Your SlideShare is downloading. ×
0
Consumer Identity: a Dutch Perspective on Benefits, Issues and Next Steps (EIC2010)
Consumer Identity: a Dutch Perspective on Benefits, Issues and Next Steps (EIC2010)
Consumer Identity: a Dutch Perspective on Benefits, Issues and Next Steps (EIC2010)
Consumer Identity: a Dutch Perspective on Benefits, Issues and Next Steps (EIC2010)
Consumer Identity: a Dutch Perspective on Benefits, Issues and Next Steps (EIC2010)
Consumer Identity: a Dutch Perspective on Benefits, Issues and Next Steps (EIC2010)
Consumer Identity: a Dutch Perspective on Benefits, Issues and Next Steps (EIC2010)
Consumer Identity: a Dutch Perspective on Benefits, Issues and Next Steps (EIC2010)
Consumer Identity: a Dutch Perspective on Benefits, Issues and Next Steps (EIC2010)
Consumer Identity: a Dutch Perspective on Benefits, Issues and Next Steps (EIC2010)
Consumer Identity: a Dutch Perspective on Benefits, Issues and Next Steps (EIC2010)
Consumer Identity: a Dutch Perspective on Benefits, Issues and Next Steps (EIC2010)
Consumer Identity: a Dutch Perspective on Benefits, Issues and Next Steps (EIC2010)
Consumer Identity: a Dutch Perspective on Benefits, Issues and Next Steps (EIC2010)
Consumer Identity: a Dutch Perspective on Benefits, Issues and Next Steps (EIC2010)
Consumer Identity: a Dutch Perspective on Benefits, Issues and Next Steps (EIC2010)
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Consumer Identity: a Dutch Perspective on Benefits, Issues and Next Steps (EIC2010)

587

Published on

As presented at the European Identity Conference, on 6 May 2010 in Munich. Includes short descriptions of cidSafe and OpenIDplus.nl.

As presented at the European Identity Conference, on 6 May 2010 in Munich. Includes short descriptions of cidSafe and OpenIDplus.nl.

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
587
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Consumer Identity: a Dutch Perspective on Benefits, Issues and Next Steps Maarten Wegdam, Novay European Identity Conference 2010 6 May 2010, Munich
  • 2. Novay? • Dutch ICT research institute • Formerly Telematica Instituut • Innovation projects • Networked innovation • Independent, not-for-profit • ~55 researchers, multi-disciplinary • Customers include financial sector, government and semi-government 2
  • 3. The consumer identity problem An old problem The user Service provider • High trust is too expensive • People forget passwords • Lack of (validated) attributes • Low conversion An old (?) solution externalize the identity with an identity provider 3 (authentication + attributes)
  • 4. Why not (really) here yet? Three big reasons market lack of privacy entry trust in issues issues IdP 4
  • 5. Market entry issue 100% coverage of consumers Chicken-egg • Identity-providers vs relying parties • Not any more for basic trust (?) Unclear value chain 5
  • 6. Trust and privacy issues Don’t trust your identity provider! • Security risk • Business continuity risk • Privacy risk Reduce the need to trust the identity provider • Through technical means, when possible … • By making the identity provider ‘behave’ • Through laws • Through competition • By agreeing on a set of rules 6
  • 7. Making the IdP behave and the role of government Decreasing regulation: Government issued Government regulated Trust framework Free market (tech standard) Note: models 1 to 3 require some form of monopoly or regulator 7
  • 8. A trust framework A set of rules that all players agree upon To have more trust and a healthy ecosystem • New identity providers can join • Easy assess for RPs (scalability) • Balancing interests between IdPs, RPs and users • Privacy assurances • Governance / audits 8
  • 9. A Dutch perspective • E-government solution (DigiD) cannot be used in the private sector • A basic-trust initiative: OpenIDplus.nl • A high-trust initiative: cidSafe 9
  • 10. OpenIDplus.nl trust framework • Basic trust consumer-2-business identity • Based on OpenID • Subgoals + • Improve interoperability, security & privacy (somewhat) • Set of rules for IdPs, and RPs, to increase trust • Governance • Standardize per-attribute validate methods market • Create critical mass (IdPs and especially RPs) entry 10
  • 11. OpenIDplus.nl Per-attribute validation methods • Standardization trust levels is needed for RP • To interoperate with different IdPs (scalability) • Common approach: levels of assurance for an identity • NIST / STORK levels 1 to 4 • Combines authentication, identity binding etc • BUT: existing IdPs support different sets of attributes, validated in different ways • Scalability compromise: per-attribute standardized validation methods 11
  • 12. OpenIDplus.nl Status • Draft specification and (very) draft rules • Successful proof-of-concept with the specification • Starting next phase: larger scale testing, setting up governance, finalize spec & rules • Go ‘live’ end of the year (?) • Ongoing debate: how ‘big’ is the plus? Non-exchaustive list of involved companies: Wehkamp, SURFnet, ANWB, Hyves, Unive, TMG, DigiNotar, NPO, Holder, ECP-EPN, Evidos, Novay 12
  • 13. cidSafe initiative a safe consumer identity • High-trust consumer identity • Collaborative project by stakeholders • Goal: breakthrough for high-trust consumer identity in the Netherlands • Short-term goal: if and how this is feasible, with a focus on financial sector 13
  • 14. cidSafe status • Started in February 2010 … • Studying Dutch and foreign successes and failures; business case for relying parties; business modeling; outline of trust framework; evangelism … • http://cidsafe.novay.nl • Partners: 14
  • 15. Why (now) two Dutch consumer identity initiatives? Too big (?) difference in • needed trust • value chain • timeframes • user perception (and context) • possible role of government A basic-trust solution will help a high-trust solution! 15
  • 16. Take aways • Breakthrough in consumer identity by jointly working on trust frameworks • Balance openness with trust • Role of government important and varies between countries In Netherlands: • A basic-trust initiative: OpenIDplus.nl • A high-trust initiative: cidSafe More information: http://maarten.wegdam.name 16

×