Your SlideShare is downloading. ×
0
OpenSC: eID interoperability through open source software
OpenSC: eID interoperability through open source software
OpenSC: eID interoperability through open source software
OpenSC: eID interoperability through open source software
OpenSC: eID interoperability through open source software
OpenSC: eID interoperability through open source software
OpenSC: eID interoperability through open source software
OpenSC: eID interoperability through open source software
OpenSC: eID interoperability through open source software
OpenSC: eID interoperability through open source software
OpenSC: eID interoperability through open source software
OpenSC: eID interoperability through open source software
OpenSC: eID interoperability through open source software
OpenSC: eID interoperability through open source software
OpenSC: eID interoperability through open source software
OpenSC: eID interoperability through open source software
OpenSC: eID interoperability through open source software
OpenSC: eID interoperability through open source software
OpenSC: eID interoperability through open source software
OpenSC: eID interoperability through open source software
OpenSC: eID interoperability through open source software
OpenSC: eID interoperability through open source software
OpenSC: eID interoperability through open source software
OpenSC: eID interoperability through open source software
OpenSC: eID interoperability through open source software
OpenSC: eID interoperability through open source software
OpenSC: eID interoperability through open source software
OpenSC: eID interoperability through open source software
OpenSC: eID interoperability through open source software
OpenSC: eID interoperability through open source software
OpenSC: eID interoperability through open source software
OpenSC: eID interoperability through open source software
OpenSC: eID interoperability through open source software
OpenSC: eID interoperability through open source software
OpenSC: eID interoperability through open source software
OpenSC: eID interoperability through open source software
OpenSC: eID interoperability through open source software
OpenSC: eID interoperability through open source software
OpenSC: eID interoperability through open source software
OpenSC: eID interoperability through open source software
OpenSC: eID interoperability through open source software
OpenSC: eID interoperability through open source software
OpenSC: eID interoperability through open source software
OpenSC: eID interoperability through open source software
OpenSC: eID interoperability through open source software
OpenSC: eID interoperability through open source software
OpenSC: eID interoperability through open source software
OpenSC: eID interoperability through open source software
OpenSC: eID interoperability through open source software
OpenSC: eID interoperability through open source software
OpenSC: eID interoperability through open source software
OpenSC: eID interoperability through open source software
OpenSC: eID interoperability through open source software
OpenSC: eID interoperability through open source software
OpenSC: eID interoperability through open source software
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

