Authentication in a digital world - where are we? Featuring the Crossroads Bank for Social Security. Takeaways from the Beltug N-sight of 16 November 2017


A lot has changed in e-authentication, so this session offered an update to our previous session of December 2016. This time, we had a look at the Belgian government’s steps towards facilitating electronic authentication, with Frank Robben from Crossroads Bank for Social Security.  And we explored how the European eIDAS regulation for trust services for electronic transactions in the internal market, influences the issues. Plus, we gained insight on the status of the Belgian Mobile ID ‘itsme®’ initiative, while Doccle revealed its vision on the opportunities generated by the eIDAS regulation. Presentations from the event are available, exclusively for Beltug members (after login):


Frank Robben, General Manager at the Crossroads Bank for Social Security and the eHealth-platform, opened the session, pointing out that terms such as 'entities', 'authentication', 'mandates', 'authorisations’ are often used incorrectly in the context of digital authentication (slide 5-10). Terminology matters, he highlighted.


Critical success factors for digital authentication projects are

  • meeting user expectations (including single sign-on)
  • offering simplicity of use
  • taking advantage of technological evolution opportunities
  • complying with the European regulatory framework
  • enabling electronic user management for sufficient applications.


Frank argued strongly in favour of a common vision across institutions, and a hands-on approach to getting things done and making sure they work - limiting the judicial and administrative burdens.  He suggested a structured distribution of tasks (slide 15-16).


After an overview of the policy enforcement model (slide 17), Frank pointed out that this system makes it fairly easy to federate to other systems, such as a foreign social security system (e.g. to authorise a French doctor to access patient data for a Belgian citizen in a French hospital). To implement such an identity authentication, a range of security levels are defined, from very strong (eID in combination with PIN code on a wired card reader) to less strong (user ID and password), depending on user needs and applications.


Finally, Frank described how the eIDAS regulation influences the policies of authentication, and the framework of the Belgian law (slides 25-33).


Next, Kris De Ryck, CEO of the Belgian Mobile ID consortium, stated that a digital society needs a digital identity. In May 2017, the consortium launched the itsme® tool for identity authentication and log-in to government sites via mobile phone.  It combines the user's SIM card, phone and smartphone, to enable identity authentication.


Itsme® functionalities are intended to enable digital processes - logins, confirmations (of a payment, an order, etc.), signatures (of a contract, etc) and data sharing. 


Throughout it all, three features are key:

  • An easy customer experience.
  • Secure application and architecture.
  • Complete control by the user, and prevention of data being used for commercial purposes.


More and more users are turning to itsme®, and more application areas are to come (slide 14).


To finish out the event, Bram Lerouge, CEO of Doccle, described the Doccle platform for connecting with suppliers and with companies. The administrative burden for end-users is reduced, while APIs ensure suppliers can easily integrate the platform into their own websites. This enables the creation of a broad ecosystem with multiple stakeholders, to make digitisation easier. Results can include improved finances (e.g. invoices are paid in a timelier way) and a more valuable customer experience.


Bram then explained that eIDAS offers companies an opportunity to scale, and provides a competitive edge. The recent EU regulations - eIDAS, GDPR and PSD2 - have one overreaching goal: to give control back to the individual data owner. Simplicity will increasingly be the norm - even a commodity.  So it's important for companies to consider how much value they can create, and how can they optimally leverage data and technology. Bram concluded with emphasising that legislation is always about working in teams.













Dear visitor,

Access to more information about this topic and/or to download the paper is easy and fast, but exclusively for Beltug members (just login to get access).

Beltug gathers a lot of information. Here you find the advantages of Beltug membership

The Beltug Team

Click here to login

>>> Back to overview