OpenSC: eID interoperability through open source software
Upcoming SlideShare
Loading in...5
×
 

OpenSC: eID interoperability through open source software

on

  • 2,871 views

 

Statistics

Views

Total Views
2,871
Views on SlideShare
2,864
Embed Views
7

Actions

Likes
1
Downloads
27
Comments
0

2 Embeds 7

https://www.linkedin.com 4
http://www.linkedin.com 3

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

OpenSC: eID interoperability through open source software OpenSC: eID interoperability through open source software Presentation Transcript

  • eID interoperability through open source softwareMartin PaljakOpenSC Projectwww.opensc-project.org
  • Quick background check• Dealing with Estonian eID (1st generation) since 2003• Involved with OpenID (“OpenID for Estonians, OpenID.ee”)• Open source security/crypto/smart cards/identity software• Maintainer/lead developer of OpenSC Project since 2010• All opinions expressed are my own
  • Agenda• What is OpenSC• Problems observed from earth• Why open source matters• How OpenSC can help
  • OpenSC
  • OpenSC• Open source software (middleware) for cryptographic smart cards • Developed by independent team of international volunteers
  • OpenSC• Open source software (middleware) for cryptographic smart cards • Developed by independent team of international volunteers• Provides standard interfaces for software developers and applications to access cryptographic capabilities of smart cards • Standards are published or defined by market
  • OpenSC• Open source software (middleware) for cryptographic smart cards • Developed by independent team of international volunteers• Provides standard interfaces for software developers and applications to access cryptographic capabilities of smart cards • Standards are published or defined by market• Cross platform (Windows, Mac OS X, Linux/Unix) • PKCS#11, CryptoAPI (minidriver), Tokend/CDSA
  • OpenSC• Open source software (middleware) for cryptographic smart cards • Developed by independent team of international volunteers• Provides standard interfaces for software developers and applications to access cryptographic capabilities of smart cards • Standards are published or defined by market• Cross platform (Windows, Mac OS X, Linux/Unix) • PKCS#11, CryptoAPI (minidriver), Tokend/CDSA• PKCS#15 (ISO7816-15, IAS-ECC, PIV, EstEID, ...) • Card personalization tools
  • OpenSC• Open source software (middleware) for cryptographic smart cards • Developed by independent team of international volunteers• Provides standard interfaces for software developers and applications to access cryptographic capabilities of smart cards • Standards are published or defined by market• Cross platform (Windows, Mac OS X, Linux/Unix) • PKCS#11, CryptoAPI (minidriver), Tokend/CDSA• PKCS#15 (ISO7816-15, IAS-ECC, PIV, EstEID, ...) • Card personalization tools• “OpenSC has become the defacto open source smartcard provider”
  • OpenSC enables applications!
  • OpenSC enables applications!• Firefox - HTTPS authentication• Thunderbird - S/MIME signatures and encryption• Google Chrome - HTTPS authentication• E-voting - vote signing and authentication• OpenSSH - authentication• Safari - HTTPS authentication• Mail.app - S/MIME signatures and encryption• Outlook - S/MIME signatures and encryption• Open(Libre)Office - digital signatures• Internet Explorer - HTTPS authentication• Adobe Acrobat - digital signatures• OpenVPN - authentication• Putty - authentication• WinSCP - authentication
  • Real life applications, right now.
  • OpenSC supports* • Estonian eID • Finnish eID • Spanish eID* • Belgian eID • Portuguese eID • Italian eID • IAS-ECC* • PIV/CAC • Latvian eID** - work in progress or other but-s or limitations
  • Problems with eID software projects• Initiation & execution• Trust• Sustainability• Interoperability• Innovation
  • Regulators endorse execution, incl. open source.
  • Initiation & execution
  • Initiation & execution• Reduced platform availability
  • Initiation & execution• Reduced platform availability • Linux (read: non-Windows)
  • Initiation & execution• Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga.
  • Initiation & execution• Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga.• Licensing (OpenSC LGPL)
  • Initiation & execution• Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga.• Licensing (OpenSC LGPL) • Belgium
  • Initiation & execution• Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga.• Licensing (OpenSC LGPL) • Belgium • Spain
  • Initiation & execution• Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga.• Licensing (OpenSC LGPL) • Belgium • Spain • Portugal
  • Initiation & execution• Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga.• Licensing (OpenSC LGPL) • Belgium • Spain • Portugal • Latvia
  • Initiation & execution• Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga.• Licensing (OpenSC LGPL) • Belgium • Spain • Portugal • Latvia• Commercial vs public interest. Cost
  • Initiation & execution• Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga.• Licensing (OpenSC LGPL) • Belgium • Spain • Portugal • Latvia• Commercial vs public interest. Cost• Client software is complex and interweaved. Cost
