SlideShare a Scribd company logo

OpenSC: eID interoperability through open source software

Martin Paljak
Martin Paljak
Technology
1 of 55
Download to read offline
eID interoperability through open source software Martin Paljak OpenSC Project www.opensc-project.org
Quick background check • Dealing with Estonian eID (1st generation) since 2003 • Involved with OpenID (“OpenID for Estonians, OpenID.ee”) • Open source security/crypto/smart cards/identity software • Maintainer/lead developer of OpenSC Project since 2010 • All opinions expressed are my own
Agenda • What is OpenSC • Problems observed from earth • Why open source matters • How OpenSC can help
OpenSC
OpenSC • Open source software (middleware) for cryptographic smart cards • Developed by independent team of international volunteers
OpenSC • Open source software (middleware) for cryptographic smart cards • Developed by independent team of international volunteers • Provides standard interfaces for software developers and applications to access cryptographic capabilities of smart cards • Standards are published or defined by market
OpenSC • Open source software (middleware) for cryptographic smart cards • Developed by independent team of international volunteers • Provides standard interfaces for software developers and applications to access cryptographic capabilities of smart cards • Standards are published or defined by market • Cross platform (Windows, Mac OS X, Linux/Unix) • PKCS#11, CryptoAPI (minidriver), Tokend/CDSA
OpenSC • Open source software (middleware) for cryptographic smart cards • Developed by independent team of international volunteers • Provides standard interfaces for software developers and applications to access cryptographic capabilities of smart cards • Standards are published or defined by market • Cross platform (Windows, Mac OS X, Linux/Unix) • PKCS#11, CryptoAPI (minidriver), Tokend/CDSA • PKCS#15 (ISO7816-15, IAS-ECC, PIV, EstEID, ...) • Card personalization tools
OpenSC • Open source software (middleware) for cryptographic smart cards • Developed by independent team of international volunteers • Provides standard interfaces for software developers and applications to access cryptographic capabilities of smart cards • Standards are published or defined by market • Cross platform (Windows, Mac OS X, Linux/Unix) • PKCS#11, CryptoAPI (minidriver), Tokend/CDSA • PKCS#15 (ISO7816-15, IAS-ECC, PIV, EstEID, ...) • Card personalization tools • “OpenSC has become the defacto open source smartcard provider”
OpenSC enables applications!
OpenSC enables applications! • Firefox - HTTPS authentication • Thunderbird - S/MIME signatures and encryption • Google Chrome - HTTPS authentication • E-voting - vote signing and authentication • OpenSSH - authentication • Safari - HTTPS authentication • Mail.app - S/MIME signatures and encryption • Outlook - S/MIME signatures and encryption • Open(Libre)Office - digital signatures • Internet Explorer - HTTPS authentication • Adobe Acrobat - digital signatures • OpenVPN - authentication • Putty - authentication • WinSCP - authentication
Real life applications, right now.
OpenSC supports* • Estonian eID • Finnish eID • Spanish eID* • Belgian eID • Portuguese eID • Italian eID • IAS-ECC* • PIV/CAC • Latvian eID* * - work in progress or other but-s or limitations
Problems with eID software projects • Initiation & execution • Trust • Sustainability • Interoperability • Innovation
Regulators endorse execution, incl. open source.
Initiation & execution
Initiation & execution • Reduced platform availability
Initiation & execution • Reduced platform availability • Linux (read: non-Windows)
Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga.
Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga. • Licensing (OpenSC LGPL)
Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga. • Licensing (OpenSC LGPL) • Belgium
Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga. • Licensing (OpenSC LGPL) • Belgium • Spain
Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga. • Licensing (OpenSC LGPL) • Belgium • Spain • Portugal
Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga. • Licensing (OpenSC LGPL) • Belgium • Spain • Portugal • Latvia
Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga. • Licensing (OpenSC LGPL) • Belgium • Spain • Portugal • Latvia • Commercial vs public interest. Cost
Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga. • Licensing (OpenSC LGPL) • Belgium • Spain • Portugal • Latvia • Commercial vs public interest. Cost • Client software is complex and interweaved. Cost
Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga. • Licensing (OpenSC LGPL) • Belgium • Spain • Portugal • Latvia • Commercial vs public interest. Cost • Client software is complex and interweaved. Cost • Keeping up with software changes is challenging
Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga. • Licensing (OpenSC LGPL) • Belgium • Spain • Portugal • Latvia • Commercial vs public interest. Cost • Client software is complex and interweaved. Cost • Keeping up with software changes is challenging • 1st iteration tends to “fail”
Trust
Trust • STOP ABUSING THIS WORD!
Trust • STOP ABUSING THIS WORD! • Opaque systems call for tinfoil hats
Trust • STOP ABUSING THIS WORD! • Opaque systems call for tinfoil hats • “How do I know that the software does not sign a transaction for 10000€?”
Trust • STOP ABUSING THIS WORD! • Opaque systems call for tinfoil hats • “How do I know that the software does not sign a transaction for 10000€?” • Trust is essential for successful widespread adoption
Trust • STOP ABUSING THIS WORD! • Opaque systems call for tinfoil hats • “How do I know that the software does not sign a transaction for 10000€?” • Trust is essential for successful widespread adoption • Does not always mean “cryptographically assured”
Trust • STOP ABUSING THIS WORD! • Opaque systems call for tinfoil hats • “How do I know that the software does not sign a transaction for 10000€?” • Trust is essential for successful widespread adoption • Does not always mean “cryptographically assured” • Who will be the first to publish on-card application?
Trust • STOP ABUSING THIS WORD! • Opaque systems call for tinfoil hats • “How do I know that the software does not sign a transaction for 10000€?” • Trust is essential for successful widespread adoption • Does not always mean “cryptographically assured” • Who will be the first to publish on-card application? • Ergo I’m no cloud believer
Sustainability Interoperability
Sustainability
Sustainability • Silos
Sustainability • Silos • 27x same mistakes? Probably.
Sustainability • Silos • 27x same mistakes? Probably. • eID is infrastructure. “Estache” (“Seto”) the Estonian Apache?
Sustainability • Silos • 27x same mistakes? Probably. • eID is infrastructure. “Estache” (“Seto”) the Estonian Apache? • University computer class = 27x “Elbonian card software”?
Sustainability • Silos • 27x same mistakes? Probably. • eID is infrastructure. “Estache” (“Seto”) the Estonian Apache? • University computer class = 27x “Elbonian card software”? • (PKI smart cards) eID is no CSS or HTML5
Sustainability • Silos • 27x same mistakes? Probably. • eID is infrastructure. “Estache” (“Seto”) the Estonian Apache? • University computer class = 27x “Elbonian card software”? • (PKI smart cards) eID is no CSS or HTML5 • Niche market, requires specific skills
Sustainability • Silos • 27x same mistakes? Probably. • eID is infrastructure. “Estache” (“Seto”) the Estonian Apache? • University computer class = 27x “Elbonian card software”? • (PKI smart cards) eID is no CSS or HTML5 • Niche market, requires specific skills • Cost
Sustainability • Silos • 27x same mistakes? Probably. • eID is infrastructure. “Estache” (“Seto”) the Estonian Apache? • University computer class = 27x “Elbonian card software”? • (PKI smart cards) eID is no CSS or HTML5 • Niche market, requires specific skills • Cost • A plant only grows if you water it
Innovation
Innovation • Commodity vs niche product • Easily available, interchangeable
Innovation • Commodity vs niche product • Easily available, interchangeable • P2P vs platform • SAML vs OpenID
Innovation • Commodity vs niche product • Easily available, interchangeable • P2P vs platform • SAML vs OpenID • eID must be ubiquitous to succeed • Make awkward uses easy to implement
Innovation • Commodity vs niche product • Easily available, interchangeable • P2P vs platform • SAML vs OpenID • eID must be ubiquitous to succeed • Make awkward uses easy to implement • Does open source lead the innovation or jog behind the cool guys?
Innovation • Commodity vs niche product • Easily available, interchangeable • P2P vs platform • SAML vs OpenID • eID must be ubiquitous to succeed • Make awkward uses easy to implement • Does open source lead the innovation or jog behind the cool guys? • Import vs export
Innovation • Commodity vs niche product • Easily available, interchangeable • P2P vs platform • SAML vs OpenID • eID must be ubiquitous to succeed • Make awkward uses easy to implement • Does open source lead the innovation or jog behind the cool guys? • Import vs export • Fibonacci innovation?
How can OpenSC help? • Grassroots community of specialists from different countries • Share knowledge and experiences • No politics. “Show me the solution that works” • Joint lobby group to collaborate with other (open source) projects • Make Firefox (close to 1/3 of the market) to fix their bugs • A reference implementation • Provide a common framework and platform for collaboration, interoperability and innovation
Thank you! Questions? opensc-project.org @MartinPaljak.net

