Recomendados
Mais conteúdo relacionado
Semelhante a OpenDNIe Hackfest
Semelhante a OpenDNIe Hackfest (20)
Último
Último (20)
OpenDNIe Hackfest
- 1. eID the open source perspective Martin Paljak (maintainer of) OpenSC Project www.opensc-project.org
- 2. Agenda • Brief history of eID in Estonia • History of OpenSC • Why open source matters • What’s up next for OpenSC ?
- 3. eID in Estonia • Preparations from 1997, actions from 1999/2000 to issue PKI smart cards to every citizen • First cards issued in January 2002 • “Probably the best beer eID in the world” • 1.1 Million cards, around 30% electronic users • Problem: no client software procured by government at first
- 4. eID software in Estonia • Plan A: proprietary free (as beer) software for Windows, created by the (commercial) CA • A-Team: creates necessary software as open source (OpenSC, OpenSC.tokend, installers etc) • Plan B: (5 years later) government tender to legalize (?) and re-use the open source software (#1 failed, #2 failed, #3 ongoing...)
- 5. Happy 10th birthday, OpenSC! • Two Finns, Juha and Antti, wanted to write an open source PKCS#11 driver for FINeID (PKCS#15) cards • 2001/2002 first posts on the opensc-devel mailing list • 0.4.0 released on 2001-12-29, contains a single, read-only driver
- 6. OpenSC in 2011 • 0.12.1 released on 17.05.2011 • ~30 card drivers • A reasonable PKCS#11 module • Mac OS X integration (TokenD) • Windows integration coming (MiniDriver) • Binary installers (Windows, Mac OS X) • Synthesized (non-PKCS#15) formats • Card personalization support
- 7. 2001 to 2011 • Got interested around summer 2003 • Germans project: “Got ~2005, things to do ...” leave the took over in better Founding Finns • Early adopter of understandingOpenSC because “lack Belgium ditches from project” • Basically announced “soon stagnated or dead, if not already” by maintainer • “MUSCLE” practically dead, except for pcsc- lite+CCID • Maintenance “back in Nordic” (Estonia) since April 2010
- 8. Why OpenSC “won”? • A. Driver framework to support different cards • Compare: Linux; Evolution prefers heterogenous systems • B. Thrive to integrate with the environment • Apple is as good standard as Microsoft or RSA. % & $ • C. Dedication to core values • Open source, open attitude, community-driven • “If your work is stolen, it has value”
- 9. Why open source eID? • PKI - I as Infrastructure • 27 EU silos? Spanish Apache, “Spache”? • Transparency • eID affects almost everyone, trust in system is required for adoption
- 10. Neat reasons • eID often implemented as JavaCard applets • +1 for first published on-card applet. • “Fake eID applet” for badly written library copy machines & “free” copying • “What about my Commodore64 or Atari?” • Or Android, embedded ARM, ... ?
- 11. Neat anti-reasons • Open source makes attacks easier • Re-using branding, planting malware inside • Closed source allows for more competition from companies / possible technology export
- 12. Trends • First iteration often fails (technical or political or licensing issues) • SETEC ASTRONOMY fails • Don’t let government become Sony • Second round will be OSS anyway • Help others avoid the first mistake
- 13. International collaboration benefits • Applications (Firefox, OpenSSH, XXXOffice etc) all done elsewhere, by “foreigners”. • OpenSC as the grassroots EU interest body and lobby group of open source software smart card support (Mozilla, Apple etc) • Smart cards and crypto a niche sector, difficult to find motivated and competent fresh blood. • Homogeneous systems are doomed by evolution and limited by kind.
- 14. IAS-ECC, STORK, ... • US: PIV/CAC • EU: IAS-ECC • Standards are nice but real life matters too • Cross-border eID-enabledto test” (x27) “Install Elbonian software services: • Grassroots collaboration andbetter services interoperability could create resulting before policymakers. • Reference implementation benefits everyone
- 15. What lies ahead • OpenSC is far from an optimal or perfect solution • Old cruft, missing driver authors, lack of documentation, lack of courageous decisions (“structural reforms”), suboptimal design etc • Still it seems to have properties other projects don’t
- 16. OpenSC 0.12.2 • To be released on 2011.06.10 • Hopefully most of OpenDNIe code merged • “driver framework” is important • Bugfixes, cleanups, improvements • Automated tests, fast build iterations, infrastructure changes to support gradual project reform
- 17. Future of OpenSC • More cards, less drivers • Commodity (infrastructure) vs expensive gadget • New algorithms (Elliptic Curves) • Contactless world • Beyond conventional PKI crypto • COLLABORATION!