Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
re-thinking identity – meeting public sector challenges




            what should the public sector
                    ...
realities of the threat landscape
• hackers
• crackers
• script kiddies …

• … and governments ….?
we need trust in our digital lives
        • any systems – private or public sector –
          need to:
           – reco...
… not this …
… or this …
not a great model either …

                  your name, bank account
                  number, sort code number
         ...
improvements
so how about this?

paper world                          digital world




                                no need for thi...
and this?
• enables users to
  use multiple
  identity systems
• based on Web
  services
• usable by any
  application
• strong 2-way
  authentication
• enhanced privacy
   – at user’s discretion,
     store personal
     information on
    ...
so what should the public sector
          demand …?

        • not a 1940s-50s system based
          around identity car...
the public sector should demand …
         • a 21st century approach to identity
           with clear value and incentive...
• a choice of devices that makes sense
  not only to government, but also to
  us as citizens and to the commercial
  sect...
minimal disclosure tokens / U-Prove
minimal disclosure tokens: basics


Name:      Alice Smith                DOB:        03-25-1976
Name:      Alice Smith
Ad...
minimal disclosure tokens: basics


                                                      Which adult
                    ...
authenticated anonymity
                          Prove that
                          you are a
                         ...
unlinkable data sharing
   Name:    Alice Smith
   Address: 1234 Crypto, Seattle, WA
   Status:  gold customer




       ...
… and at the macro level
    • fundamental reform of the
      policymaking process:
      – ensure technological and scie...
conclusion
• the public sector can help raise the game for
  everyone:
  – placing the citizen at the centre and in contro...
• hence helping ensure that a twenty-first
  identity framework …
  – underpins the rule of law, security, and privacy
   ...
some links
• Kim Cameron’s blog
  http://www.identityblog.com/
• Stefan Brands’ work
  http://www.credentica.com/
• CardSp...
re-thinking identity – meeting public sector challenges




                                 thank you …

                ...
What Should The Public Sector Demand   Jerry Fishenden 15.05.2009
Upcoming SlideShare
Loading in …5
×

What Should The Public Sector Demand Jerry Fishenden 15.05.2009

1,074 views

Published on

Presentation given at the 2009 Identity and Privacy Conference, London

Published in: Technology
  • Be the first to comment

  • Be the first to like this

What Should The Public Sector Demand Jerry Fishenden 15.05.2009

  1. 1. re-thinking identity – meeting public sector challenges what should the public sector demand? Jerry Fishenden National Technology Officer Microsoft blog – http://ntouk.com twitter – http://twitter.com/ntouk
  2. 2. realities of the threat landscape • hackers • crackers • script kiddies … • … and governments ….?
  3. 3. we need trust in our digital lives • any systems – private or public sector – need to: – recognise the importance of the rule of law, security, and privacy and other core democratic freedoms in contributing to trustworthiness – honour European values such as privacy, freedom of expression, protection of minorities, freedom of association, and freedom of belief • the public sector has a key role in overall governance and compliance in support of these important values
  4. 4. … not this …
  5. 5. … or this …
  6. 6. not a great model either … your name, bank account number, sort code number … (conveniently embossed for easy skimming) … your signature, 234 “security code” and “automated hacking magnetic strip”
  7. 7. improvements
  8. 8. so how about this? paper world digital world no need for this vulnerability useful data … in the wrong hands
  9. 9. and this? • enables users to use multiple identity systems • based on Web services • usable by any application
  10. 10. • strong 2-way authentication • enhanced privacy – at user’s discretion, store personal information on PC/Phone/Device or in “the cloud” – fully informed disclosure – multiple personas, a mirror of the real world
  11. 11. so what should the public sector demand …? • not a 1940s-50s system based around identity cards • or a 1960s idea of computers sitting at the centre and seeing and knowing everything – (psst. government is no better at the centre of our lives than Microsoft Passport was …)
  12. 12. the public sector should demand … • a 21st century approach to identity with clear value and incentives for citizens, businesses and the public sector • proof of entitlement and authorisation to use a service, without necessarily identifying the user – that is, the disclosure of only the bare minimum of information necessary for a transaction: • for example, providing a proof that a person is over or under a certain age threshold, without disclosing their actual date of birth or their age
  13. 13. • a choice of devices that makes sense not only to government, but also to us as citizens and to the commercial sector • the effective management of electronic credentials throughout the lifecycle between issuance and revocation, in a privacy-friendly way • decentralised governance of identity infrastructure across the private and public sectors, without the need or desire for anyone to sit in the middle and log and monitor everything we do in our daily lives
  14. 14. minimal disclosure tokens / U-Prove
  15. 15. minimal disclosure tokens: basics Name: Alice Smith DOB: 03-25-1976 Name: Alice Smith Address: Address: 1234 Crypto, Seattle, WA 1234 Crypto, Seattle, Reputation: high Status: gold customer Status: gold customer Gender: female
  16. 16. minimal disclosure tokens: basics Which adult Prove that from WA is you are from this? WA and over 21 ? ? Name: Alice Smith Address: 1234 Crypto, Seattle, WA DOB: 03-25-1976 proof Over-21 Status: gold customer Reputation: high Gender: female
  17. 17. authenticated anonymity Prove that you are a gold customer Name: Alice Smith Address: 1234 Crypto, Seattle, WA Status: gold customer
  18. 18. unlinkable data sharing Name: Alice Smith Address: 1234 Crypto, Seattle, WA Status: gold customer ? UserID: City: Alice S. Seattle, WA ? No unwanted linkages Name: Alice Smith UserID: Alice S. Address: 1234 Crypto, Seattle, WA Status: gold customer
  19. 19. … and at the macro level • fundamental reform of the policymaking process: – ensure technological and scientific evidence is gathered and understood prior to legislation being brought forward • eg avoid ‘the Identity Cards Act’ model, where the mechanism/solution (cards) is fused with the objective and policy outcome • don’t plan based on what you can see in the rear-view mirror
  20. 20. conclusion • the public sector can help raise the game for everyone: – placing the citizen at the centre and in control (not at the centre under permanent and routine surveillance) – empowering the citizen with additional safeguards and protections well beyond those that the current plastic cards in our wallets and purses provide – acting as a catalyst to encourage the adoption of user- centric, not provider-centric, models
  21. 21. • hence helping ensure that a twenty-first identity framework … – underpins the rule of law, security, and privacy and other core democratic freedoms in contributing to trustworthiness – honours European values such as privacy, freedom of expression, protection of minorities, freedom of association, and freedom of belief
  22. 22. some links • Kim Cameron’s blog http://www.identityblog.com/ • Stefan Brands’ work http://www.credentica.com/ • CardSpace http://msdn.microsoft.com/en- us/library/aa480189.aspx • Trust in Digital Life http://trustindigitallife.eu
  23. 23. re-thinking identity – meeting public sector challenges thank you … Jerry Fishenden National Technology Officer Microsoft blog – http://ntouk.com twitter – http://twitter.com/ntouk

×