SSEDIC (Scoping the Single European Digital Identity Community) is an ICT PSP funded Thematic Network launched in December 2010 for a 3 years assignment. The SSEDIC network represents 35 partners and more than 30 associated partners who joined the network in the first project year.
The objective of SSEDIC is to provide a neutral platform for all the stakeholders of eID (electronic identity) to work together and collaborate to prepare the agenda for a proposed Single European Digital Identity Community as envisaged by the Digital Agenda (DAE) in its Key Action 16.
The Thematic Network raises the game by bridging between the current developments and pilot activities and a structured and focussed course into the future. In the first year SSEDIC started out examining what will be the useful bricks to build this bridge. As such, the first year of SSEDIC operation has been one of laying foundations and gaining an understanding of the inter-sectorial use of eID. SSEDIC adopted the strategy to build a large panel of experts and reached an important result in collecting the responses of more than 200 people representing various stakeholder sectors to the 2011 SSEDIC expert survey. Creating the survey was also an important step towards establishing a common language for people coming from different backgrounds (legal, technological, governmental, or business).
In the second and third year SSEDIC will concentrate on assembling the bricks to build the bridge in form of a roadmap towards a "Seamless Digital Community" and examine what other important bricks will be needed and useful to achieve this goal. SSEDIC will continue gaining an even better understanding of what will be required to manage eID from the identification action to the management of identities on the internet. On important tool will be short and targeted experts surveys.
SSEDIC has aligned itself along three streams (Work Packages): Stakeholders; Technology; Governance and Business Models.
As planned, a number of Stakeholders have been engaged by specialist partners, eg SWIFT for finance, and ATOS for transportation, and work is on-going in these and other sectors to broaden their awareness, and our understanding on the impact of a "Seamless Digital Community". Stakeholder participation is further being encouraged by the SSEDIC Survey and Expert Panel: Starting with a base of over one thousand eID experts, on-line surveys have started probing the personal views and actions of those who really understand the issues. The first base-lining survey has demonstrated important and surprising results.
The technology landscape is beginning to coalesce into a 3rd Generation eID infrastructure with a number of national solutions already along a path that converges with the goals of SSEDIC. A strategy of identifying the bigger picture across Europe and determining those components needed to achieve that has commenced with publishing of this larger federated architecture. The following two years will built on these results, draw on the work from other point components such as the successful and on-going STORK Large Scale Pilot, and also projects like "Trust In Digital Life", as well as new FP7 calls for Federated and Trustworthy Infrastructures.
3rd Generation eID infrastructure is aimed at being inclusive and its architecture is formed to be able to accommodate the non-standard future identity models, which are evolving slowly. To ensure that compatibility a "Visionary" work stream has been formed with well-known eID leaders looking to far future optimal models.
Resilience, continuity and sustainability of the "Seamless Digital Community" is a major concern and will be investigated in years two and three. Part of this activity that has already started is the addressing of the need for digital education for younger generations without which social sustainability and Trust of eIDs will be difficult. This is a significant finding which will need to be addressed in the very near future.
Understanding the business and commercial models, monetisation of eID and the necessary supporting global standards and governance is a very important part of the work of SSEDIC. SSEDIC has investigated the legal and legislative issues of eID and its partners are developing plans for sound governance models at the national, EU -wide and the international level. In year two and three SSEDIC will explore the mutual interplay of electronic identity management technologies and governance frameworks with the eIdM requirements of entire (i.e. not only parts of) business and administrative processes. This will be the basis to empowering eIDs to grow beyond low value and simple transactions into activities that span all levels of commerce and interactions.
Currently many solutions are too complicated with regard to the actual business and administrative processes. To give just one example: each issuer of smartcards used for digital signature provides its own software package to manage the digital signature process, resulting in technological bottleneck preventing convenient and widespread use. Global software standards for eIdM related technologies will be required to avoid such problem in the future.
Both private and public sector governance and how a Seamless Digital Europe will interact with other global powers such as the USA and Asia are all essential to the future success of Europe. These issues have been directly addressed with strong contacts with both the US Government through the National Institute of Standards and Technology (NIST) and its NSTIC initiative.
The network will establish a series of stakeholder groups in sectors contributing to the EIP. Each of the groups will consider, through further consultations the political, economic, social, technical, legal and environmental aspects of a single European digital community. The 35 SSEDIC partners are only the start of this thematic network. It is intended to build a community of high level European and international experts in the coming 3 years together with Associated Partners and other interested stakeholders.
Each stakeholder work programme will consist of brainstorming workshops, strategy papers and joint meetings with more general sector organisations to gain a fuller understanding of the requirements and prerequisite actions for delivery of the vision in that sector. Hard data will be built to consider the impact and opportunities of the single European digital community in the short, medium and long term.
