STORK (Secure idenTity acrOss boRders linKed) establishes a European eID Interoperability Platform that enables citizens to securely use their national electronic identities in any Member State for public eGovernment services with full respect to data protection and privacy. It includes 17 EU Member States and Associated Countries, with a total of 32 consortium partners. The consortium is a mix of public and private sector organisations. STORK infrastructure and pilots constitute a new development for interoperability in the field of digital identity. STORK pilots include "Cross-border Authentication Platform for Electronic Services" pilot, "Safer Chat" pilot, "Student Mobility" pilot, "Electronic Delivery" pilot, "Change of Address" pilot and "ECAS Integration" pilot. These operational pilots are a viable solution providing real services to citizens. STORK builds on already existing electronic services bringing them to a new level by allowing their use across borders by foreign users. It opens new ways that citizens and business individuals can conduct eGovernment services in a secure, privacy-respecting and trustworthy way. Via its six pilots, STORK offers several cross-border eGovernment identity services.
So, STORK project:
- develops common rules and specifications to assist mutual recognition of eIDs across national borders;
- tests, in real life environments, secure and easy-to-use eID solutions for citizens and businesses;
- interacts with other EU initiatives in order to maximize the usefulness of eID services.
Policy Context
The policy framework most relevant to STORK is "i2010, the European Commission's Strategic Framework" that lays out broad policy guidelines for the information society and the media in the years leading up to 2010. The European Directive on Electronic Signatures (1999/93/EC) is also important in determining the future of e-ID cards and therefore directly relevant to STORK. This is the principle directive behind the mutual recognition of qualified certificates and legitimisation of electronic signatures and is primarily focused on ensuring that electronic signatures carry the same legitimacy as hand-written signatures, as opposed to defining the electronic signature's legal status and/or use. STORK has a high relevance to the European Data Protection Directive 95/46, the European Directive on Privacy and Electronic Communications 2002/58/EC. In this framework, STORK will contribute to defining the role, responsibility and compliance of national registries and back-end database systems that participate in Pan-EU services and are also subject to privacy and data protection legislation. Directive 2004/18/EC on the coordination of procedures for the awarding of public works contracts, public supply contracts and public service contracts is also relevant. Implementing eGovernment services has been high on the political agenda since the launch of the European Commission's i2010 initiative for Growth and Jobs (2005). The Manchester Ministerial Declaration (2005) and the i2010 eGovernment Action Plan agreed by the Council in June 2006 both list related political objectives.
Description of target users and groups
STORK results are of value and interest to the following stakeholder groups: selected European Commission directorates, services and projects; public administrations of EU Member, Associated and Candidate States at the national, regional and local levels; European industry including large, medium, and small companies and associations in the ICT sector that manufacture, supply and consult on infrastructure and end-user related products for eID; academia, researchers, scientists, media, civil society and citizens.
Engagement of the consortium with the various focus groups is built into the project and stakeholders are actively encouraged to access STORK materials, participate in workshops and discussions and contribute their feedback. Information is shared with them through dedicated workspaces on the STORK project portal and via workshops held at strategic points throughout the project duration.
Description of the way to implement the initiative
STORK contributes in accelerating the deployment of eID for public services, while ensuring coordination between national and EC initiatives in the field of eGovernment services, and supporting federated eID management schemes across Europe. Moreover, STORK tests, in real-life environments, secure and easy-to-use eID solutions for citizens and businesses, in particular SMEs and government employees at relevant levels (local, regional, cross-national). STORK established the basic building blocks of the infrastructure ensuring eID interoperability at European level, including common code for an architecture and interoperability platform. These building blocks, being an innovative interoperable solution for eIDs, pave the way towards full integration across the EU of eServices while taking into account specifications and infrastructures currently existing in various European countries.
STORK developed common specifications that - on top of the national eID infrastructures - establish a pan-European eID interoperability framework. Open source common modules have been implemented that follow these common specifications. The common specifications are based on SAML 2.0 as a widely used open standard for electronic authentication. However, adaptation to the STORK needs have been made as well as additions, such as data definitions for attributes. STORK key scientific/ technological developments and results will help ongoing work in the eID area and promote further development for areas such as interoperability and adoption of cross border services.
STORK includes a mix of partners from Member States, private sector and civil society. As with other Large Scale Pilots (LSPs), STORK is divided into a number of interrelated work packages on specific implementation areas. Project Management and Dissemination & Sustainability Work packages are linked throughout the project to all the other work packages. Due to the significance of STORK findings to a wide range of stakeholders, the consortium has instituted channels to inform the public and stakeholders on progress, as well as to receive input towards aligning strategies. STORK offers the opportunity to non-partner European states, industry and other LSPs to contribute and take advantage of project results through information sharing channels including targeted and open workshops, focus groups and dissemination initiatives. This approach contributes to scalability of STORK results and creates a basis for future take-up above and beyond the current partnership.
Technology solution
The main challenge for STORK to overcome was to integrate (heterogeneous) eID solutions in the Member States into a common interoperability framework without interfering with the existing infrastructure. This had to respect the administrative culture and choices of Member States as diverse as to issuing eID on national, regional, or local level; technological choices such as smartcards, mobile ID, or username passwords; or centralised authentication providers vs. distributed approaches.