Recommended

End-to-End Analysis of a Domain Generating Algorithm Malware Family
End-to-End Analysis of a Domain Generating Algorithm Malware FamilyEnd-to-End Analysis of a Domain Generating Algorithm Malware Family
End-to-End Analysis of a Domain Generating Algorithm Malware Family
CrowdStrike
 
Elastic Stack Introduction
Elastic Stack IntroductionElastic Stack Introduction
Elastic Stack Introduction
Vikram Shinde
 
Elasticsearch
ElasticsearchElasticsearch
Elasticsearch
Hermeto Romano
 
Elk - An introduction
Elk - An introductionElk - An introduction
Elk - An introduction
Hossein Shemshadi
 
Elastic - ELK, Logstash & Kibana
Elastic - ELK, Logstash & KibanaElastic - ELK, Logstash & Kibana
Elastic - ELK, Logstash & Kibana
SpringPeople
 
Building Community APIs using GraphQL, Neo4j, and Kotlin
Building Community APIs using GraphQL, Neo4j, and KotlinBuilding Community APIs using GraphQL, Neo4j, and Kotlin
Building Community APIs using GraphQL, Neo4j, and Kotlin
Neo4j
 
How to Extend Apache Spark with Customized Optimizations
How to Extend Apache Spark with Customized OptimizationsHow to Extend Apache Spark with Customized Optimizations
How to Extend Apache Spark with Customized Optimizations
Databricks
 
JavaScript Static Security Analysis made easy with JSPrime
JavaScript Static Security Analysis made easy with JSPrimeJavaScript Static Security Analysis made easy with JSPrime
JavaScript Static Security Analysis made easy with JSPrime
Nishant Das Patnaik
 

Recommended

End-to-End Analysis of a Domain Generating Algorithm Malware Family
End-to-End Analysis of a Domain Generating Algorithm Malware FamilyEnd-to-End Analysis of a Domain Generating Algorithm Malware Family
End-to-End Analysis of a Domain Generating Algorithm Malware Family
CrowdStrike
 
Elastic Stack Introduction
Elastic Stack IntroductionElastic Stack Introduction
Elastic Stack Introduction
Vikram Shinde
 
Elasticsearch
ElasticsearchElasticsearch
Elasticsearch
Hermeto Romano
 
Elk - An introduction
Elk - An introductionElk - An introduction
Elk - An introduction
Hossein Shemshadi
 
Elastic - ELK, Logstash & Kibana
Elastic - ELK, Logstash & KibanaElastic - ELK, Logstash & Kibana
Elastic - ELK, Logstash & Kibana
SpringPeople
 
Building Community APIs using GraphQL, Neo4j, and Kotlin
Building Community APIs using GraphQL, Neo4j, and KotlinBuilding Community APIs using GraphQL, Neo4j, and Kotlin
Building Community APIs using GraphQL, Neo4j, and Kotlin
Neo4j
 
How to Extend Apache Spark with Customized Optimizations
How to Extend Apache Spark with Customized OptimizationsHow to Extend Apache Spark with Customized Optimizations
How to Extend Apache Spark with Customized Optimizations
Databricks
 
JavaScript Static Security Analysis made easy with JSPrime
JavaScript Static Security Analysis made easy with JSPrimeJavaScript Static Security Analysis made easy with JSPrime
JavaScript Static Security Analysis made easy with JSPrime
Nishant Das Patnaik
 
The Five Stages of Enterprise Jupyter Deployment
The Five Stages of Enterprise Jupyter DeploymentThe Five Stages of Enterprise Jupyter Deployment
The Five Stages of Enterprise Jupyter Deployment
Frederick Reiss
 
Quality of Service Ingress Rate Limiting and OVS Hardware Offloads
Quality of Service Ingress Rate Limiting and OVS Hardware OffloadsQuality of Service Ingress Rate Limiting and OVS Hardware Offloads
Quality of Service Ingress Rate Limiting and OVS Hardware Offloads
Netronome
 