  • Initiation & execution• Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga.• Licensing (OpenSC LGPL) • Belgium • Spain • Portugal • Latvia• Commercial vs public interest. Cost• Client software is complex and interweaved. Cost • Keeping up with software changes is challenging
  • Initiation & execution• Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga.• Licensing (OpenSC LGPL) • Belgium • Spain • Portugal • Latvia• Commercial vs public interest. Cost• Client software is complex and interweaved. Cost • Keeping up with software changes is challenging• 1st iteration tends to “fail”
  • Trust
  • Trust• STOP ABUSING THIS WORD!
  • Trust• STOP ABUSING THIS WORD!• Opaque systems call for tinfoil hats
  • Trust• STOP ABUSING THIS WORD!• Opaque systems call for tinfoil hats• “How do I know that the software does not sign a transaction for 10000€?”
  • Trust• STOP ABUSING THIS WORD!• Opaque systems call for tinfoil hats• “How do I know that the software does not sign a transaction for 10000€?”• Trust is essential for successful widespread adoption
  • Trust• STOP ABUSING THIS WORD!• Opaque systems call for tinfoil hats• “How do I know that the software does not sign a transaction for 10000€?”• Trust is essential for successful widespread adoption • Does not always mean “cryptographically assured”
  • Trust• STOP ABUSING THIS WORD!• Opaque systems call for tinfoil hats• “How do I know that the software does not sign a transaction for 10000€?”• Trust is essential for successful widespread adoption • Does not always mean “cryptographically assured”• Who will be the first to publish on-card application?
  • Trust• STOP ABUSING THIS WORD!• Opaque systems call for tinfoil hats• “How do I know that the software does not sign a transaction for 10000€?”• Trust is essential for successful widespread adoption • Does not always mean “cryptographically assured”• Who will be the first to publish on-card application?• Ergo I’m no cloud believer
  • Sustainability Interoperability
  • Sustainability
  • Sustainability• Silos
  • Sustainability• Silos • 27x same mistakes? Probably.
  • Sustainability• Silos • 27x same mistakes? Probably. • eID is infrastructure. “Estache” (“Seto”) the Estonian Apache?
  • Sustainability• Silos • 27x same mistakes? Probably. • eID is infrastructure. “Estache” (“Seto”) the Estonian Apache? • University computer class = 27x “Elbonian card software”?
  • Sustainability• Silos • 27x same mistakes? Probably. • eID is infrastructure. “Estache” (“Seto”) the Estonian Apache? • University computer class = 27x “Elbonian card software”?• (PKI smart cards) eID is no CSS or HTML5
  • Sustainability• Silos • 27x same mistakes? Probably. • eID is infrastructure. “Estache” (“Seto”) the Estonian Apache? • University computer class = 27x “Elbonian card software”?• (PKI smart cards) eID is no CSS or HTML5 • Niche market, requires specific skills
  • Sustainability• Silos • 27x same mistakes? Probably. • eID is infrastructure. “Estache” (“Seto”) the Estonian Apache? • University computer class = 27x “Elbonian card software”?• (PKI smart cards) eID is no CSS or HTML5 • Niche market, requires specific skills• Cost
  • Sustainability• Silos • 27x same mistakes? Probably. • eID is infrastructure. “Estache” (“Seto”) the Estonian Apache? • University computer class = 27x “Elbonian card software”?• (PKI smart cards) eID is no CSS or HTML5 • Niche market, requires specific skills• Cost • A plant only grows if you water it
  • Innovation
  • Innovation• Commodity vs niche product • Easily available, interchangeable
  • Innovation• Commodity vs niche product • Easily available, interchangeable• P2P vs platform • SAML vs OpenID
  • Innovation• Commodity vs niche product • Easily available, interchangeable• P2P vs platform • SAML vs OpenID• eID must be ubiquitous to succeed • Make awkward uses easy to implement
  • Innovation• Commodity vs niche product • Easily available, interchangeable• P2P vs platform • SAML vs OpenID• eID must be ubiquitous to succeed • Make awkward uses easy to implement• Does open source lead the innovation or jog behind the cool guys?
  • Innovation• Commodity vs niche product • Easily available, interchangeable• P2P vs platform • SAML vs OpenID• eID must be ubiquitous to succeed • Make awkward uses easy to implement• Does open source lead the innovation or jog behind the cool guys?• Import vs export
  • Innovation• Commodity vs niche product • Easily available, interchangeable• P2P vs platform • SAML vs OpenID• eID must be ubiquitous to succeed • Make awkward uses easy to implement• Does open source lead the innovation or jog behind the cool guys?• Import vs export• Fibonacci innovation?
  • How can OpenSC help?• Grassroots community of specialists from different countries • Share knowledge and experiences • No politics. “Show me the solution that works”• Joint lobby group to collaborate with other (open source) projects • Make Firefox (close to 1/3 of the market) to fix their bugs• A reference implementation• Provide a common framework and platform for collaboration, interoperability and innovation
  • Thank you! Questions? opensc-project.org @MartinPaljak.net