R4eGOV e-ID USER GROUP MEETING 26 April 2007 The Crossroads Bank for Social Security succeeding on interoperability within the social sector R4eGOV e-ID.

The Crossroads Bank for Social Securitysucceeding on interoperability

within the social sector

R4eGOV e-ID USER GROUP MEETINGR4eGOV e-ID USER GROUP MEETING26 April 200726 April 2007

CBSS

Frank RobbenGeneral managerCrossroads Bank for Social SecuritySint-Pieterssteenweg 375B-1040 BrusselsBelgiumE-mail: [email protected]: http://www.law.kuleuven.ac.be/icri/frobben

Crossroads Bank for Social Security

mailto:[email protected]



http://www.law.kuleuven.ac.be/icri/frobben

2Crossroads Bank for Social Security 26/04/2007

CBSS

Actors in the Belgian social sector about 2,000 public and private institutions at several levels (federal,

regional, local) dealing with- collection of social security contributions

- delivery of social security benefits• child benefits• unemployment benefits• benefits in case of incapacity for work• re-imbursement of health care costs• holiday pay• old age pensions• guaranteed minimum income

- delivery of supplementary social benefits

- delivery of supplementary benefits based on the social security status of a person


CBSS

The problem a lack of well coordinated service delivery processes and a lack of

well coordinated information management lead to- a huge avoidable administrative burden and related costs for

• the citizens• their employers• the actors in the social sector

- service delivery that doesn't meet the expectations of the citizens and their employers

- suboptimal effectiveness of the social protection

- higher possibilities of fraud

- suboptimal support of the social policy


CBSS

The solution a network between all 2,000 social sector actors with a secure

connection to the internet, the federal MAN, regional extranets, extranets between local authorities, and the Belgian interbanking network

a unique identification key- for every citizen, electronically readable from an electronic social

security card and an electronic identity card

- for every company 190 electronic services for mutual information exchange amongst

actors in the social sector, defined after process optimization- nearly all direct or indirect (via citizens or companies) paper-based

information exchange between actors in the social sector has been abolished

- in 2006 511 million electronic messages were exchanged amongst actors in the social sector, which saved as many paper exchanges


CBSS

The solution 40 electronic services for employers, either based on the electronic

exchange of structured messages between applications or via an integrated portal site- 50 social security declaration forms have been abolished

- in the remaining 30 declaration forms the number of headings has on average been reduced to a third of the previous number

- declarations are limited to 3 events• immediate declaration of recruitment and discharge (only electronically)• quarterly declaration of salary and working times (only electronically)• occurrence of a social risk (electronically or on paper)

- in 2006 17.9 million electronic declarations were made by all 220,000 employers, 98 % of which from application to application

- according to a study of the Belgian Planning Bureau, rationalization of the information exchange processes between the employers and the social sector implies an annual saving of administrative costs of more than 1.7 billion € a year for the companies


CBSS

The solution electronic services for citizens

- maximal automatic granting of services based on electronic information exchange between actors in the social sector

- 4 electronic services via an integrated portal• 2 services to apply for social benefits• 2 services for consultation of social benefits

- about 30 new electronic services are foreseen an integrated portal site containing

- electronic transactions for citizens and employers

- information about the entire social security system

- harmonized instructions and information model relating to all electronic transactions

- a personal page for each citizen and each company an integrated multimodal contact centre supported by a customer

relationship management tool


CBSS

CBSS as a service integrator board of directors consists of representatives of the several actors

in the social sector and of government representatives mission

- definition of the vision on eGovernment in the social sector

- definition of common principles (see annex) related to• information modeling• unique collection and re-use of information• management of information• electronic exchange of information• protection of information

- policy support

- coordination of business process re-engineering


CBSS

CBSS as a service integrator mission

- definition, implementation and management of an interoperability framework

• technical: secure messaging of several types of information: structured data, documents, images, metadata, …

• semantic: harmonization of concepts and coordination of the necessary adaptation of the law

• business logic and orchestration support• management of a reference directory for

