Unified Identity Space for Public Administration

The Unified Identity Space (UIS) of public administration information systems and the Catalogue of Authentication and Authorisation Services (KAAS) is an authentication information system pursuant to Section 56a of the Basic Registers Act and its administrator is the Ministry of the Interior. Based on the wording of the law, the introduction of any person into this authentication information system requires his/her unambiguous identification against the basic population register. The Ministry also manages the authentication devices it issues.

Under the current status (As-Is 2018), it envisages the widest possible use of the JIP/KAAS authentication information system to meet the essential conditions for identification and authentication of internal users of public administration information systems. For those information systems where internal users of the information system are introduced by authorities that are not administrators of the information system, the use of the JIP/KAAS authentication information system is mandatory.

In the future state (To-Be 2020), the use of the JIP/KAAS system will also be possible by means of national identity space by becoming one of the qualified service providers. In order to allow logging into the PKI/KAAS by means other than national_identity_space clients, such as ID card or name+password+sms, officials need to be provided with another means in one of the following ways:

• The Civil Service Section of the MoI shall provide a single means of identity for the official within the national identity space.
• Another public authority shall ensure the issuance of professional identities within the national identity space of which the requirements for official identity (including the provision of financial means) shall be communicated by the Civil Service Section at the MoI.

A unique and unified identity of the employee within the civil service as a whole is required on two levels, as:

• Active identity and identification - entitles the employee to access information and information systems, (+ to premises and facilities) - the employee as a subject
• Passive identity and identification - uniquely identifies the subject (usually responsible) employee within the central management and coordination tools of the public administration - the employee as an object of record (same for position - job and mutual relationship to the employee).

The existing ICU/KAAS solution was not designed for such broad purposes and does not conceptually or physically meet the changed requirements. Its future development must be based on a discussion of the real needs of all stakeholders. As a prerequisite for the future effective use of a unified identity space of public administration and the fulfilment of some concepts of the architectural vision of eGovernment, such as the transactional Official's Portal, providing, among other things, common HR, training, purchasing and other functions, the identities and identifications of public administration employees, regardless of the type of employment/service relationship, must be unified, i.e. together for:

• civil service, according to Act No. 234/2014 Coll., on civil service,
• service relationship, pursuant to Act No. 361/2003 Coll. on the service relationship of members of the security forces,
• the relationship pursuant to Act No. 312/2002 Coll., the Act on Local Government Officials,
• employment relationship, pursuant to Act No. 262/2006 Coll., the Labour Code.

Importantly, the creation and especially the termination of identification and authorization for the role must arise in the JIP on the basis of its integration with local personnel systems, respectively with central service and employee registers on the one hand, and in integration with local IDM/IAM systems on the other hand. These basic requirements and needs will shape the future architecture of the JIP and the necessary cooperating systems.

The authority must ensure that its identity system (AD/LDAP/IDM) is linked to the Unified Identity Space (also known as JIP/KAAS) for the part of its employees who log on to public administration information systems. The use can be made in 2 ways:

• Creation of custom application roles for systems of which OVM is the administrator.
• Use of existing roles in the register of rights and obligations

For users who are not covered by a central operator license, a license can be purchased separately. The cost of such a licence is approximately CZK 2,000 for 1 user for the first year and CZK 500 for subsequent years.