Everything you always wanted to know about Redis but were afraid to ask
Everything you always wanted to know about Redis but were afraid to askEverything you always wanted to know about Redis but were afraid to ask
Everything you always wanted to know about Redis but were afraid to ask
Carlos Abalde
 
MongoDB World 2019: Finding the Right MongoDB Atlas Cluster Size: Does This I...
MongoDB World 2019: Finding the Right MongoDB Atlas Cluster Size: Does This I...MongoDB World 2019: Finding the Right MongoDB Atlas Cluster Size: Does This I...
MongoDB World 2019: Finding the Right MongoDB Atlas Cluster Size: Does This I...
MongoDB
 
Dapr - A 10x Developer Framework for Any Language
Dapr - A 10x Developer Framework for Any LanguageDapr - A 10x Developer Framework for Any Language
Dapr - A 10x Developer Framework for Any Language
Bilgin Ibryam
 
Application performance monitoring with Elastic APM and the ELK stack
Application performance monitoring with Elastic APM and the ELK stackApplication performance monitoring with Elastic APM and the ELK stack
Application performance monitoring with Elastic APM and the ELK stack
Alain Lompo
 
Under The Hood Of A Shard-Per-Core Database Architecture
Under The Hood Of A Shard-Per-Core Database ArchitectureUnder The Hood Of A Shard-Per-Core Database Architecture
Under The Hood Of A Shard-Per-Core Database Architecture
ScyllaDB
 
Vectors are the new JSON in PostgreSQL
Vectors are the new JSON in PostgreSQLVectors are the new JSON in PostgreSQL
Vectors are the new JSON in PostgreSQL
Jonathan Katz
 
fluent-plugin-beats at Elasticsearch meetup #14
fluent-plugin-beats at Elasticsearch meetup #14fluent-plugin-beats at Elasticsearch meetup #14
fluent-plugin-beats at Elasticsearch meetup #14
N Masahiro
 
Microservices for Application Modernisation
Microservices for Application ModernisationMicroservices for Application Modernisation
Microservices for Application Modernisation
Ajay Kumar Uppal
 
ELK introduction
ELK introductionELK introduction
ELK introduction
Waldemar Neto
 
FIWARE: Managing Context Information at large scale
FIWARE: Managing Context Information at large scaleFIWARE: Managing Context Information at large scale
FIWARE: Managing Context Information at large scale
Fermin Galan
 
The Patterns of Distributed Logging and Containers
The Patterns of Distributed Logging and ContainersThe Patterns of Distributed Logging and Containers
The Patterns of Distributed Logging and Containers
SATOSHI TAGOMORI
 
How Apache Drives Music Recommendations At Spotify
How Apache Drives Music Recommendations At SpotifyHow Apache Drives Music Recommendations At Spotify
How Apache Drives Music Recommendations At Spotify
Josh Baer
 
Elk
Elk Elk
Elk
Caleb Wang
 
NATS: A Cloud Native Messaging System
NATS: A Cloud Native Messaging SystemNATS: A Cloud Native Messaging System
NATS: A Cloud Native Messaging System
Shiju Varghese
 
Elasticsearch
ElasticsearchElasticsearch
Elasticsearch
Shagun Rathore
 
Identity management and single sign on - how much flexibility
Identity management and single sign on - how much flexibilityIdentity management and single sign on - how much flexibility
Identity management and single sign on - how much flexibility
Ryan Dawson
 
Advanced Terraform
Advanced TerraformAdvanced Terraform
Advanced Terraform
Samsung Electronics
 
OpenStack DevStack Install - 2부 (Multi-nodes)
OpenStack DevStack Install - 2부 (Multi-nodes)OpenStack DevStack Install - 2부 (Multi-nodes)
OpenStack DevStack Install - 2부 (Multi-nodes)
Ian Choi
 
JavaCard development Quickstart
JavaCard development QuickstartJavaCard development Quickstart
JavaCard development Quickstart
Martin Paljak
 
OpenDNIe Hackfest
OpenDNIe HackfestOpenDNIe Hackfest
OpenDNIe Hackfest
Martin Paljak
 

More Related Content

What's hot

The Five Stages of Enterprise Jupyter Deployment
The Five Stages of Enterprise Jupyter DeploymentThe Five Stages of Enterprise Jupyter Deployment
The Five Stages of Enterprise Jupyter Deployment
Frederick Reiss
 