– preventive control on the legitimacy of the information exchange– organization of the routing of information– automatic communication of changes of information


CBSS

Reference directory directory of available services/information

- which information/services are available at any actor depending on the capacity in which a person/company is registered at every actor

directory of authorisation policies- list of users and applications

- definition of authentication means and rules

- definition of authorization policies• which kind of information/service can be accessed, in what situation and for

what period of time depending on in which capacity the person/company is registered with the actor that accesses the information/service

directory of data subjects- which persons/companies have personal files in which actors for which

periods of time, and in which capacity they are registered subscription table

- which users/applications want to automatically receive what services in what situations for which persons/companies in which capacity


CBSS

CBSS as a service integrator mission

- stimulation of service oriented applications• modular• can be integrated• re-usable• loosely coupled• technology neutral• based on open standards


CBSS

Towards a network of service integrators

InternetInternet

Extranetregion or

commmunity

Extranetregion or

commmunity

FEDMANFEDMAN

Servicesrepository

FPS

FPS

FPS

ASS

ASS

Servicesrepository

Extranetsocialsector

ASS

RPS

RPS

Servicesrepository

VPN, Publi-link, VERA,

…

VPN, Publi-link, VERA,

…

City Province

Municipality

Servicesrepository

Serviceintegrator(FEDICT)

Serviceintegrator(CBSS)

Serviceintegrator(Corve,

Easi-Wal, …)


CBSS

Service Oriented Architecture

Basic servicesBasic services

ApplicationsApplications

DataData

PresentationPresentation

Business Business servicesservices


CBSS

Multifunctional basic services

user & access mgt

trans-for-

mation

ticke-ting

routingdeci-sion rules

orches-tration

statemachine

logging


CBSS

User and access management identification of physical and legal persons

- unique social identification number for physical persons

- unique company number for companies authentication of the identity of physical persons

- electronic identity card

- user id – password – token management and verification of characteristics (e.g. a capacity, a

function, a professional qualification) of persons management and verification of mandates between a legal or

physical person to whom an electronic transaction relates and the person carrying out that transaction

management and verification of authorizations


CBSS

Electronic identity card


CBSS

Citizen token


CBSS

Policy Enforcement Model

UserPolicy

Enforcement(PEP)

Application

Policy Decision(PDP)

Action on

application Decisionrequest

Decisionreply

Actionon

applicationPERMITTED

Policy Information (PIP)

Informationrequest/

reply

Policy Administration ( PAP)

Policyretrieval

Authentic source

Policy Information (PIP)

Informationrequest/

reply

Policyrepository

Actionon

applicationDENIED

Manager

Policymanagement

Authentic source


CBSS

Policy Enforcement Model Policy Enforcement Point (PEP)

- intercepts the request for authorisation with all available information about the user, the action being requested, the resources and the environment

- passes on the request for authorisation to the Policy Decision Point (PDP) and extracts a decision regarding authorisation

- grants access to the application and provides relevant credentials Policy Decision Point (PDP)

- based on the request for authorisation received, retrieves the appropriate authorisation policy from the Policy Administration Point(s) (PAP)

- evaluates the policy and, if necessary, retrieves the relevant information from the Policy Information Point(s) (PIP)

- takes the authorisation decision (permit/deny/not applicable) and sends it to the PEP


CBSS

Policy Enforcement Model Policy Administration Point (PAP)

- environment to store and manage authorisation policies by authorised person(s) appointed by the application managers

- puts authorisation policies at the disposal of the PDP Policy Information Point (PIP)

- puts information at the disposal of the PDP in order to evaluate authorisation policies (authentic sources with characteristics, mandates, etc.)


