08448380779 Call Girls In Civil Lines Women Seeking Men
Consumer and Citizen Identities: Government Issued or Trust Frameworks? (European Identity Conference 2011)
1. Consumer and Citizen Identities:
Government Issued or Trust Frameworks?
Maarten Wegdam, Novay
European Identity Conference 2011
12 May 2011, Munich
2. Novay?
• Independent Dutch ICT research institute
• Formerly Telematica Instituut
• “People driven, ICT empowered”
• ~55 researchers, multi-disciplinary
• Innovation projects
• Including financial sector, government and semi-
government
2
3. Old problem
[New Yorker cartoon by Peter Steiner]
3
4. What to expect?
• Re-usable identities are the way to go
• Government vs trust framework: they co-exist
• Banks and government are key
• Convincing relying parties: needed and hard work
4
6. And online?
Id theft Avoidable costs
Lost revenues (?)
Frustrated users Privacy/control
6
issues
7. Solution: re-usable identities
(One or) a few trusted identities
Of course: secure & trusted
Of course: user controlled, privacy
sensitive
7
8. Trust in an identity
Authentication Identity Level of
means binding Assurance
8
9. Challenges for trusted re-usable identities
lack of privacy market
trust in Id issues entry
Provider issues
9
10. The big choice: government or
market as identity provider
• Government – as in offline world
• Market – as phone, internet access, email etc
10
11. The big choice: government or
market as identity provider
• Government – as in offline world
• Market – as phone, internet access, email etc
• Some form of controlled market
11
12. Decreasing (government) control
Government issued
Government regulated
Trust framework
Free market (tech standard)
Note: models 1 to 3 require some form of
monopoly or regulator
12
13. Identity trust framework = a set of rules
that all players agree upon
To have more trust and a healthy ecosystem
• A fair business model
• New identity providers can join
• Easy access for relying parties (scalability)
• Balancing interests between players
• Privacy assurances
• Governance / audits
• Support one or more levels of assurance
13
14. Success criteria C2B/C2G identity
• Frequent use of eID essential
• For private AND public services (C2B & C2G)
• Bank involvement seems key
• Government governance required
• Easy entrance for relying parties
• Ease of use for end-users
• High (100%?) user penetration needed
[based on use cases study in DK,BE.DE,NO,SE,EE,US in 2010]
14
15. Government issued eID Identity trust framework
Easier market entry Innovation ‘friendlier’
• 100% user coverage User choice
• gov as relying party International is easier (?)
Clearer bus model Benefits of competition …
Neutral branding Re-use existing identities
Privacy of Relying party
Trust: cultural?
User privacy: one big brother or several medium brothers?
15
16. use-case:
trusted and re-usable consumer identity in NL
Consortium
Financial sector
Vision on trust framework
Feasibility
16
17. vision on trust framework
• Business model – users should not pay (directly)
• Business case – re-use existing identities
• Very easy for relying parties to connect
• Several levels of assurance – ‘mid’ trust and up
• Mobile – from the start
• Privacy – state-of-the-art and consent
• Government needed for trust (link to eRecognition)
17
18. : my lessons learned
• High-level mngt in financial industry do not
understand nerdy terms like trust frameworks
• Government needs to be ‘predictable’ !!!
• Relying parties: so they don’t wait for gov
• Identity providers: trust & no competition
• Re-use existing & trusted: you need (all ?)
banks as identity providers
• not core business, there are risks, and unclear
business case ...
18
19. My 2 cents for relying parties
• Re-use identities from others when you can
• Heterogeneity - no 1-identity-to-rule-them all, accept
heterogeneity as inevitable
• Stimulate trust frameworks - it is in your interest to
reduce heterogeneity without introducing a monopoly
• Architect your identity system to accept different
levels of assurance, from different parties
• If you have customers from only one nation, can wait
a couple of years and live in a government-issued
C2B eID country: things may be simpler.
19
20. 5 things to keep an eye on
1. Will social login (Facebook etc) become more
trustworthy?
2. Will domain-specific trust frameworks expand, e.g.
higher education?
3. Are four levels-of-assurance (trust levels) really
needed? Will users understand?
4. What is the value of an authentication for a relying
party? (BankID is pretty cheap …)
5. Are trust frameworks also about trusting the relying
parties?
20
21. Take aways
• Re-usable identities are the way to go
• If both C2B and C2G: easier market entry, cheaper
• Government vs trust framework: they co-exist
• Privacy, political, legacy, legislation are factors
• Banks and government are key
• Market penetration as identity providers
• Killer apps as relying parties
• Trust
• Convincing relying parties: needed and hard work
More information:
maarten.wegdam@novay.nl http://maarten.wegdam.name
21