OpenSC: eID interoperability through open source software

2,767

Published on

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
2,767
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
32
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. eID interoperability through open source softwareMartin PaljakOpenSC Projectwww.opensc-project.org
  • 2. Quick background check• Dealing with Estonian eID (1st generation) since 2003• Involved with OpenID (“OpenID for Estonians, OpenID.ee”)• Open source security/crypto/smart cards/identity software• Maintainer/lead developer of OpenSC Project since 2010• All opinions expressed are my own
  • 3. Agenda• What is OpenSC• Problems observed from earth• Why open source matters• How OpenSC can help
  • 4. OpenSC
  • 5. OpenSC• Open source software (middleware) for cryptographic smart cards • Developed by independent team of international volunteers
  • 6. OpenSC• Open source software (middleware) for cryptographic smart cards • Developed by independent team of international volunteers• Provides standard interfaces for software developers and applications to access cryptographic capabilities of smart cards • Standards are published or defined by market
  • 7. OpenSC• Open source software (middleware) for cryptographic smart cards • Developed by independent team of international volunteers• Provides standard interfaces for software developers and applications to access cryptographic capabilities of smart cards • Standards are published or defined by market• Cross platform (Windows, Mac OS X, Linux/Unix) • PKCS#11, CryptoAPI (minidriver), Tokend/CDSA
  • 8. OpenSC• Open source software (middleware) for cryptographic smart cards • Developed by independent team of international volunteers• Provides standard interfaces for software developers and applications to access cryptographic capabilities of smart cards • Standards are published or defined by market• Cross platform (Windows, Mac OS X, Linux/Unix) • PKCS#11, CryptoAPI (minidriver), Tokend/CDSA• PKCS#15 (ISO7816-15, IAS-ECC, PIV, EstEID, ...) • Card personalization tools
  • 9. OpenSC• Open source software (middleware) for cryptographic smart cards • Developed by independent team of international volunteers• Provides standard interfaces for software developers and applications to access cryptographic capabilities of smart cards • Standards are published or defined by market• Cross platform (Windows, Mac OS X, Linux/Unix) • PKCS#11, CryptoAPI (minidriver), Tokend/CDSA• PKCS#15 (ISO7816-15, IAS-ECC, PIV, EstEID, ...) • Card personalization tools• “OpenSC has become the defacto open source smartcard provider”
  • 10. OpenSC enables applications!
  • 11. OpenSC enables applications!• Firefox - HTTPS authentication• Thunderbird - S/MIME signatures and encryption• Google Chrome - HTTPS authentication• E-voting - vote signing and authentication• OpenSSH - authentication• Safari - HTTPS authentication• Mail.app - S/MIME signatures and encryption• Outlook - S/MIME signatures and encryption• Open(Libre)Office - digital signatures• Internet Explorer - HTTPS authentication• Adobe Acrobat - digital signatures• OpenVPN - authentication• Putty - authentication• WinSCP - authentication
  • 12. Real life applications, right now.
  • 13. OpenSC supports* • Estonian eID • Finnish eID • Spanish eID* • Belgian eID • Portuguese eID • Italian eID • IAS-ECC* • PIV/CAC • Latvian eID** - work in progress or other but-s or limitations
  • 14. Problems with eID software projects• Initiation & execution• Trust• Sustainability• Interoperability• Innovation
  • 15. Regulators endorse execution, incl. open source.
  • 16. Initiation & execution
  • 17. Initiation & execution• Reduced platform availability
  • 18. Initiation & execution• Reduced platform availability • Linux (read: non-Windows)
  • 19. Initiation & execution• Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga.
  • 20. Initiation & execution• Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga.• Licensing (OpenSC LGPL)
  • 21. Initiation & execution• Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga.• Licensing (OpenSC LGPL) • Belgium
  • 22. Initiation & execution• Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga.• Licensing (OpenSC LGPL) • Belgium • Spain
  • 23. Initiation & execution• Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga.• Licensing (OpenSC LGPL) • Belgium • Spain • Portugal
  • 24. Initiation & execution• Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga.• Licensing (OpenSC LGPL) • Belgium • Spain • Portugal • Latvia
  • 25. Initiation & execution• Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga.• Licensing (OpenSC LGPL) • Belgium • Spain • Portugal • Latvia• Commercial vs public interest. Cost
  • 26. Initiation & execution• Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga.• Licensing (OpenSC LGPL) • Belgium • Spain • Portugal • Latvia• Commercial vs public interest. Cost• Client software is complex and interweaved. Cost
  • 27. Initiation & execution• Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga.• Licensing (OpenSC LGPL) • Belgium • Spain • Portugal • Latvia• Commercial vs public interest. Cost• Client software is complex and interweaved. Cost • Keeping up with software changes is challenging