CBSS

Overall architecture

APPLICATIONS

AuthorisationAuthen-tication PEP

Role Mapper

USER

PAP‘’Kephas’’

RoleMapper

DB

PDPRole

Provider

PIPAttributeProvider

RoleProvider

DB

UMAF


DBXYZ

WebAppXYZ

APPLICATIONS

AuthorisationAuthen -tication PEP

Role Mapper

USER

WebAppXYZ



RoleMapper

DB

PDPRole

Provider

RoleProvider

DB

BeheerGAB


DBXYZ


DBGerechts-deurwaar-

ders


DBMandaten

Be-Health

APPLICATIONS

AuthorisationAuthen -tication PEP

Role Mapper

USER


RoleMapper

DB

PDPRole

Provider


RoleProvider

DB

RIZIV


DBXYZ

WebAppXYZ

BeheerGAB


DBMandaten

Social sector(CBSS)

Non-social FPS(Fedict)

BeheerGAB

DBXYZ


CBSS

Use in the Belgian social sector

all end-user services are divided into categories based on the required level of security- all services can be used with the eID as a means of electronic

identification and authentication of identity

- some services can also be used (temporarily) on the basis of a user-id, password and, where appropriate, a citizen token or a public servant token

electronic signatures can be put with the eID

the policy enforcement model is being implemented for the authentication of characteristics and mandates and for authorisation management


CBSS

Electronic SIS-card and electronic identity card gradual replacement of the functions of the electronic social

security card (SIS card) once the following conditions have been fulfilled- function of electronic identification: overall availability of the electronic

identity card (eID)

- function of proof of the insurability in the health care sector• secure on line access by the health care providers to the insurability

information available at the sickness funds• electronic identification and authentication of the identity, characteristics

and mandates of the health care providers

preservation of the SIS card or a similar solution for persons who do not possess an eID (persons not residing in Belgium, children under the age of 12, …)

availability of readers that can read both the SIS-card and the eID


CBSS

Advantages gains in efficiency

- in terms of cost: services are delivered at a lower total cost due to• a unique information collection using a common information model and

administrative instructions• a lesser need to re-encoding of information by stimulating electronic

information exchange• a drastic reduction of the number of contacts between actors in the social

sector on the one hand and citizens or companies on the other• functional task sharing concerning information management, information

validation and application development• a minimal administrative burden

- in terms of quantity: more services are delivered• services are available at any time, from anywhere and from several devices• services are delivered in an integrated way according to the logic of the

customer


CBSS

Advantages gains in efficiency

- in terms of speed: the services are delivered in less time• benefits can be allocated quicker because information is available faster• waiting and travel time is reduced• citizens and companies can directly interact with the competent actors in

the social sector with real time feedback

gains in effectiveness: better social protection- in terms of quality: same services at same total cost in same time, but

to a higher quality standard

- in terms of type of services: new types of services, e.g.• push system: automated granting of benefits• active search of non-take-up using datawarehousing techniques• controlled management of own personal information• personalized simulation environments

better support of social policy more efficient combating of fraud


CBSS

United Nations Public Service Award


CBSS

European framework Treaty of Rome: free movement of persons => need for co-

ordination between social security schemes of the Member States

Co-ordination Regulations 1408/71 (to be replaced by Co-ordination Regulation 883/04) and 574/72:

4 basic principles:- only one applicable national legislation per period

- equal treatment: no discrimination based on nationality

- aggregation of insurance, employment and residence periods

- exportability of rights co-ordination regulations imply a lot of information exchange

between social security institutions of different Member States


CBSS

European framework current situation

- 78 types of information exchange processes related to have been defined by the Administrative Commission on Social Security for Migrant Workers

- a lot of information is still exchanged on paper forms (E-forms)- exchange of paper forms appears cumbersome, complicated and expensive,

which may deter possible migrant workers- Co-ordination Regulation 883/04 to come into force: the quality level of services

provided by a social security institution to an insured person may not decrease because this person (e.g. migrant or frontier worker, tourist, student, pensioner, ...) made use of his right to move within the EU => provision of systematic electronic information exchange

TESS = TElematics for Social Security- working party managed by Technical Commission on Data Processing- set up to develop telematic services for the implementation of the European

Union provisions on social security huge need for electronic identification and authentication of citizens and

companies of all EU-Member States, and for electronic verification of certain characteristics and mandates


