Since last summer, the Agency for Digitisation together with the public sector parties involved have worked to establish the next generation of national infrastructure for e-identity and public digital signature, which will take over from the current NemID solution. An important first step is to identify and analyse the many different user requirements, technical and safety requirements, interfaces to other systems, etc.
The Agency for Digitisation and the public sector parties have prepared a detailed report clarifying how the future NemID solution should be. The report is an important element in the decision-making process and it is supplemented by several other studies, including an analysis of business needs.
New business needs of the next generation NemID
The report sets out a number of elements that reflect new business needs, presented in three different scenarios for a future solution, as well as the basic functionality that the future solution must contain. One example is that a future solution should provide authentication and signing functionality and must continue to support the current high degree of usage among individuals and businesses.
The building blocks that are part of the scenarios are based on the business needs identified among stakeholders, e.g. users, experts, potential suppliers, and on analysis of solutions in other countries. To a large degree, the elements can be moved between the scenarios, which makes it possible to combine the building blocks in various ways.
Meets the same needs as the current NemID with minor improvements, such as more comprehensible language. In this version, the existing functionality and architecture is largely continued.
Meets the same needs as today, along with additional functionality to meet more of the needs that various stakeholders and user groups have pointed out. This model involves a separation of eID and eSignature, which means that users will have the option of one-factor login, for exampl, to log in to services with less sensitive personal information. This will provide an easier-to-use and more flexible solution. It also includes an improvement of NemID for business use, making it easier to use ‘NemID Private’ in a business context and improving userfriendliness of management solutions for businesses and governments.
Contains an element that allows for more privacy by enabling users to hide their identity or elements of their sensitive personal information. This could be when using a gaming service where only verification of the user’s age, but not identity, is necessary. There is also an element that allows for multiple login factors, such as SMS codes or biometric solutions (e.g. use of fingerprints) once the technology is mature, and an increased opportunity for support.
Input from users
The elements and the various user groups’ needs and wants have been discussed with a wide range of external parties, among other things at two workshops in January with representatives of various user groups and industry, government, scientists, IT experts etc.
Additionally, external reviews were conducted in January and February, Danish and international research groups submitting comments on the preliminary work.
Technical dialogue was conducted in the autumn of 2014 and in March this year, in which various stakeholders, potential partners, and potential suppliers were involved and consulted.
Architecture and migration
The report also examines a number of other issues, including: a new architecture model to provide a looser coupling between service provider and identity guarantor which is to make the solution more flexible.
It also analyses various models of migration to explore how to ensure a good transition to the new technical solution for the many citizens and employees who are currently using NemID.