RegeID @ .ee
It was 2018 when we first met with the Czech registry to discuss the option of adding eIDAS to our public-facing web interfaces with the goal of strengthening the identification of our registrants and contacts. We are both very active in developing our businesses, so the question came up on how to find resources to make this happen. Luckily the EU also believes it to be beneficial to promote eIDAS usage and made support measures available via its Connecting Europe Facility (CEF) tool. The Czechs took the lead role and off we went.
Strong electronic identification has become more and more important, and a year later we found many more interested parties around us to invite along. 2020 was the year that went into history books marking the start of the RegeID project. The project involves the Estonian, Czech, Danish and Dutch registries, as well as CENTR, the Council of European National Top-Level Domain Registries and Signicat (then Connectis), a digital identity and signature solutions’ provider. This project is being funded by the European Commission, via the CEF.
Another year went by and December 2020 marked another important event in this historic year – .ee launched its new portal for registrants that now includes the eIDAS identification method, enabling registrants and contacts with no Estonian eID or Estonian e-residents’ eID to log in and get an overview of their .ee domains. They can also benefit from cool functionalities like registry lock, update their contact data or disclose their contacts in the public WHOIS, which is hidden by default.
Strong identification has always been our main means of fighting abuse in the .ee zone and it has proven to work amazingly well. But while it is quite easily achieved with Estonian registrants thanks to our well established eID infrastructure we have always had a hard time getting the same level of data quality with foreign registrations. In the past we have directly interfaced with Finnish, Latvian, Lithuanian and Belgian e-ID systems. eIDAS promised to offer much easier access to a broader list of government-backed eIDs. And it delivers – now people from 12 countries have access to our solutions.
So it does feel like a big step in the right direction, and the European Commission’s support through the CEF project is very much welcome to get traction to the eIDAS project, point out limitations as fast as possible and move the EU closer to electronic conduct.
Nevertheless, working on the project has indeed unveiled some issues. The first obstacle is that private companies do not have access to eIDAS, seemingly for budgeting and billing reasons as there is no agreement between governments yet on how to charge for the service. As such, it took quite some effort and persuasion for us, a private non-profit organisation, to be allowed to connect to our local eIDAS node.
We had the bright idea to create our own gateway service for electronic identification and authentication that would also include eIDAS, but for the same reason as above our request for relaying the access through our hosted service was turned down. So this is one big obstacle to making this option more widely available and usable. Hopefully by the second half of 2021 we might be able to connect our authentication service to eIDAS, but the access to authentication options over eIDAS will most probably be very limited.
Another issue that is more specific to the domain industry is that governments tend to generate new personal identifiers for their citizens and residents to be used in eIDAS. That is a big issue as people do not know that identifier. Most top-level domain registries use a registry-registrar model, meaning that registries do not have direct communication with domain registrants during domain registrations. Registrars will have to somehow find out the eIDAS identifier of a non-Estonian registrant to associate this with the registration data. And of course, as a private entity they have no option to use eIDAS at the moment, but even if they were to have this option available it will require a huge effort on our side to motivate them to add this option to their business model – huge from a small registry’s point of view. Of course together with the other registries supporting, the break-through might come faster. But until then registrants would have to log in to the .ee registrant portal find out their eIDAS identifier and go back to their registrar to change their identifier associated with the registration to get access to it in the portal.
Fun fact, until we add support for multiple identifiers, replacing their identity code with the eIDAS one will make it impossible to use any other means of authentication to access their data in the .ee registry.
That said, we are very strong supporters of the Estonian model where personal identity numbers are considered public information – the same identifier is available on all forms of identification documents, eIDs and also sent over the eIDAS infrastructure.
Even though the goal of the RegeID project has been achieved for .ee by launching the new and improved portal for registrants together with the eIDAS authentication option, we have not stopped. eIDAS is also now included in our world-famous domain auction system. It will be added to the portal for registrars as well. We also hope to be able to add eIDAS to our soon to be famous e-authentication service that would hopefully help to relieve the problems with e-identification on registrars’ side.
Written by Timo Vöhmar, Head of development at the Estonian Internet Foundation