Consumer Identity: a Dutch Perspective on Benefits, Issues and Next Steps
Upcoming SlideShare
Loading in...5

Like this? Share it with your network


Consumer Identity: a Dutch Perspective on Benefits, Issues and Next Steps

Uploaded on


  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads


Total Views
On Slideshare
From Embeds
Number of Embeds



Embeds 1 1

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

    No notes for slide


  • 1. Consumer Identity: a Dutch Perspective on Benefits, Issues and Next Steps Maarten Wegdam, Novay European Identity Conference 2010 6 May 2010, Munich
  • 2. Novay? • Dutch ICT research institute • Formerly Telematica Instituut • Innovation projects • Networked innovation • Independent, not-for-profit • ~55 researchers, multi-disciplinary • Customers include financial sector, government and semi-government 2
  • 3. The consumer identity problem An old problem The user Service provider • High trust is too expensive • People forget passwords • Lack of (validated) attributes • Low conversion An old (?) solution externalize the identity with an identity provider 3 (authentication + attributes)
  • 4. Why not (really) here yet? Three big reasons market lack of privacy entry trust in issues issues IdP 4
  • 5. Market entry issue 100% coverage of consumers Chicken-egg • Identity-providers vs relying parties • Not any more for basic trust (?) Unclear value chain 5
  • 6. Trust and privacy issues Don’t trust your identity provider! • Security risk • Business continuity risk • Privacy risk Reduce the need to trust the identity provider • Through technical means, when possible … • By making the identity provider ‘behave’ • Through laws • Through competition • By agreeing on a set of rules 6
  • 7. Making the IdP behave and the role of government Decreasing regulation: Government issued Government regulated Trust framework Free market (tech standard) Note: models 1 to 3 require some form of monopoly or regulator 7
  • 8. A trust framework A set of rules that all players agree upon To have more trust and a healthy ecosystem • New identity providers can join • Easy assess for RPs (scalability) • Balancing interests between IdPs, RPs and users • Privacy assurances • Governance / audits 8
  • 9. A Dutch perspective • E-government solution (DigiD) cannot be used in the private sector • A basic-trust initiative: • A high-trust initiative: cidSafe 9
  • 10. trust framework • Basic trust consumer-2-business identity • Based on OpenID • Subgoals + • Improve interoperability, security & privacy (somewhat) • Set of rules for IdPs, and RPs, to increase trust • Governance • Standardize per-attribute validate methods market • Create critical mass (IdPs and especially RPs) entry 10
  • 11. Per-attribute validation methods • Standardization trust levels is needed for RP • To interoperate with different IdPs (scalability) • Common approach: levels of assurance for an identity • NIST / STORK levels 1 to 4 • Combines authentication, identity binding etc • BUT: existing IdPs support different sets of attributes, validated in different ways • Scalability compromise: per-attribute standardized validation methods 11
  • 12. Status • Draft specification and (very) draft rules • Successful proof-of-concept with the specification • Starting next phase: larger scale testing, setting up governance, finalize spec & rules • Go ‘live’ end of the year (?) • Ongoing debate: how ‘big’ is the plus? Non-exchaustive list of involved companies: Wehkamp, SURFnet, ANWB, Hyves, Unive, TMG, DigiNotar, NPO, Holder, ECP-EPN, Evidos, Novay 12
  • 13. cidSafe initiative a safe consumer identity • High-trust consumer identity • Collaborative project by stakeholders • Goal: breakthrough for high-trust consumer identity in the Netherlands • Short-term goal: if and how this is feasible, with a focus on financial sector 13
  • 14. cidSafe status • Started in February 2010 … • Studying Dutch and foreign successes and failures; business case for relying parties; business modeling; outline of trust framework; evangelism … • • Partners: 14
  • 15. Why (now) two Dutch consumer identity initiatives? Too big (?) difference in • needed trust • value chain • timeframes • user perception (and context) • possible role of government A basic-trust solution will help a high-trust solution! 15
  • 16. Take aways • Breakthrough in consumer identity by jointly working on trust frameworks • Balance openness with trust • Role of government important and varies between countries In Netherlands: • A basic-trust initiative: • A high-trust initiative: cidSafe More information: 16