Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		 Previous revision
en:nap:nia [2021/06/01 13:02] – created Tomáš Šedivecen:nap:nia [2021/11/12 10:09] (current) Tomáš Šedivec
Line 3: Line 3:
 ===== Description of the National Identity Authority ===== ===== Description of the National Identity Authority =====
  
-The NIA provides state-guaranteed services to public administrations [[nap:electronic_identification_for_clients_of_public_government|identification and authentication]], including federation of data on the subject of law from the basic registers and the possibility of transmitting login identities according to the Single Sign-On principle. For persons listed in the ROB or logging in with an eIDAS identity from EU Member States, the OVS does not need to handle login identities for its clients itself. In the current state of the ROB (As-Is state), therefore, only for citizens of the Czech Republic and foreigners with permanent residence. In the future state (To-Be state) for Czech citizens, foreigners with permanent residence and [[nap:ejfo|other natural persons (EjFO)]] who have a legal or property relationship to the Czech Republic (foreign property owner, foreign doctor, foreign student, etc.).+The NIA provides state-guaranteed services to public administrations [[en:nap:elektronicka_identifikace_pro_klienty_verejne_spravy|identification and authentication]], including federation of data on the subject of law from the basic registers and the possibility of transmitting login identities according to the Single Sign-On principle. For persons listed in the ROB or logging in with an eIDAS identity from EU Member States, the OVS does not need to handle login identities for its clients itself. In the current state of the ROB (As-Is state), therefore, only for citizens of the Czech Republic and foreigners with permanent residence. In the future state (To-Be state) for Czech citizens, foreigners with permanent residence and [[en:nap:ejfo|other natural persons (EjFO)]] who have a legal or property relationship to the Czech Republic (foreign property owner, foreign doctor, foreign student, etc.).
  
 The National Identity Authority creates a federated system consisting of the following components: The National Identity Authority creates a federated system consisting of the following components:
Line 17: Line 17:
  