Additionally an overarching and integrated view of the accumulated results and inputs from the various stakeholder sectors will be taken in order to build an overview and impact assessment of a single European digital community on the overall European Community and also on individual EU Member States.
Stakeholders sector consultation
To assist management of the consultation across a large number of stakeholders sectors, the sectors will be formed into 6 groupings:
The network encourages parties interested in the project to apply for membership as an Associate Partner and to affiliate at least one expert to the network. This is a great opportunity to get involved in this exciting consultation and to contribute with expert knowledge to its success.
After the first year of activity the interim conclusions of the consultations of the Network consultations were as follows:
What concerns the Stakeholders consultation Work Package:
The objectives of this Work Package were to find out the "WHAT" of this Thematic Network consultation exercise, what are the needs and opportunities for the different stakeholders (industrial and societal sectors), more precisely:
WP3 interim Conclusion: 1 - Diversity of Perception of eID
One of the main conclusions inventorying the work done during the first year of stakeholder consultations is the different sense of awareness about Single Digital Identity in the different stakeholder groups.
WP3 interim Conclusion: 2 - Need for Orchestration of Efforts
Another important conclusion to make after one year of SSEDIC stakeholder consultations is: there is quite some competition in the area of eID related framework projects.
What concerns the Technical Infrastructure Management Work Package:
It has become clear over the first 12 months of SSEDIC that all the technical components for a Single Digital Identity Community are available now, or just require a small number of releases to become useable within any ecosystem.
However vital issues which will influence how these final questions are dealt with are yet to be solved:
WP4 Conclusion: 1 - Consequences of a Single Digital Community
How would a digital identity ecosystem withstand catastrophic failure due to failure of critical nodes through hardware, software or communication faults? The result of a major failure to a digital identity oriented economy has yet to be quantified. The impact on GNP, either at Member State level or at EU-wide level will inevitably be major. This resilience may not only be technical but also one of data integrity.
WP4 Conclusion 2 - Standards and Certification
As a Single Digital Identity Community relies on TRUST, it is essential that there is mutual recognition of the level of quality and certainty of each and every component in the system, whether hardware, software or data. Additionally interfaces must be predictable across all components regardless of owner or geography. Without these factors being determined, technical solutions cannot be decided upon and the architecture cannot be finalised.
WP4 Conclusion 3 - Digital Education
Continuous education in the schools is needed to ensure that the maximum number of citizens are educated to a satisfactory standard in the use of digital credentials. It is essential to transform current young people from "Digital Natives" akin to Mowgli (Rudyard Kipling, The Jungle Book 1894) , where social digital skills are learnt in the street, to "Digital Citizens" who have formally learnt best practice and digital ethics in the classroom.
WP4 Conclusion 4 - Coordination of Efforts within EU
Hindrance to general progress is the large number of parallel programs, all funded by the EC which are attempting to develop a similar architecture. Additional overview and coordination of these programs is essential. WP4 participants are active in many of these programs and even stronger attempts to bring a common awareness across all the programs are needed and will be carried out within WP4
What concerns the Business modelling and regulation Work Package:
During the first year of work in WP 5 it became evident that the main challenges towards establishing a SINGLE EUROPEAN DIGITAL IDENTITY COMMUNITY are not primarily of a technological nature but lie in creating a viable legal and governance framework at the national, European and international level.
WP5 Interim Conclusion 1
An EU wide governance framework for eID must be in place for a single European digital identity community. The global scale of the World Wide Web and the global reach of digital identities require a close integration between the European efforts and other national and international initiatives like the US NSTIC program.
WP5 Interim Conclusion 2
A governance framework for eID must take the needs of the end user and the private sector appropriately into account. It is not sufficient to solve the digital identity problem for e-government applications alone. It will be essential to pay close attention to underlying legal frameworks, administrative processes and organizational structures and procedures.
WP5 Interim Conclusion 3
Successful business models for eID must combine high usability with creating a high level of trust. This requires both simple and very transparent procedures to evaluate and exchange credentials of different types and with the potential to certify a large variety of attributes. Neutral standards must be in place to support the design of business processes involving eID and increase usability without introducing technological bottlenecks.
Besides the SSEDIC website (www.eid-ssedic.eu), SSEDIC installed a online SSEDIC eID expert community and an online discussion group http://ssedic.syncsphere.com (on invitation) and was present via high level spreaker at a series of conferences and events:
SSEDIC partners have presented the SSEDIC project at numerous international events and other occasions. What follows is not an exhaustive list of events:
Press releases have been issued as follows:
These have resulted in the following press activity; for examples please see Appendix 1 the first URL is typical of the coverage: IT Director, Government Technology, Security Document World, ProSecurity Zone, IdentityNext.nl, Marinade Ltd, ITB Secuity, The Payers.com, ITB Computing, TMCnet, IT Analysis, HighBeam.com, IT Director, Financial Times....
This field will be completed by the submitter when the lessons learnt have been identified and understood.