Pilot for automated maintenance of trust information

A service concept for secure and efficient exchange of security keys between national eIDAS nodes has been successfully demonstrated by a NOBID project.

One of the hardest problems to overcome when setting up a network of trusted services is how to bootstrap trust anchor keys. The eIDAS interoperability network is an environment where exchange of such keys is both problematic, time consuming, and challenging.

  • National nodes of more than 30 countries need to exchange trust anchors bilaterally. This results in well over 1000 individual instances of key exchange.
  • It’s hard for each member state to maintain knowledge about authorized representatives from each participating member state and to keep track of when people retire, change roles or have their authorization revoked.
  • Lack of key rollover procedures and capabilities in deployed software products cause service disruptions each time a member state eIDAS node changes its keys.

NOBID Metadata Pilot Project

The NOBID metadata project has developed and tested out a CEF import module for versions of the EU Commission node software in use in the Nordic-Baltic countries. Once installed, the import module allows the national eIDAS node to fetch trusted metadata from other countries in an automated manner.

The pilot project demonstrated and tested with the node solutions of three countries: Estonia, Finland, and Sweden. In addition, three “fictious countries” were set up with versions of the CEF nodes not covered by these countries. All tests were successful, demonstrating automated import of trust anchor keys for all participating country nodes after bootstrapping trust with the NOBID metadata service.

Recommendations

  • All eIDAS country nodes should implement solutions to export of trusted keys using the Metadata Service List (MDSL) format or using the PKI model as specified in the eIDAS technical specifications.
  • The EU commission should initiate a metadata service for the eIDAS interoperability network.

Reference information

  • Title: NOBID Metadata Project. Lessons learned
  • Author: Stefan Santesson
  • Publication year: 2020
  • Availability. Public. Reproduction is allowed provided that soured Is acknowledged.

Disclaimer

The views expressed in the report are those of the author. They do not necessary reflect the views of the NOBID project nor those of the Norwegian digitalisation agency on the subject