France is developing a holistic identification and authentication system, called France Connect, which will allow citizens, businesses and civil servants to access all online public services in France. The system is intended to provide a unique mechanism of trust and Identity federation for all of France’s administrative services. France Connect symbolises the first component of a global governmental project whose goal is to build the government’s IT system as a platform (l’Etat Plateforme).
- eIDAS (Electronic Identification and Trust Service): The European Law adopted on 23 July 2013 provides a regulatory environment for electronic identification and trust services. eIDAS compatibility and compliance ensures that businesses and citizens can use their own IDs to access public services in every European country that supports eIDAS. It promotes interoperability of public services across Europe. France will support eIDAS through France Connect. Levels of identity provided by France Connect are aligned with those of eIDAS law (“low”, “substantial”, “strong”), making France compliant with European identification law.
- In December 2012 CIMAP (the Comité interministériel pour la modernisation de l’action publique) asked French Ministries to collected information on citizens’ needs with a view to simplifying administrative procedures.
- In November 2013, a French law (2013–1005) empowered the government to simplify its relationships with citizens. The “Faire-Simple” project is an example of an implementation of this law.
- A decree published in August 2014 mentioned that “a unique state information system is made up of all the infrastructures and services that allow the collection, processing, transfer and storage of digital data that contribute to the state’s mission”. By promoting a unique system, the state’s IT systems can be made more interoperable, which in turn will help to consolidate the whole IT ecosystem of the French state. The goals are to reduce IT costs while offering a simplified experience to French citizens who use online services from government agencies.
Description of target users and groups
France Connect provides a global system of identity federation for government online services. Today, French citizens who use online services require a personal account (ID and password) for each service. France Connect federates all these separate online identities and makes them secure. The project started in 2014, and the first experimental applications appeared in 2015. In January 2015, the development kit of France Connect was published.
A three-player scheme
On the supplier side France Connect has three classes of stakeholder:
- ID Provider: a website that allows France Connect to identify and authenticate users. Examples are the Ministry of Economics, Finance and Industry (DGFiP) and the Post Office (La Poste).
- Service Provider: a website that uses France Connect services to authenticate its users. An example would be a website through which a city administration provides services to the public.
- Data Provider: an organisation that provides information and data to a Service Provider and uses France Connect to secure the exchange of data.
France Connect Technical Mechanism
France Connect is basically a web service whose goal is to provide a global environment of trust based on single sign-on (SSO) principles, but which will also promote the exchange and transmission of data between administrations. Basically, France Connect will act as a trusted third party between administrations who support the protocol. The system connects users and administrations through ID providers.
With France Connect, a user will be able to authenticate using one of their existing administrative accounts, for example with the DGFiP, La Poste or Ameli (social services). All the ID providers aligned with France Connect will be listed. The user can choose one of these and will be automatically authenticated. France Connect can be seen as an ID federation mechanism and is not intended to centralise data, according to the Direction interministérielle du numérique et du système d’information et de communication (DINSIC). Technically, information is collected by the ID provider and forwarded to France Connect, which then creates a “Pivot ID” (identité pivot). France Connect sends this Pivot ID to each Service Provider as required to identify the user.
But this SSO concept is just the first step for France Connect. The second step will be to provide a trusted environment in which data can be exchanged securely between administrations. Administrations who have signed up to France Connect (the Data Providers) will be able to transmit all the information needed for a particular administrative procedure, without sending unnecessary data. The user can accept or reject the data exchange. France Connect will act as a trusted intermediary, validating the user’s ID before any data is exchanged. France Connect provides a unique key to each Service Provider, who then have the approval to ask other administrations for any data they need.
France Connect is based on the OpenID Standard (based on OAuth 2.0), which defines identity through basic information. The standard gathers data including first and family names; date, place and country of birth; and gender. Companies require additional information, including an email address and a company registration number (Siret). All this information will determine the Pivot ID that is exchanged between administrations to allow them to identify individuals and companies.
Deployment and roadmap
France Connect is still at the experimental stage, DINSIC says, with large-scale deployment scheduled to start in 2016.
Three current ID Providers are:
- The DGFiP was the first ID Provider for France Connect.
- On October 21 La Poste became the second ID Provider.
- In 2016, Ameli.fr (representing social services) will become the third option.
Some administrations have already deployed France Connect:
- Nîmes was the first city and Alpes-Maritime (06) the first French département to join France Connect.
- The cities of Paris, Lyon and Marseille are collaborating to develop new digital services on France Connect.
- Haute-Alpes (05) is another département that plans to implement France Connect.
- APIs and web services can promote interoperability between IT systems. France Connect is a concrete result of this approach.
- Based on the concept of data exchange, local administrations can develop new digital services using broader sets of information – provided by France Connect – than those to which they currently have access. This will help to build more contextualised and customised services for citizens and companies. For instance, DINSIC has said that some French cities are considering using data exchange to develop a new billing method for car parking. They would collect the customer’s address from DGFiP, the car number from another state agency, and other data from the social services. Pricing could then be adapted to the social situation of the user.
- France Connect must be accessible by everyone, DINSIC has said. Other sectors that might join the system include:
- private companies : a bank could use France Connect to help its clients get the data needed to secure a loan, for instance, since French banks require a fiscal reference. This would require a new ID Provider, according to DISINC.
- Lawyers and other suitably regulated companies who constantly need to collect personal documents.
- Students and universities. DINSIC has said that France’s RENATER (Réseau National de télécommunications pour la Technologie l'Enseignement et la Recherche) network could become an ID Provider for France Connect. This would be useful because students are not registered to pay taxes, so they cannot be identified using DGFiP data.