Under The Hood Of A Shard-Per-Core Database Architecture
Under The Hood Of A Shard-Per-Core Database ArchitectureUnder The Hood Of A Shard-Per-Core Database Architecture
Under The Hood Of A Shard-Per-Core Database Architecture
ScyllaDB
 

What's hot (20)

The Five Stages of Enterprise Jupyter Deployment
The Five Stages of Enterprise Jupyter DeploymentThe Five Stages of Enterprise Jupyter Deployment
The Five Stages of Enterprise Jupyter Deployment
 
Quality of Service Ingress Rate Limiting and OVS Hardware Offloads
Quality of Service Ingress Rate Limiting and OVS Hardware OffloadsQuality of Service Ingress Rate Limiting and OVS Hardware Offloads
Quality of Service Ingress Rate Limiting and OVS Hardware Offloads
 
Everything you always wanted to know about Redis but were afraid to ask
Everything you always wanted to know about Redis but were afraid to askEverything you always wanted to know about Redis but were afraid to ask
Everything you always wanted to know about Redis but were afraid to ask
 
MongoDB World 2019: Finding the Right MongoDB Atlas Cluster Size: Does This I...
MongoDB World 2019: Finding the Right MongoDB Atlas Cluster Size: Does This I...MongoDB World 2019: Finding the Right MongoDB Atlas Cluster Size: Does This I...
MongoDB World 2019: Finding the Right MongoDB Atlas Cluster Size: Does This I...
 
Dapr - A 10x Developer Framework for Any Language
Dapr - A 10x Developer Framework for Any LanguageDapr - A 10x Developer Framework for Any Language
Dapr - A 10x Developer Framework for Any Language
 
Application performance monitoring with Elastic APM and the ELK stack
Application performance monitoring with Elastic APM and the ELK stackApplication performance monitoring with Elastic APM and the ELK stack
Application performance monitoring with Elastic APM and the ELK stack
 
Under The Hood Of A Shard-Per-Core Database Architecture
Under The Hood Of A Shard-Per-Core Database ArchitectureUnder The Hood Of A Shard-Per-Core Database Architecture
Under The Hood Of A Shard-Per-Core Database Architecture
 
Vectors are the new JSON in PostgreSQL
Vectors are the new JSON in PostgreSQLVectors are the new JSON in PostgreSQL
Vectors are the new JSON in PostgreSQL
 
fluent-plugin-beats at Elasticsearch meetup #14
fluent-plugin-beats at Elasticsearch meetup #14fluent-plugin-beats at Elasticsearch meetup #14
fluent-plugin-beats at Elasticsearch meetup #14
 
Microservices for Application Modernisation
Microservices for Application ModernisationMicroservices for Application Modernisation
Microservices for Application Modernisation
 
ELK introduction
ELK introductionELK introduction
ELK introduction
 
FIWARE: Managing Context Information at large scale
FIWARE: Managing Context Information at large scaleFIWARE: Managing Context Information at large scale
FIWARE: Managing Context Information at large scale
 
The Patterns of Distributed Logging and Containers
The Patterns of Distributed Logging and ContainersThe Patterns of Distributed Logging and Containers
The Patterns of Distributed Logging and Containers
 
How Apache Drives Music Recommendations At Spotify
How Apache Drives Music Recommendations At SpotifyHow Apache Drives Music Recommendations At Spotify
How Apache Drives Music Recommendations At Spotify
 
Elk
Elk Elk
Elk
 
NATS: A Cloud Native Messaging System
NATS: A Cloud Native Messaging SystemNATS: A Cloud Native Messaging System
NATS: A Cloud Native Messaging System
 
Elasticsearch
ElasticsearchElasticsearch
Elasticsearch
 
Identity management and single sign on - how much flexibility
Identity management and single sign on - how much flexibilityIdentity management and single sign on - how much flexibility
Identity management and single sign on - how much flexibility
 
Advanced Terraform
Advanced TerraformAdvanced Terraform
Advanced Terraform
 
OpenStack DevStack Install - 2부 (Multi-nodes)
OpenStack DevStack Install - 2부 (Multi-nodes)OpenStack DevStack Install - 2부 (Multi-nodes)
OpenStack DevStack Install - 2부 (Multi-nodes)
 