 ^ Identity Resource Name ^ Resource Type ^ Resource Level ^ Description ^ URL ^ Use for international identity verification in eIDAS ^ ^ Identity Resource Name ^ Resource Type ^ Resource Level ^ Description ^ URL ^ Use for international identity verification in eIDAS ^
-|**eCitizen** |Electronic ID card with activated electronic identification part |High (highest possible according to eIDAS)| Login via a new ID card issued after 1 July 2018 that contains a chip and its electronic functionality has been activated. To log in with this ID card, a document reader and the relevant software must be installed.|[[https://info.eidentita.cz/eop/]]|YES - eObčanka is so far the only means declared under eIDAS for international identification and authentication purposes. Its use is mandatory for other countries under eIDAS for use from September 2020. | +|[[en:nap:​nia_eop|**eCitizen**]] |Electronic ID card with activated electronic identification part |High (highest possible according to eIDAS)| Login via a new ID card issued after 1 July 2018 that contains a chip and its electronic functionality has been activated. To log in with this ID card, a document reader and the relevant software must be installed.|[[https://info.eidentita.cz/eop/]]|YES - eObčanka is so far the only means declared under eIDAS for international identification and authentication purposes. Its use is mandatory for other countries under eIDAS for use from September 2020. | 
-|**Mobile eGovernment Key**|Mobile application with QR code verification function|Substantia|The eGovernment Mobile Key represents the use of login without the need to enter additional authentication codes. Once installed and activated, you will be able to log in to services using electronic identification through the National Point. In order for everything to work, you must have the mobile key app installed on your mobile device. The mobile key app is identical to the existing ISDS mobile key app. If you already have this app for logging in to data boxes, updating this app will also give you the option to use it to log in to services through the National Point.|[[https://info.eidentita.cz/mep/]]|NO| +|[[en:nap:​nia_mobilni_klic|**Mobile eGovernment Key**]]|Mobile application with QR code verification function|Substantia|The eGovernment Mobile Key represents the use of login without the need to enter additional authentication codes. Once installed and activated, you will be able to log in to services using electronic identification through the National Point. In order for everything to work, you must have the mobile key app installed on your mobile device. The mobile key app is identical to the existing ISDS mobile key app. If you already have this app for logging in to data boxes, updating this app will also give you the option to use it to log in to services through the National Point.|[[https://info.eidentita.cz/mep/]]|NO| 
-|**NIA ID**| Name + password + sms. Classic second factor login. | Substantia | Login with the username and password you entered when you created your ID on the National Point portal. You complete the login by entering the verification code that will be sent to your phone number as an SMS.|[[https://info.eidentita.cz/ups/]]|NO| +|[[en:nap:​nia_niaid|**NIA ID**]]| Name + password + sms. Classic second factor login. | Substantia | Login with the username and password you entered when you created your ID on the National Point portal. You complete the login by entering the verification code that will be sent to your phone number as an SMS.|[[https://info.eidentita.cz/ups/]]|NO| 
-|**První certifikační autorita, a.s.** |Starcos chip card with identification certificate |High (highest possible according to eIDAS) |Sign in with Starcos chip card of První certifikační autorita, a.s., which was used to generate and store the private key of the identity commercial certificate. To log in, you will need a smart card reader (if not integrated into the PC/NTB) and the SecureStore control software installed (downloadable from www.ica.cz).|[[https://www.ica.cz/ica-identity-provider]]|NO| +|[[en:nap:​nia_1ca|**První certifikační autorita, a.s.**]] |Starcos chip card with identification certificate |High (highest possible according to eIDAS) |Sign in with Starcos chip card of První certifikační autorita, a.s., which was used to generate and store the private key of the identity commercial certificate. To log in, you will need a smart card reader (if not integrated into the PC/NTB) and the SecureStore control software installed (downloadable from www.ica.cz).|[[https://www.ica.cz/ica-identity-provider]]|NO| 
-|**MojeID**| Login credentials to your MojeID account paired with a FIDO resource |Substantia|Log in with your MojeID account. To log in, you need to secure the account with a security key (token) certified by the FIDO Alliance to at least L1 level, either physical (USB, NFC, Bluetooth) or system (Windows Hello, Android v. 7 and higher). It is also necessary to have the mojeID account activated to access public administration services and to verify your identity once (with an existing device or by visiting Czech POINT). The mojeID service is operated by CZ.NIC, the administrator of the .CZ domain.|[[https://www.mojeid.cz/]]|NO| +|[[en:nap:​nia_mojeid|**MojeID**]]| Login credentials to your MojeID account paired with a FIDO resource |Substantia|Log in with your MojeID account. To log in, you need to secure the account with a security key (token) certified by the FIDO Alliance to at least L1 level, either physical (USB, NFC, Bluetooth) or system (Windows Hello, Android v. 7 and higher). It is also necessary to have the mojeID account activated to access public administration services and to verify your identity once (with an existing device or by visiting Czech POINT). The mojeID service is operated by CZ.NIC, the administrator of the .CZ domain.|[[https://www.mojeid.cz/]]|NO| 
 |**IIG - International ID Gateway**| Choice of possible identity resources that are reported by other EU Member States within eIDAS nodes | low to high depending on the resource | Currently, it is possible to choose from the resources of eIDAS nodes [[https://ec.europa.eu/cefdigital/wiki/display/EIDCOMMUNITY/Overview+of+pre-notified+and+notified+eID+schemes+under+eIDAS]]| |NO| |**IIG - International ID Gateway**| Choice of possible identity resources that are reported by other EU Member States within eIDAS nodes | low to high depending on the resource | Currently, it is possible to choose from the resources of eIDAS nodes [[https://ec.europa.eu/cefdigital/wiki/display/EIDCOMMUNITY/Overview+of+pre-notified+and+notified+eID+schemes+under+eIDAS]]| |NO|
-|**Banking Identity**| Identity provided by Československá obchodní banka, a. s. | Substantia | |[[https://www.csob.cz/portal/csob/csob-identita]] | NO |+|[[en:nap:​nia_bankid|**Banking Identity**]]| Identity provided by Československá obchodní banka, a. s. | Substantia | |[[https://www.csob.cz/portal/csob/csob-identita]] | NO |
 |:::|Identity provided by Česká spořitelna, a. s. |Substantial| |[[https://www.csas.cz/cs/o-nas/bezpecnost-ochrana-dat/bankovni-identita]] |No | |:::|Identity provided by Česká spořitelna, a. s. |Substantial| |[[https://www.csas.cz/cs/o-nas/bezpecnost-ochrana-dat/bankovni-identita]] |No |
 |:::|Identity provided by Komerční banka, a. s. |Substantial| |[[https://www.kb.cz/cs/podpora/bankovnictvi-a-nastroje/kb-bankovni-identita]] |No | |:::|Identity provided by Komerční banka, a. s. |Substantial| |[[https://www.kb.cz/cs/podpora/bankovnictvi-a-nastroje/kb-bankovni-identita]] |No |
Line 39: Line 39:
  
