On September 29, 2018, the Swedish public sector will have to be compliant with all EU regulation eIDAS requirements. This includes accepting all EU-approved electronic identities in public e-services. “We have now adapted our authentication platform according to the specific Swedish eIDAS requirements – not all international suppliers will bother to do this,” says Stefan Runneberger, business developer at identity and security company Nexus Group.
Each EU state is creating one or more nodes to which anyone who wishes to authenticate to e-services in that country using a foreign EU-approved electronic identity will be directed.
Special adaptations needed for each EU state
“The authentication solution that an organization in the public sector uses needs to be adapted to be able to connect to that specific country’s node, and since all EU countries design their nodes differently, the authentication solution will have to be customized for each country,” says Runneberger.
Such customization requires a lot of work, and it is therefore unlikely that all providers will adapt their authentication solutions so that they can connect to all the nodes in the EU.
Solutions without eIDAS support must be replaced
“I’m guessing that suppliers will start with their largest markets, just as we did. This is of course bad news for many Swedish organizations, as it may mean that their US authentication solution will not meet the Swedish eIDAS requirements and, therefore, will have to be replaced. But luckily there is at least one authentication solution that meets the Swedish requirements now,” says Runneberger.
Nexus’s authentication solution Nexus Hybrid Access Gateway can be used for all public organization authentication needs, and it supports a wide variety of authentication methods.
Supporting federation and single sign-on
“Citizens can log in to the municipality’s e-services with any nation-wide electronic identity, such as Swedish BankID, and employees can log in to internal resources using authenticators such as a professional ID card or a professional ID in a mobile phone app,” says Runneberger.
Hybrid Access Gateway also supports identity federation and single sign-on (SSO), which means users only need to log in once to reach all exposed resources.