Consumer and Citizen Identities:Government Issued or Trust Frameworks?Maarten Wegdam, NovayEuropean Identity Conference 20...
Novay?    •   Independent Dutch ICT research institute    •   Formerly Telematica Instituut    •   “People driven, ICT emp...
Old problem                  [New Yorker cartoon by Peter Steiner]3
What to expect?    • Re-usable identities are the way to go    • Government vs trust framework: they co-exist    • Banks a...
Identity in the offline world5
And online?           Id theft        Avoidable costs                          Lost revenues (?)       Frustrated users   ...
Solution: re-usable identities        (One or) a few trusted identities          Of course: secure & trusted       Of cour...
Trust in an identity    Authentication    Identity    Level of       means          binding    Assurance8
Challenges for trusted re-usable identities      lack of     privacy      market    trust in Id   issues        entry     ...
The big choice: government or     market as identity provider     • Government – as in offline world     • Market – as pho...
The big choice: government or     market as identity provider     • Government – as in offline world     • Market – as pho...
Decreasing (government) control                   Government issued                  Government regulated                 ...
Identity trust framework = a set of rules            that all players agree upon      To have more trust and a healthy eco...
Success criteria C2B/C2G identity     • Frequent use of eID essential     • For private AND public services (C2B & C2G)   ...
Government issued eID           Identity trust frameworkEasier market entry            Innovation ‘friendlier’• 100% user ...
use-case:     trusted and re-usable consumer identity in NLConsortiumFinancial sectorVision on trust frameworkFeasibility16
vision on trust framework     •   Business model – users should not pay (directly)     •   Business case – re-use existing...
: my lessons learned     • High-level mngt in financial industry do not       understand nerdy terms like trust frameworks...
My 2 cents for relying parties     • Re-use identities from others when you can     • Heterogeneity - no 1-identity-to-rul...
5 things to keep an eye on     1. Will social login (Facebook etc) become more        trustworthy?     2. Will domain-spec...
Take aways           • Re-usable identities are the way to go               • If both C2B and C2G: easier market entry, ch...
Upcoming SlideShare
Loading in …5
×

Consumer and Citizen Identities: Government Issued or Trust Frameworks? (European Identity Conference 2011)

1,749 views

Published on

As presented at the European Identity Conference 2011, on 12 May 2011

Published in: Technology, News & Politics
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,749
On SlideShare
0
From Embeds
0
Number of Embeds
623
Actions
Shares
0
Downloads
21
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Consumer and Citizen Identities: Government Issued or Trust Frameworks? (European Identity Conference 2011)

  1. 1. Consumer and Citizen Identities:Government Issued or Trust Frameworks?Maarten Wegdam, NovayEuropean Identity Conference 201112 May 2011, Munich
  2. 2. Novay? • Independent Dutch ICT research institute • Formerly Telematica Instituut • “People driven, ICT empowered” • ~55 researchers, multi-disciplinary • Innovation projects • Including financial sector, government and semi- government2
  3. 3. Old problem [New Yorker cartoon by Peter Steiner]3
  4. 4. What to expect? • Re-usable identities are the way to go • Government vs trust framework: they co-exist • Banks and government are key • Convincing relying parties: needed and hard work4
  5. 5. Identity in the offline world5
  6. 6. And online? Id theft Avoidable costs Lost revenues (?) Frustrated users Privacy/control6 issues
  7. 7. Solution: re-usable identities (One or) a few trusted identities Of course: secure & trusted Of course: user controlled, privacy sensitive7
  8. 8. Trust in an identity Authentication Identity Level of means binding Assurance8
  9. 9. Challenges for trusted re-usable identities lack of privacy market trust in Id issues entry Provider issues9
  10. 10. The big choice: government or market as identity provider • Government – as in offline world • Market – as phone, internet access, email etc10
  11. 11. The big choice: government or market as identity provider • Government – as in offline world • Market – as phone, internet access, email etc • Some form of controlled market11
  12. 12. Decreasing (government) control Government issued Government regulated Trust framework Free market (tech standard) Note: models 1 to 3 require some form of monopoly or regulator12
  13. 13. Identity trust framework = a set of rules that all players agree upon To have more trust and a healthy ecosystem • A fair business model • New identity providers can join • Easy access for relying parties (scalability) • Balancing interests between players • Privacy assurances • Governance / audits • Support one or more levels of assurance13
  14. 14. Success criteria C2B/C2G identity • Frequent use of eID essential • For private AND public services (C2B & C2G) • Bank involvement seems key • Government governance required • Easy entrance for relying parties • Ease of use for end-users • High (100%?) user penetration needed [based on use cases study in DK,BE.DE,NO,SE,EE,US in 2010]14
  15. 15. Government issued eID Identity trust frameworkEasier market entry Innovation ‘friendlier’• 100% user coverage User choice• gov as relying party International is easier (?)Clearer bus model Benefits of competition …Neutral branding Re-use existing identitiesPrivacy of Relying party Trust: cultural? User privacy: one big brother or several medium brothers?15
  16. 16. use-case: trusted and re-usable consumer identity in NLConsortiumFinancial sectorVision on trust frameworkFeasibility16
  17. 17. vision on trust framework • Business model – users should not pay (directly) • Business case – re-use existing identities • Very easy for relying parties to connect • Several levels of assurance – ‘mid’ trust and up • Mobile – from the start • Privacy – state-of-the-art and consent • Government needed for trust (link to eRecognition)17
  18. 18. : my lessons learned • High-level mngt in financial industry do not understand nerdy terms like trust frameworks • Government needs to be ‘predictable’ !!! • Relying parties: so they don’t wait for gov • Identity providers: trust & no competition • Re-use existing & trusted: you need (all ?) banks as identity providers • not core business, there are risks, and unclear business case ...18
  19. 19. My 2 cents for relying parties • Re-use identities from others when you can • Heterogeneity - no 1-identity-to-rule-them all, accept heterogeneity as inevitable • Stimulate trust frameworks - it is in your interest to reduce heterogeneity without introducing a monopoly • Architect your identity system to accept different levels of assurance, from different parties • If you have customers from only one nation, can wait a couple of years and live in a government-issued C2B eID country: things may be simpler.19
  20. 20. 5 things to keep an eye on 1. Will social login (Facebook etc) become more trustworthy? 2. Will domain-specific trust frameworks expand, e.g. higher education? 3. Are four levels-of-assurance (trust levels) really needed? Will users understand? 4. What is the value of an authentication for a relying party? (BankID is pretty cheap …) 5. Are trust frameworks also about trusting the relying parties?20
  21. 21. Take aways • Re-usable identities are the way to go • If both C2B and C2G: easier market entry, cheaper • Government vs trust framework: they co-exist • Privacy, political, legacy, legislation are factors • Banks and government are key • Market penetration as identity providers • Killer apps as relying parties • Trust • Convincing relying parties: needed and hard work More information: maarten.wegdam@novay.nl http://maarten.wegdam.name21

×