Workshop on Authentication and Authorisation

Partners around the table at the workshop "Prepare Authentication Mechanism".

In May the focus of the project LRI MS Connection was pointed towards the issues related to the LRI user authentication and authorisation. On 8 May 2018 a special workshop of the partners was held in Vienna, titled as "Prepare Authentication Mechanism" (slides of the workshop in pdf).

The workshop was led by Mr. Dietmar Gombotz (Bundesrechenzentrum GmbH), who opened the workshop with giving an overview of the goals, content and deliverables of the work package 4 (WP4) of the project. The main goal of the WP4 is to design the necessary adaptions of the national authentication and authorisation portals for court professionals (e.g. judges, court officials) and other professional user groups (notaries, bailiffs etc). The more specific aim of the workshop was to come up with an initial design how the different systems of AT and EE could work together and with the LRI service at the e-Justice portal.

Current Situation in Austria and Estonia

Following the introductory presentation, both partners of the project, the Estonian Centre of Register and Information Systems and the Federal Ministry of Constitutional Affairs, Reforms, Deregulation and Justice in Austria, presented their current situation in terms of the authentication and authorisation of professional users in their respective countries. The partners started searching for the possible good interconnection solutions, which would be suitable for both sides.

In Estonia the major concern being that there is currently no central system existing, which would validate the role of a professional user, nor can all the professional users benefit of an existing professional information system for an authorisation through a professional information system. (See the slides in pdf)

At Austrian side the concern is set on other aspects compared to Estonia. Austria, as a federated state has multiple authentication and authorisation systems available which act as gateways for the public officials and court professional to various national services, including land register services. Therefore both partners have a slightly different set of issues to tackle within the activities of the WP4.

While faced with different set of issues to be solved, the partners commonly agreed that the somewhat different emerging solutions at both countries will provide more valuable outcomes for the other member states, following in the process of interconnecting their land registers to the LRI service in the future.

Issues Regarding the LRI Service 

Among other issues the partners also focused on the aspects of the actual technical interconnection between the LRI system and the national authentication and authorisation systems, as envisioned by the earlier analysts of the LRI team in previous years. The message exchange process between the national LRs and authorisation systems and the central LRI service provision mechanism at the e-Justice portal was taken under a close scrutiny. The partners had to realise that the formerly envisioned technological setting of the LRI interconnection might be somewhat outdated by today and would not offer a way of interconnection as the partners would like to see and adopt to. Project partners also realized that the proposed solution of the EC is of proprietary nature. Yet, both the partners would rather like to adopt an open standard solution instead.

Austria and Estonia, as the first two piloting countries who would set an example of the actual establishment of the LRI linkage in their countries, presented their questions and concerns to Mr. Gabriel Sima, the representative of the DG JUST, European Commission, who participated in the meeting via a conference call.

User Authentication

The partners also discussed with Mr. Sima the aspects related to the authentication of users at the e-Justice portal. The workshop participants discussed the possibilities of applying the existing user authentication via STORK mechanism at the e-Justice portal. In case of Estonia the STORK mechanism of the e-Justice portal calls out the central authentication service in Estonia, where a person may authenticate himself/herself by an ID card or a mobile ID. This would indeed provide a proper and sufficient authentication of the LRI user for the LRI service. Yet, mere authentication does not provide the necessary user authorisation. This means that the check-up of the user's role needs to be carried out as an additional step in the process.

User Authorisation

In case of Austria, there are multiple authentication mechanisms currently in use. Therefore Austria was indeed in favour of such a solution, where the professional user could be authenticated as well as authorised at once nationally, followed by forwarding the respective user data from Austria to the LRI service. In fact, the same option would also be preferred in Estonia, where the professional uses, once logged in to their professional digital working environments, could go on and place searches across the LRI with full authentication and authorisation present. Such approach would make the workflow in searching data across the European national land registers more user friendly to the professional users.

Next, the partners briefly discussed the essence of data fields and parameters necessary for exchanging the user and search information among all the participating counterparties. Yet, this discussion will be continued at a later stage of the project once the general process design has been agreed.

Defining USer Groups

Apart from the technical issues the project partners also defined more precisely the user groups of the LRI service. The following groups emerged from the discussions:

  1. Authenticated public officials
  2. Authenticated private legal professionals (lawyers and notaries, who are allowed to access LR data)
  3. Authenticated private persons
  4. Authenticated private persons representing an organisation or a company
  5. Anonymous users (no need to authenticate)


The full day of work concluded with a decision to further investigate the open questions together with the European Commission's LRI team. The next steps will be to outline possible process flows for exchanging information on the user authentication and authorisation between the e-Justice portal and the national user authentication systems. The partners agreed to re-gather via a conference call meeting in the mid June.