developed on identity proofing has the potential to have a much wider applicability than the defined scope, being useful also for eIDs and KYC purposes.
Product Manager at Signicat
May 08 2020