Consumer and Citizen Identities: Government Issued or Trust Frameworks? (European Identity Conference 2011)
Upcoming SlideShare
Loading in...5
×
 

Consumer and Citizen Identities: Government Issued or Trust Frameworks? (European Identity Conference 2011)

on

  • 1,397 views

As presented at the European Identity Conference 2011, on 12 May 2011

As presented at the European Identity Conference 2011, on 12 May 2011

Statistics

Views

Total Views
1,397
Views on SlideShare
858
Embed Views
539

Actions

Likes
0
Downloads
19
Comments
0

4 Embeds 539

http://maarten.wegdam.name 535
http://webcache.googleusercontent.com 2
http://www.linkedin.com 1
https://www.linkedin.com 1

Accessibility

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Consumer and Citizen Identities: Government Issued or Trust Frameworks? (European Identity Conference 2011) Consumer and Citizen Identities: Government Issued or Trust Frameworks? (European Identity Conference 2011) Presentation Transcript

  • Consumer and Citizen Identities:Government Issued or Trust Frameworks?Maarten Wegdam, NovayEuropean Identity Conference 201112 May 2011, Munich
  • Novay? • Independent Dutch ICT research institute • Formerly Telematica Instituut • “People driven, ICT empowered” • ~55 researchers, multi-disciplinary • Innovation projects • Including financial sector, government and semi- government2
  • Old problem [New Yorker cartoon by Peter Steiner]3
  • What to expect? • Re-usable identities are the way to go • Government vs trust framework: they co-exist • Banks and government are key • Convincing relying parties: needed and hard work4
  • Identity in the offline world5
  • And online? Id theft Avoidable costs Lost revenues (?) Frustrated users Privacy/control6 issues
  • Solution: re-usable identities (One or) a few trusted identities Of course: secure & trusted Of course: user controlled, privacy sensitive7
  • Trust in an identity Authentication Identity Level of means binding Assurance8
  • Challenges for trusted re-usable identities lack of privacy market trust in Id issues entry Provider issues9
  • The big choice: government or market as identity provider • Government – as in offline world • Market – as phone, internet access, email etc10
  • The big choice: government or market as identity provider • Government – as in offline world • Market – as phone, internet access, email etc • Some form of controlled market11
  • Decreasing (government) control Government issued Government regulated Trust framework Free market (tech standard) Note: models 1 to 3 require some form of monopoly or regulator12
  • Identity trust framework = a set of rules that all players agree upon To have more trust and a healthy ecosystem • A fair business model • New identity providers can join • Easy access for relying parties (scalability) • Balancing interests between players • Privacy assurances • Governance / audits • Support one or more levels of assurance13
  • Success criteria C2B/C2G identity • Frequent use of eID essential • For private AND public services (C2B & C2G) • Bank involvement seems key • Government governance required • Easy entrance for relying parties • Ease of use for end-users • High (100%?) user penetration needed [based on use cases study in DK,BE.DE,NO,SE,EE,US in 2010]14
  • Government issued eID Identity trust frameworkEasier market entry Innovation ‘friendlier’• 100% user coverage User choice• gov as relying party International is easier (?)Clearer bus model Benefits of competition …Neutral branding Re-use existing identitiesPrivacy of Relying party Trust: cultural? User privacy: one big brother or several medium brothers?15
  • use-case: trusted and re-usable consumer identity in NLConsortiumFinancial sectorVision on trust frameworkFeasibility16
  • vision on trust framework • Business model – users should not pay (directly) • Business case – re-use existing identities • Very easy for relying parties to connect • Several levels of assurance – ‘mid’ trust and up • Mobile – from the start • Privacy – state-of-the-art and consent • Government needed for trust (link to eRecognition)17
  • : my lessons learned • High-level mngt in financial industry do not understand nerdy terms like trust frameworks • Government needs to be ‘predictable’ !!! • Relying parties: so they don’t wait for gov • Identity providers: trust & no competition • Re-use existing & trusted: you need (all ?) banks as identity providers • not core business, there are risks, and unclear business case ...18
  • My 2 cents for relying parties • Re-use identities from others when you can • Heterogeneity - no 1-identity-to-rule-them all, accept heterogeneity as inevitable • Stimulate trust frameworks - it is in your interest to reduce heterogeneity without introducing a monopoly • Architect your identity system to accept different levels of assurance, from different parties • If you have customers from only one nation, can wait a couple of years and live in a government-issued C2B eID country: things may be simpler.19
  • 5 things to keep an eye on 1. Will social login (Facebook etc) become more trustworthy? 2. Will domain-specific trust frameworks expand, e.g. higher education? 3. Are four levels-of-assurance (trust levels) really needed? Will users understand? 4. What is the value of an authentication for a relying party? (BankID is pretty cheap …) 5. Are trust frameworks also about trusting the relying parties?20
  • Take aways • Re-usable identities are the way to go • If both C2B and C2G: easier market entry, cheaper • Government vs trust framework: they co-exist • Privacy, political, legacy, legislation are factors • Banks and government are key • Market penetration as identity providers • Killer apps as relying parties • Trust • Convincing relying parties: needed and hard work More information: maarten.wegdam@novay.nl http://maarten.wegdam.name21