 ^Identity Resource^Number Description^Number^ ^Identity Resource^Number Description^Number^
-|**eCitizen (as of July 1, 2018):** |Number of activated resources|386535 |+|**[[en:nap:​nia_eop|**eCitizen**]] (as of July 1, 2018):** |Number of activated resources|386535 |
 | ::: |Number of active resources |342326 | | ::: |Number of active resources |342326 |
 | ::: |Number of logins |722248 | | ::: |Number of logins |722248 |
-|**NIA ID (formerly "Name, Password, SMS") (since 1.7.2018):**|Number of activated resources|119864 |+|**[[en:nap:​nia_niaid|**NIA ID**]] (formerly "Name, Password, SMS") (since 1.7.2018):**|Number of activated resources|119864 |
 | ::: |Number of active resources |117966 | | ::: |Number of active resources |117966 |
 | ::: |Number of logins |2985801| | ::: |Number of logins |2985801|
-|**Mobile eGovernment Key (from 16.11.2020):** |Number of activated resources|22617 | +|**[[en:nap:​nia_mobilni_klic|**Mobile eGovernment Key**]] (from 16.11.2020):** |Number of activated resources|22617 | 
-:::: |Number of activated resources |21425 |+| ::: |Number of activated resources |21425 |
 | ::: |Number of logins |196790 | | ::: |Number of logins |196790 |
-|**Air Bank:** |Number of activated resources|1083972|+|**[[en:nap:​nia_bankid|**Air Bank**]]:** |Number of activated resources|1083972|
 | ::: |Number of active resources |894705 | | ::: |Number of active resources |894705 |
-:::: |Number of logins |83696 | +| ::: |Number of logins |83696 | 
-|**Czech Savings Bank:** |Number of activated funds|1896981|+|**[[en:nap:​nia_bankid|**Czech Savings Bank**]]:** |Number of activated funds|1896981|
 | ::: |Number of active funds |1752676| | ::: |Number of active funds |1752676|
-:::: |Number of logins |391753 | +| ::: |Number of logins |391753 | 
-|**ČSOB Identity - fully authenticated access** |Number of activated resources|304642 |+|**[[en:nap:​nia_bankid|**ČSOB Identity - fully authenticated access**]]** |Number of activated resources|304642 |
 | ::: |Number of active resources |219860 | | ::: |Number of active resources |219860 |
 | ::: |Number of logins |120153 | | ::: |Number of logins |120153 |
-|**ČSOB Identity - Fast Access** |Number of activated resources|157042 |+|**[[en:nap:​nia_bankid|**ČSOB Identity - Fast Access**]]** |Number of activated resources|157042 |
 | ::: |Number of active resources |152844 | | ::: |Number of active resources |152844 |
 | ::: |Number of logins |8300 | | ::: |Number of logins |8300 |
-|**První certifikační autorita, a.s.:** |Number of activated resources|597 |+|**[[en:nap:​nia_bankid|**První certifikační autorita, a.s.**]]:** |Number of activated resources|597 |
 | ::: |Number of active resources |557 | | ::: |Number of active resources |557 |
 | ::: |Number of logins |57844 | | ::: |Number of logins |57844 |
-|**Commercial Bank:** |Number of activated resources|946009 |+|**[[en:nap:​nia_bankid|**Commercial Bank**]]:** |Number of activated resources|946009 |
 | ::: |Number of active resources |927895 | | ::: |Number of active resources |927895 |
 | ::: |Number of logins |119803 | | ::: |Number of logins |119803 |
-|**myID:** |Number of activated resources|19886 |+|**[[en:nap:​nia_mojeid|**MojeID**]]** |Number of activated resources|19886 |
 | ::: |Number of active resources |17806 | | ::: |Number of active resources |17806 |
 | ::: |Number of logins |151050 | | ::: |Number of logins |151050 |
-|**MONETA Money Bank:** |Number of activated funds|878064 |+|**[[en:nap:​nia_bankid|**MONETA Money Bank**]]:** |Number of activated funds|878064 |
 | ::: |Number of active funds |872108 | | ::: |Number of active funds |872108 |
 | ::: |Number of logins |28834 | | ::: |Number of logins |28834 |
Line 106: Line 106:
 The pseudonym, or natural person identifier, transmitted from the NIA is unique and immutable for each qualified service provider. It does not serve as a public identifier, but as a [[[:nap:evidence_udaju_o_subjects|technical identifier]]. Should a situation arise where the pseudonym for a natural person changes, the authority will be informed of this fact through the basic registers information system, as its [[nap:evidence_udaju_o_subjektech|agenda identifier of the natural person]] will also change. The private data user will not be notified of this change as he cannot be connected to the [[:nap:basic registers|basic registers]] indirectly, but this service can be provided by his superior authority.  The pseudonym, or natural person identifier, transmitted from the NIA is unique and immutable for each qualified service provider. It does not serve as a public identifier, but as a [[[:nap:evidence_udaju_o_subjects|technical identifier]]. Should a situation arise where the pseudonym for a natural person changes, the authority will be informed of this fact through the basic registers information system, as its [[nap:evidence_udaju_o_subjektech|agenda identifier of the natural person]] will also change. The private data user will not be notified of this change as he cannot be connected to the [[:nap:basic registers|basic registers]] indirectly, but this service can be provided by his superior authority. 
  
-However, if the qualified service provider wants to be sure that the pseudonym is up-to-date, it has to follow the rules of [[:nap:linked_datovy_fond|linked data pool]], i.e. to have its data trunk identified and to receive [[nap:notifications|notifications]] from [[nap:iszr|basic registers information system]].+However, if the qualified service provider wants to be sure that the pseudonym is up-to-date, it has to follow the rules of [[::en:nap:propojeny_datovy_fond|linked data pool]], i.e. to have its data trunk identified and to receive [[nap:notifications|notifications]] from [[nap:iszr|basic registers information system]].
  
 ===== Rules for the National Identity Authority ===== ===== Rules for the National Identity Authority =====