RegeID @ .ee now enables people from 12 EU countries to access and use our solutions!
It was 2018 when we first met with the Czech registry to discuss the option of adding eIDAS to our public-facing web interfaces with the goal of strengthening the identification of our registrants and contacts. We are both very active in developing our businesses, so the question came up on how to find resources to make this happen. Luckily the EU also believes it to be beneficial to promote eIDAS usage and made support measures available via its Connecting Europe Facility (CEF) tool. The Czechs took the lead role and off we went!
Strong electronic identification has become more and more important, and in 2019 we found many more interested parties around us to invite along. 2020 was the year that went into history books marking the start of the RegeID project. The project involves the Estonian, Czech, Danish and Dutch registries, as well as CENTR (Council of European National Top-Level Domain Registries) and Signicat, a digital identity and signature solutions’ provider. This project is being funded by the European Commission, via the CEF.
Another year went by and December 2020 marked another important event in this historic year – .ee launched its new portal for registrants which now included the eIDAS identification method, enabling registrants and contacts with no Estonian eID or Estonian e-residents’ eID to log in and get an overview of their .ee domains. They can also benefit from cool functionalities like registry lock, update their contact data or disclose their contacts in the public WHOIS, which is hidden by default.
Strong identification has always been our main means of fighting abuse in the .ee zone and it has proven to work amazingly well. But while it is quite easily achieved with Estonian registrants thanks to our well established eID infrastructure, we have always had a hard time getting the same level of data quality with foreign registrations. In the past we have directly interfaced with Finnish, Latvian, Lithuanian and Belgian e-ID systems. eIDAS promised to offer much easier access to a broader list of government-backed eIDs. And it delivers – now people from 12 EU countries have access to our solutions!
So it does feel like a big step in the right direction, and the European Commission’s support through the CEF project is very much welcome to get traction to the eIDAS project, point out limitations as fast as possible and move the EU closer to electronic conduct.
Nevertheless, working on the project has indeed unveiled some issues. The first obstacle is that private companies do not have access to eIDAS, seemingly for budgeting and billing reasons as there is no agreement between governments yet on how to charge for the service. As such, it took quite some effort and persuasion for us, a private non-profit organisation, to be allowed to connect to our local eIDAS node.
We had the bright idea to create our own gateway service for electronic identification and authentication that would also include eIDAS, but for the same reason as above our request for relaying the access through our hosted service was turned down. So this is one big obstacle in making this option more widely available and usable. Hopefully by the second half of 2021 we might be able to connect our authentication service to eIDAS, but the access to authentication options over eIDAS will most probably be very limited.
Another issue that is more specific to the domain industry is that
governments tend to generate new personal identifiers for their citizens
and residents to be used in eIDAS. That is a big issue as people do not
know that identifier. Most top-level domain registries use a
registry-registrar model, meaning that registries do not have direct
communication with domain registrants during domain registrations.
Registrars will have to somehow find out the eIDAS identifier of a non-Estonian registrant to associate this with the registration data. And of course, as a private entity they have no option to use eIDAS at the moment, but even if they were to have this option available it will require a huge effort on our side to motivate them to add this option to their business model – huge from a small registry’s point of view. Of course together with the other registries supporting, the break-through might come faster. But until then registrants would have to log in to the .ee registrant portal find out their eIDAS identifier and go back to their registrar to change their identifier associated with the registration to get access to it in the portal.
Fun fact, until we add support for multiple identifiers, replacing their identity code with the eIDAS one will make it impossible to use any other means of authentication to access their data in the .ee registry.
That said, we are very strong supporters of the Estonian model where personal identity numbers are considered public information – the same identifier is available on all forms of identification documents, eIDs and also sent over the eIDAS infrastructure.
Even though the goal of the RegeID project has been achieved for .ee by launching the new and improved portal for registrants together with the eIDAS authentication option, we have not stopped. eIDAS is also now included in our world-famous domain auction system. It will be added to the portal for registrars as well. We also hope to be able to add eIDAS to our soon to be famous e-authentication service that would hopefully help to relieve the problems with e-identification on registrars’ side.
Written by Timo Võhmar, Head of development at the Estonian Internet Foundation and firstly published in RegeID.
* Altogether 12 EU countries: Belgium, Spain, Croatia, Italy, Lithuania, Luxembourg, Latvia, Netherlands, Portugal, Germany, Slovakia and Czech Republic
We are looking for an experienced Ruby software engineer to push our open-source domain registry solution to a new level and join our small ambitious team.
We develop and manage Estonian top level domain .ee, its registry and DNS system. Most of the software we use is developed in house.
If the sixth Internet Day, which was to take place in March last year, was not held due to the pandemic, then this year, the event will take place via a secure live broadcast. However, despite the changed circumstances, the idea of Internet Day still remains the same - to bring together those interested in the Estonian Internet community to contribute to the development of our Internet by discussing topical issues. The motto of this year's Internet Day is "Tomorrow's weather on the Internet."
Here’s a brief look back at the .ee registry in 2020 – how many domain names were ordered, how many were abandoned, and the dynamics of the registry over the past decade. By the way, do you know what the longest .ee domain registered in 2020 was?