The project basically implements and tests interoperable platforms for eID that exchange identity data based on SAML 2.0 OASIS specification. Each MS deploys one or several of these platforms. The basic principle behind these platforms is to respect whatever national eID infrastructure is in place in each MS. The platforms will combine a centralised and a distributed approach when it comes to deploy and install interoperable eID platforms in each MS. Sticking to the principle of providing a common framework, we refer to its deployment options as "PEPS" (for Pan-European Proxy Service) for a centralised implementation  and "MW" (for middleware) as a distributed approach. These implementation options reflect choices of Member States whether to delegate authentication decisions to centralised components or whether to keep those under service providers' responsibility. For instance, the PROXY approach or the PEPS model consists of one (or several) server(s) acting as a proxy and point of trust for Service Providers in one country. They are responsible for the routing to other countries, for authentication (maybe through an identity provider), for data transformation, for control, and for bilateral trust management with other countries.
Technology choice: Standards-based technology, Mainly (or only) open standards, Accessibility-compliant (minimum WAI AA), Open source softwareMain results, benefits and impacts
STORK is currently under implementation which means that it is too early to extract final results, but it has been a major technological achievement to have 17 Member States working together and agreeing on a set of common specifications and allowing for the interoperability of eID solutions across Europe. Moreover, the implementation of this project reveals that differences of heterogeneous organisational, cultural, legislative and technological systems can be solved in a user-friendly and secure way. The only real requirement is the strong will of all governments to achieve this goal. The project is currently at the implementation phase and the level of satisfaction of real users will be one of the main criteria for evaluation of the success and sustainability of the STORK solution. Among the various benefits that STORK offers, the STORK solution allows access through the Internet and by this way the full integration of different applications can be achieved, thereby providing end-users with a one-stop-shop model of services for their needs. The solution is intended to be robust, transparent, safe to use and is implemented in such a way that aims to provide sustainable infrastructure and pilots beyond the timeline of the project. The STORK decentralised architectural design can ensure that the selected solution is scalable for possible take-up throughout the EU and sustainable in long term.
The technological innovativeness is one of the main qualitative impacts of STORK. The STORK eID interoperability platform deploys cross-border process flows which are in effect an entirely new way for citizens to interact and register in foreign eGOV portals with additional guarantees and convenience thanks to the use of their eID.
Furthermore, STORK is a "green solution". Given that by reducing both administrative barriers and administrative costs and by effectively streamlining complex cross-border eGovernment process flows, STORK helps to achieve sustainable growth for the participating Member States and the EU economy as a whole. By achieving efficient electronic interoperability between public administrations of Member States of the EU, it will be possible to remove many physical procedures and excessive administrative burden, thus saving significant amounts of natural and economic resources. So, it seems that STORK is a catalyst, a multiplying factor for eGovernment services that can be offered to citizens of the EU regardless of their origin.
Track record of sharing
In view of the importance placed on the scalability and sustainability of STORK results, considerations as to how to fully engage the relevant and varied stakeholders into the project have been applied from its launch. Various mechanisms have been put in place to engage with the relevant stakeholder groups including dedicated workspaces on the project's portal for the sharing of information and deliverables, as well as targeted workshops throughout the project for more direct dialogue with the stakeholders. Dissemination of the project's news and results are also shared through various EC and community portals, through participation at major conferences, publication of academic papers, and finally through the press and media. A principal aim of the project is, at the end of the project, to make all its technical solutions accessible to all by means of open source software.
In detail, Member States can remain fully abreast of EU and STORK developments and contributions towards creating a functional infrastructural model for eID interoperability between a sufficiently large number of different technological solutions and countries. As STORK builds on existing identity management solutions in the Member States, STORK provides the opportunity to Member States to use the project's collaborative forums to influence developments, provide feedback, and make proposals with respect to their own policy and other requirements in order to ensure functional and procedural compatibility of their own identity management solutions, as well as to identify and remedy any weaknesses in such. Member States are also able to improve the interoperability of applications that already exist or that are planned at national level with the STORK infrastructural model and standards, and thus make a significant step towards achieving cross-border interoperability in Europe.
With regard to industry/private sector, and in the policy framework outlined previously, the ability of STORK to contribute to the development of European industry in the eID field by giving companies a competitive edge through the sharing and provision of STORK outputs is obvious, and an important component in the sustainability of STORK solutions. The recommendations of STORK will have a significant bearing on the private sector's investments in building eID systems, solutions and services. Private sector companies have the opportunity to influence developments, provide feedback and make proposals with respect to their own technology and other requirements in order to ensure functional and procedural compatibility of their own identity management solutions. They have the opportunity to share knowledge and experience and exchange good practice, which will allow them to identify and remedy any weaknesses in their own eID offerings. Finally, private companies may find it beneficial to see an integration of STORK's output with private sector applications as well, such as allowing the resulting infrastructure to be used for eCommerce purposes.
Lessons learnt
STORK is currently under implementation and although it is early to extract final lessons and conclusions, there is sound evidence proving that it is a major achievement to have 17 Member States working together and agreeing on a set of common specifications allowing for the interoperability of eID solutions across Europe. Moreover, a significant conclusion that can already been drawn based on experience to date is that, in spite of the large number of heterogeneous organisational, cultural, legislative and technological systems existing in all Member States, a technical interoperability scenario has been built which generally works. STORK established the basic building blocks of the infrastructure ensuring eID interoperability at European level, including a common code for an architecture and interoperability platform. These building blocks are an innovative interoperable technical solution for eIDs and paves the way towards full integration across the EU of eServices, while taking into account specifications and infrastructures currently existing in various European countries. Furthermore, STORK is creating huge interest among industries, businesses and the private sector in general. By the end of the project, the Member States involved in the pilots, having made the final pilot results available, along with a viable support organisation, will secure sustainable business principles of a European eco-system of eID solutions and service providers (SPs) sharing the same STORK-enabled interoperability functionalities. STORK shall thus boost the uptake and creation of investments by European companies in eID interoperability.
Scope: Cross-border, Pan-European