Consumer Identity:
a Dutch Perspective on Benefits,
Issues and Next Steps
Maarten Wegdam, Novay

European Identity Confere...
Novay?


    •   Dutch ICT research institute
    •   Formerly Telematica Instituut
    •   Innovation projects
    •   Ne...
The consumer identity problem
                    An old problem
        The user                    Service provider

   ...
Why not (really) here yet?

             Three big reasons

    market       lack of         privacy
     entry       trus...
Market entry issue

         100% coverage of consumers


         Chicken-egg
         • Identity-providers vs relying pa...
Trust and privacy issues
    Don’t trust your identity provider!

    • Security risk
    • Business continuity risk
    •...
Making the IdP behave and the
    role of government
    Decreasing regulation:

                  Government issued

    ...
A trust framework


    A set of rules that all players agree upon

    To have more trust and a healthy ecosystem
    • N...
A Dutch perspective


    • E-government solution (DigiD) cannot be
      used in the private sector

    • A basic-trust ...
OpenIDplus.nl trust framework

         • Basic trust consumer-2-business identity
         • Based on OpenID

         • ...
OpenIDplus.nl
     Per-attribute validation methods

     • Standardization trust levels is needed for RP
         • To in...
OpenIDplus.nl
     Status
     • Draft specification and (very) draft rules
     • Successful proof-of-concept with the sp...
cidSafe initiative
     a safe consumer identity

     • High-trust consumer identity

     • Collaborative project by sta...
cidSafe status

     • Started in February 2010 …
     • Studying Dutch and foreign successes and
       failures; busines...
Why (now) two Dutch consumer identity
     initiatives?

     Too big (?) difference in
     • needed trust
     • value c...
Take aways


       • Breakthrough in consumer identity by jointly
         working on trust frameworks
       • Balance o...
Upcoming SlideShare
Loading in...5
×

Consumer Identity: a Dutch Perspective on Benefits, Issues and Next Steps

602

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
602
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
7
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Consumer Identity: a Dutch Perspective on Benefits, Issues and Next Steps

  1. 1. Consumer Identity: a Dutch Perspective on Benefits, Issues and Next Steps Maarten Wegdam, Novay European Identity Conference 2010 6 May 2010, Munich
  2. 2. Novay? • Dutch ICT research institute • Formerly Telematica Instituut • Innovation projects • Networked innovation • Independent, not-for-profit • ~55 researchers, multi-disciplinary • Customers include financial sector, government and semi-government 2
  3. 3. The consumer identity problem An old problem The user Service provider • High trust is too expensive • People forget passwords • Lack of (validated) attributes • Low conversion An old (?) solution externalize the identity with an identity provider 3 (authentication + attributes)
  4. 4. Why not (really) here yet? Three big reasons market lack of privacy entry trust in issues issues IdP 4
  5. 5. Market entry issue 100% coverage of consumers Chicken-egg • Identity-providers vs relying parties • Not any more for basic trust (?) Unclear value chain 5
  6. 6. Trust and privacy issues Don’t trust your identity provider! • Security risk • Business continuity risk • Privacy risk Reduce the need to trust the identity provider • Through technical means, when possible … • By making the identity provider ‘behave’ • Through laws • Through competition • By agreeing on a set of rules 6
  7. 7. Making the IdP behave and the role of government Decreasing regulation: Government issued Government regulated Trust framework Free market (tech standard) Note: models 1 to 3 require some form of monopoly or regulator 7
  8. 8. A trust framework A set of rules that all players agree upon To have more trust and a healthy ecosystem • New identity providers can join • Easy assess for RPs (scalability) • Balancing interests between IdPs, RPs and users • Privacy assurances • Governance / audits 8
  9. 9. A Dutch perspective • E-government solution (DigiD) cannot be used in the private sector • A basic-trust initiative: OpenIDplus.nl • A high-trust initiative: cidSafe 9
  10. 10. OpenIDplus.nl trust framework • Basic trust consumer-2-business identity • Based on OpenID • Subgoals + • Improve interoperability, security & privacy (somewhat) • Set of rules for IdPs, and RPs, to increase trust • Governance • Standardize per-attribute validate methods market • Create critical mass (IdPs and especially RPs) entry 10
  11. 11. OpenIDplus.nl Per-attribute validation methods • Standardization trust levels is needed for RP • To interoperate with different IdPs (scalability) • Common approach: levels of assurance for an identity • NIST / STORK levels 1 to 4 • Combines authentication, identity binding etc • BUT: existing IdPs support different sets of attributes, validated in different ways • Scalability compromise: per-attribute standardized validation methods 11
  12. 12. OpenIDplus.nl Status • Draft specification and (very) draft rules • Successful proof-of-concept with the specification • Starting next phase: larger scale testing, setting up governance, finalize spec & rules • Go ‘live’ end of the year (?) • Ongoing debate: how ‘big’ is the plus? Non-exchaustive list of involved companies: Wehkamp, SURFnet, ANWB, Hyves, Unive, TMG, DigiNotar, NPO, Holder, ECP-EPN, Evidos, Novay 12
  13. 13. cidSafe initiative a safe consumer identity • High-trust consumer identity • Collaborative project by stakeholders • Goal: breakthrough for high-trust consumer identity in the Netherlands • Short-term goal: if and how this is feasible, with a focus on financial sector 13
  14. 14. cidSafe status • Started in February 2010 … • Studying Dutch and foreign successes and failures; business case for relying parties; business modeling; outline of trust framework; evangelism … • http://cidsafe.novay.nl • Partners: 14
  15. 15. Why (now) two Dutch consumer identity initiatives? Too big (?) difference in • needed trust • value chain • timeframes • user perception (and context) • possible role of government A basic-trust solution will help a high-trust solution! 15
  16. 16. Take aways • Breakthrough in consumer identity by jointly working on trust frameworks • Balance openness with trust • Role of government important and varies between countries In Netherlands: • A basic-trust initiative: OpenIDplus.nl • A high-trust initiative: cidSafe More information: http://maarten.wegdam.name 16
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×