CBSS

Some use cases individual residing in EU-Member State A is temporarily employed

(posted) in EU-Member State B- a lot of EU-Member States provide an obligation to declare the

temporary occupation of foreigners on their territory (see below, LIMOSA)

- in case the employee wants to remain socially insured in the EU-Member State of residence

• the employer or his representative has to ask for authorization from the competent social security institution of Member State A

• the competent social security institution of EU-Member State A (electronically) sends an E101-form to the competent social security institution of EU-Member State B

=> need for (interrelated) identification of the employer, his representative and the employee in both EU-Member States, need for authentication of the characteristic "employer" and need for authentication of the mandate of the representative


CBSS

Some use cases individual residing in EU-Member State A works, studies or looks

for work in EU-Member State B => exportation of rights to and constitution of rights in EU-Member State B => need for (interrelated) identification of the individual in both EU-Member States

individual residing in EU-Member State A simultaneously works in various other EU-Member States => need for (interrelated) identification of the individual in all EU-Member States

individual residing in EU-Member State A needs health care in member State B (form E111, (e)EHIC) => need for (interrelated) identification of the individual in both EU-Member States

individual that has been working in various EU-Member States is retiring and gets old age pensions based on his occupation within the various EU-Member States => need for aggregation of periods => need for (interrelated) identification of the individual in all EU-Member States


CBSS

Some use cases individual residing in EU-Member State A has to exchange (in an

electronic way) data with public authorities in EU-Member State B => need for (interrelated) identification of the individual in both EU-Member States

employer or his representative residing in EU-Member State A has to exchange (in an electronic way) data about his employees with public authorities in EU-Member State B => need for (interrelated) identification in both EU-Member States of the employer, his representative and the employees, need for authentication of the characteristic of "employer" and need for authentication of the mandate of the representative


CBSS

Some metrics exchanged E-forms with Belgium (2005)

- proof of health care insurance ((e)HCIC replacing E111): more than 700.000 issued

- invoices exchanged for reason of healthcare reimbursement (forms E125, E127): 490.000 for a total amount of approximately 285.000.000 €

- posting (E101): 250.000

- information of constitution of old age pension rights in another EU-Member State (E501, E502, E551): 160.000

- insurance history, career survey requests and pension claims: (E202, E205, E207, E210): 60.000

- family allowances sector (E401, E402, E403, E411): 60.000

- unemployment benefits sector (E301, E303): 5.000 extrapolation

- Belgium: > 1.700.000 exchanges a year

- EU: > 80.000.000 exchanges a year


CBSS

Case: the LIMOSA-project

Monitoring foreign activities on Belgian territory and Monitoring foreign activities on Belgian territory and lessening the administrative burdenlessening the administrative burden


CBSS

Objectives mandatory declaration for foreign employees, self-employed

persons and trainees when coming to Belgium collecting all relevant information in one central database coordination of electronic information flows between Belgian

competent institutions one stop shop: lessening the administrative burden for foreign

employers and self-employed persons statistical information about cross-border employment on Belgian

territory consultation tool for social inspection services


CBSS

Results guarantee for legal employment in

Belgium getting a view on the impact of the

activities of foreign employees, self-employed persons and trainees on the Belgian economy

respecting the European basic right of free movement of services

estimated number of declarations on annual basis = 200,000

meaning administrative simplification

The Netherlands

France

Poland

Germany

Belgium

Lux

Portugal

India = 1.4%

Czech Rep. = 1.3%

Japan = 1.3%

Nederland

Frankrijk

Polen

Duitsland

België

Luxemburg

Portugal

India

Tsjechische Rep.

Japan

40 %

14 %

14 %

7 %


CBSS

Project in different stages international portal site and mandatory declaration (01/04/2007)

- portal site in order to enhance a quick and user friendly declaration tool for foreign employers and self-employed persons

• access to application• information on other obligations (labour law, taxes, ...)

