Proving identity across borders

People who come to work in the EU from America or Asia may find they have to rebuild their credit records before they can buy a car or a house. EU citizens generally have an easier time when moving between Member States, but accessing social security, employment and health services across borders is still cumbersome and error-prone. Rising concern about crime linked to identity theft makes reliable data exchange even more important.

To improve this situation, the GUIDE project was set up to create uniform systems of identity management to support e-government services across Europe. Its aim is not to store information about people, or to authorise access to e-services. Instead, GUIDE paves the way for trusted “identity providers” in different Member States to supply reliable information on the identities of individuals and businesses to those who rely on it, such as government departments offering important services.

GUIDE began at the end of 2003 and was originally planned to run for 18 months, though it was later extended until July 2007. The project currently has 16 members drawn from large companies, SMEs and universities across the EU.

Different Member States have different rules about privacy and electronic record-keeping, but there is enough consistency to stop this from being a serious problem for data exchange, says GUIDE coordinator Marc Greaves. There are also well-proven computing techniques for exchanging information securely, such as the SSL technology used for transactions on the web.

So what is the difficulty? Greaves explains that there are two basic issues to solve. The first is to persuade governments to trust one another with their citizens’ data, and to make sure that these citizens have given permission for their data to be used across borders. The second is about technology: techniques that work for on-line shopping are not always appropriate for data exchange between huge government databases.

Independence and standards
On the topic of trust, Greaves believes that GUIDE’s independence has allowed it to generate interest, gain co-operation and propose standards in ways that would not have been possible between individual governments. “We’re State independent, technology independent and vendor independent,” he says, “and that has helped us get things done.”

On the technical side, the GUIDE partners have used and further developed existing security standards to meet the needs of e-government. Independent bodies, such as OASIS and the Liberty Alliance, have created their own ‘open’ standards. Basic concepts like public key cryptography have supported the creation of computer tools, such as the Security Assertion Markup Language (SAML). “GUIDE has taken the OASIS and Liberty standards and developed practical ways to use them for e-government data,” Greaves says.

Identity management was originally done individually, system by system, with all the attendant problems of duplication and data integrity. It then evolved into a federated model where different organisations and systems use and rely on each other’s identity data. GUIDE has taken this one step further, to create a pan-organisation, pan-EU “federation of federations”.

The GUIDE partners have tested their new techniques in two field trials, both chosen because they represent genuine problems and involve businesses as well as individuals. The first concerned form E101, used to record the social security details of people who are working temporarily in another country. This trial, which took place in the Netherlands, Belgium and Estonia, was a great success, Greaves says. It was followed by a second trial, this time on cross-border e-procurement in Germany, Spain and Finland, the results of which will be announced in mid-2007.

“GUIDE is not an end in itself,” says Greaves. “Instead, it’s an enabler for the e-government applications that will deliver the real benefits. For instance, the EU is committed to making all public procurement available electronically, and we are helping to make that possible. GUIDE has delivered what it was supposed to do, and it will help us all to become true European citizens.”