  • 28. Initiation & execution• Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga.• Licensing (OpenSC LGPL) • Belgium • Spain • Portugal • Latvia• Commercial vs public interest. Cost• Client software is complex and interweaved. Cost • Keeping up with software changes is challenging• 1st iteration tends to “fail”
  • 29. Trust
  • 30. Trust• STOP ABUSING THIS WORD!
  • 31. Trust• STOP ABUSING THIS WORD!• Opaque systems call for tinfoil hats
  • 32. Trust• STOP ABUSING THIS WORD!• Opaque systems call for tinfoil hats• “How do I know that the software does not sign a transaction for 10000€?”
  • 33. Trust• STOP ABUSING THIS WORD!• Opaque systems call for tinfoil hats• “How do I know that the software does not sign a transaction for 10000€?”• Trust is essential for successful widespread adoption
  • 34. Trust• STOP ABUSING THIS WORD!• Opaque systems call for tinfoil hats• “How do I know that the software does not sign a transaction for 10000€?”• Trust is essential for successful widespread adoption • Does not always mean “cryptographically assured”
  • 35. Trust• STOP ABUSING THIS WORD!• Opaque systems call for tinfoil hats• “How do I know that the software does not sign a transaction for 10000€?”• Trust is essential for successful widespread adoption • Does not always mean “cryptographically assured”• Who will be the first to publish on-card application?
  • 36. Trust• STOP ABUSING THIS WORD!• Opaque systems call for tinfoil hats• “How do I know that the software does not sign a transaction for 10000€?”• Trust is essential for successful widespread adoption • Does not always mean “cryptographically assured”• Who will be the first to publish on-card application?• Ergo I’m no cloud believer
  • 37. Sustainability Interoperability
  • 38. Sustainability
  • 39. Sustainability• Silos
  • 40. Sustainability• Silos • 27x same mistakes? Probably.
  • 41. Sustainability• Silos • 27x same mistakes? Probably. • eID is infrastructure. “Estache” (“Seto”) the Estonian Apache?
  • 42. Sustainability• Silos • 27x same mistakes? Probably. • eID is infrastructure. “Estache” (“Seto”) the Estonian Apache? • University computer class = 27x “Elbonian card software”?
  • 43. Sustainability• Silos • 27x same mistakes? Probably. • eID is infrastructure. “Estache” (“Seto”) the Estonian Apache? • University computer class = 27x “Elbonian card software”?• (PKI smart cards) eID is no CSS or HTML5
  • 44. Sustainability• Silos • 27x same mistakes? Probably. • eID is infrastructure. “Estache” (“Seto”) the Estonian Apache? • University computer class = 27x “Elbonian card software”?• (PKI smart cards) eID is no CSS or HTML5 • Niche market, requires specific skills
  • 45. Sustainability• Silos • 27x same mistakes? Probably. • eID is infrastructure. “Estache” (“Seto”) the Estonian Apache? • University computer class = 27x “Elbonian card software”?• (PKI smart cards) eID is no CSS or HTML5 • Niche market, requires specific skills• Cost
  • 46. Sustainability• Silos • 27x same mistakes? Probably. • eID is infrastructure. “Estache” (“Seto”) the Estonian Apache? • University computer class = 27x “Elbonian card software”?• (PKI smart cards) eID is no CSS or HTML5 • Niche market, requires specific skills• Cost • A plant only grows if you water it
  • 47. Innovation
  • 48. Innovation• Commodity vs niche product • Easily available, interchangeable
  • 49. Innovation• Commodity vs niche product • Easily available, interchangeable• P2P vs platform • SAML vs OpenID
  • 50. Innovation• Commodity vs niche product • Easily available, interchangeable• P2P vs platform • SAML vs OpenID• eID must be ubiquitous to succeed • Make awkward uses easy to implement
  • 51. Innovation• Commodity vs niche product • Easily available, interchangeable• P2P vs platform • SAML vs OpenID• eID must be ubiquitous to succeed • Make awkward uses easy to implement• Does open source lead the innovation or jog behind the cool guys?
  • 52. Innovation• Commodity vs niche product • Easily available, interchangeable• P2P vs platform • SAML vs OpenID• eID must be ubiquitous to succeed • Make awkward uses easy to implement• Does open source lead the innovation or jog behind the cool guys?• Import vs export
  • 53. Innovation• Commodity vs niche product • Easily available, interchangeable• P2P vs platform • SAML vs OpenID• eID must be ubiquitous to succeed • Make awkward uses easy to implement• Does open source lead the innovation or jog behind the cool guys?• Import vs export• Fibonacci innovation?
  • 54. How can OpenSC help?• Grassroots community of specialists from different countries • Share knowledge and experiences • No politics. “Show me the solution that works”• Joint lobby group to collaborate with other (open source) projects • Make Firefox (close to 1/3 of the market) to fix their bugs• A reference implementation• Provide a common framework and platform for collaboration, interoperability and innovation
  • 55. Thank you! Questions? opensc-project.org @MartinPaljak.net

×