- a specific user and access management ‘light’ has been created central database (01/07/2007)

- comprehensive database with data of foreign activities on Belgian territory

one stop shop (target: 01/11/2007)- all requests (residence permit, work permit, posting documents,

assignments, professional cards,...) and declarations from other countries

- automatic triggering and dispatching to competent institutions

- by means of the user management system, one can easily follow the status of the processing of his requests


CBSS


CBSS


CBSS


CBSS


CBSS


CBSS


CBSS


CBSS

Towards a pan-European social service ? Decision 2004/387/EC of the European Parliament and of the

Council of 21 April 2004 on the interoperable delivery of pan-European eGovernment services to public administrations, businesses and citizens (IDABC)- “The European Council, meeting in Brussels in March 2003, drew

attention to the importance of connecting Europe and so strengthening the internal market and underlined that electronic communications are a powerful engine for growth, competitiveness and jobs in the European Union and that action should be taken to consolidate this strength and to contribute to the achievement of the Lisbon goals. To this end, the development and establishment of pan-European eGovernment Services and the underlying telematic networks should be supported and promoted.”

- “This Decision establishes, for the period 2005-2009, a Programme for Interoperable Delivery of pan-European eGovernment Services to (…) European Businesses and Citizens.”


CBSS

Towards a pan-European social service ?

a standardised, pan-European declaration system across all EU-Member States is beneficial for- employers and self-employed persons

• unique, multifunctional declaration system across EU-Member States• available 24/7 and everywhere• available in the own language of the user• re-use of national basic services (e.g. portal environment, user- and access

management, …)

- the EU and the EU-Member States• higher degree of satisfaction of the employers and the self-employed

persons• higher degree of notoriety of the system across the EU => higher guarantee

of use and avoiding of unnecessary foreign information campaigns• electronic availability of all relevant information


CBSS

Towards a pan-European social service ?

service oriented architecture of LIMOSA permits an evolution towards a pan-European social service- modular, layered architecture

• presentation layer (multiple portal environments)• application layer (processes)• basic services layer (user and access management, return of receipt, …)• information layer (databases)

- entirely based on open standards

- components can be easily integrated in other environments

possibility to valorise the Belgian know how related to eGovernment in the social sector and electronic identity, user and access management


CBSS

Towards a pan-European social service ? excellent possibility to use the solution for cross-border electronic

identification of citizens and companies in execution of the Interministerial Statement of 24 November 2005 in Manchester

“By 2010 European citizens and business shall be able to benefit from secure means of electronic identification that maximise user convenience while respecting data protection regulations. Such means shall be made available under the responsibility of the Member States, but recognised across the EU.”

“Member States will, during 2006, agree a process and roadmap for achieving the electronic identity objectives and address the national and European legal barriers to the achievement of the electronic identity objectives; work in this area is essential for public administrations to deliver personalised electronic services with no ambiguity as to the user’s identity.”

“Member States will, over the period 2006-2010, work towards the mutual recognition of national electronic identities by testing, piloting and implementing suitable technologies and methods.”


CBSS

Proposal of concrete objectives internationally, authentication levels are established in relation to

identity, characteristics and mandates each country has registration procedures for establishing the

identity of individuals residing in their own country, according to the internationally established authentication levels

each country has registration procedures for establishing the identity of legal entities and actual associations that are established in their own country, according to the internationally established authentication levels

each country makes available to each individual, each legal entity and each actual association for whom/which the identity is established in accordance with the registration procedures, the means by which the concerned entity can produce and prove its identity (whether or not in a particular context) locally or remotely, verbally, visually and electronically on the territory of the country in question, without that entity’s identity being confused with the identity of another individual person, legal entity or actual association in that country


CBSS

Proposal of concrete objectives each country has registration procedures for establishing the type

of characteristics indicated by an internationally accredited body, according to the internationally established authentication levels

each country has registration procedures for establishing the mandate of an individual to represent a legal entity or actual association, and the other types of mandates that are indicated by an internationally accredited body, according to the internationally established authentication levels

each country has the necessary systems to produce and prove the characteristics and mandates of individuals, legal entities and actual associations that have been established according to the registration procedures (whether or not in a particular context), locally or remotely, verbally, visually and electronically on the territory of the country in question, either with the permission of the concerned entity or in accordance with a statutory or legal provision


CBSS

Proposal of concrete objectives under the coordination of the European Commission, the Member

States of the EU develop EU standards and specifications to ensure the semantic and technical interoperability of resources for producing and proving electronically the identity, characteristics and mandates through or in relation to individuals, legal entities and actual associations on the territory of other Member States

the described policy enforcement model could serve as a model for concrete implementation


CBSS

More information

personal websitehttp://www.law.kuleuven.ac.be/icri/frobben

Crossroads Bank for Social Securityhttp://www.ksz.fgov.be

social security portalhttps://www.socialsecurity.be

Federal Public Service for ICThttp://www.fedict.be



http://www.ksz.fgov.be/

http://www.ksz.fgov.be/

https://www.socialsecurity.be/

https://www.socialsecurity.be/

http://www.fedict.be/

http://www.fedict.be/

Th@nk you!


CBSS

Annex 1:basic principles regarding

information management andinformation protection


CBSS


CBSS

Information modelling

information is being modelled in such a way that the model fits in as closely as possible with the real world

information modelling takes as much account as possible of anticipated use of information

the information model can be flexibly extended or adapted when the real world or the use of the information changes


CBSS

Unique collection and re-use of information information is only collected for well-defined purposes and is

targeted to meet the requirements of these purposes all information is collected once, from as near to the authentic

source as possible information is collected according to the information model and

following uniform guidelines with the possibility of quality control by the supplier before the

transmission of the information the collected information is validated once according to established

task sharing criteria, by the institution that is most entitled to it or by the institution which has the greatest interest in correctly validating it

it is then shared and re-used by authorized users


CBSS

Management of information a task sharing model is established indicating which institution

stores which information as an authentic source, manages the information and maintains it at the disposal of the authorized users

information is stored according to the information model information can be flexibly assembled according to ever changing

legal concepts every institution has to report probable errors of information to the

institution that is designated to validate the information every institution that has to validate information according to the

agreed task sharing model, has to examine the reported probable errors, to correct them when necessary and to communicate the correct information to every known interested institution

information is only retained and managed as long as there exists a business need, a legislative or policy requirement, or, preferably anonimized or encoded, when it has historical or archival importance


CBSS

Electronic exchange of information once collected and validated, information is stored, managed and

exchanged electronically to avoid transcribing and re-entering it manually

electronic information exchange can be initiated by- the institution that disposes of information

- the institution that needs information

- the institution that manages the interoperability framework (CBSS as service integrator)

electronic information exchanges take place on the base of a functional and technical interoperability framework that evolves permanently but gradually according to open market standards, and is independent from the methods of information exchange

available information is used for- the automatic granting of benefits

- prefilling when collecting information

- information delivery to the interested parties


CBSS

Protection of information security, integrity and confidentiality of government information is

ensured by integrating ICT measures with structural, organizational, physical, personnel screening and other security measures according to agreed policies

personal information is only used for purposes compatible with the purposes of the collection of the information

personal information is only accessible to authorized institutions and users according to business needs, legislative or policy requirements

the access authorization to personal information is granted by an independent institution, designated by Parliament, after having checked whether the access conditions are met

the access authorizations are public


CBSS

Protection of information every actual electronic exchange of personal information is

preventively checked on compliance with the existing access authorizations by an independent institution managing the interoperability framework

every actual electronic exchange of personal information is logged, to be able to trace possible abuse afterwards

every time information is used to take a decision, the information used is communicated to the person concerned together with the decision

every person has right to access and correct his/her own personal data

R4eGOV e-ID USER GROUP MEETING 26 April 2007 The Crossroads Bank for Social Security succeeding on interoperability within the social sector R4eGOV e-ID.

Documents

social security slide

social sector actors

social risk

social security succeeding

social security status

social sector definition

belgian social sector

social policy slide