Viewers also liked

eSmartlock - an antipiracy dongle with integrated DRM functionalities
eSmartlock - an antipiracy dongle with integrated DRM functionalitieseSmartlock - an antipiracy dongle with integrated DRM functionalities
eSmartlock - an antipiracy dongle with integrated DRM functionalities
Yiannis Hatzopoulos
 

Viewers also liked (9)

JavaCard development Quickstart
JavaCard development QuickstartJavaCard development Quickstart
JavaCard development Quickstart
 
OpenDNIe Hackfest
OpenDNIe HackfestOpenDNIe Hackfest
OpenDNIe Hackfest
 
Codebits 2011
Codebits 2011Codebits 2011
Codebits 2011
 
Veebis allkirjastamine ID-kaardiga
Veebis allkirjastamine ID-kaardigaVeebis allkirjastamine ID-kaardiga
Veebis allkirjastamine ID-kaardiga
 
ID-kaardist 100%
ID-kaardist 100%ID-kaardist 100%
ID-kaardist 100%
 
Security applications with Java Card
Security applications with Java CardSecurity applications with Java Card
Security applications with Java Card
 
Javacardtech
JavacardtechJavacardtech
Javacardtech
 
eSmartlock - an antipiracy dongle with integrated DRM functionalities
eSmartlock - an antipiracy dongle with integrated DRM functionalitieseSmartlock - an antipiracy dongle with integrated DRM functionalities
eSmartlock - an antipiracy dongle with integrated DRM functionalities
 
eSmartlock a USB Javacard dongle with anti-piracy and DRM services
eSmartlock a USB Javacard dongle with anti-piracy and DRM serviceseSmartlock a USB Javacard dongle with anti-piracy and DRM services
eSmartlock a USB Javacard dongle with anti-piracy and DRM services
 

Similar to OpenSC: eID interoperability through open source software

No Delay Software Company Overview
No Delay Software Company OverviewNo Delay Software Company Overview
No Delay Software Company Overview
NoDelay Software
 
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud XiaoFruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao
Shakacon
 
михаил дударев
михаил дударевмихаил дударев
михаил дударев
apps4allru
 

Similar to OpenSC: eID interoperability through open source software (20)

No Delay Software Company Overview
No Delay Software Company OverviewNo Delay Software Company Overview
No Delay Software Company Overview
 
TypeScript - Javascript done right
TypeScript - Javascript done rightTypeScript - Javascript done right
TypeScript - Javascript done right
 
PyData Texas 2015 Keynote
PyData Texas 2015 KeynotePyData Texas 2015 Keynote
PyData Texas 2015 Keynote
 
Cybersecurity Roadmap for Beginners
Cybersecurity Roadmap for BeginnersCybersecurity Roadmap for Beginners
Cybersecurity Roadmap for Beginners
 
Єгор Попович, CTO @Tesseract, (Lviv, Ukraine) "Blockchain user: myth or reali...
Єгор Попович, CTO @Tesseract, (Lviv, Ukraine) "Blockchain user: myth or reali...Єгор Попович, CTO @Tesseract, (Lviv, Ukraine) "Blockchain user: myth or reali...
Єгор Попович, CTO @Tesseract, (Lviv, Ukraine) "Blockchain user: myth or reali...
 
The Internet of Things and You - A Developers Guide to IoT
The Internet of Things and You - A Developers Guide to IoTThe Internet of Things and You - A Developers Guide to IoT
The Internet of Things and You - A Developers Guide to IoT
 
OASIS: open source and open standards: internet of things
OASIS: open source and open standards: internet of thingsOASIS: open source and open standards: internet of things
OASIS: open source and open standards: internet of things
 
OASIS: How open source and open standards work together: the Internet of Things
OASIS: How open source and open standards work together: the Internet of ThingsOASIS: How open source and open standards work together: the Internet of Things
OASIS: How open source and open standards work together: the Internet of Things
 
Open Source and the Internet of Things
Open Source and the Internet of ThingsOpen Source and the Internet of Things
Open Source and the Internet of Things
 
Contributing to Open Source
Contributing to Open SourceContributing to Open Source
Contributing to Open Source
 
Internet of Things 101 - For software engineers
Internet of Things 101 - For software engineersInternet of Things 101 - For software engineers
Internet of Things 101 - For software engineers
 
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud XiaoFruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao
 
Elements of Connected Products
Elements of Connected ProductsElements of Connected Products
Elements of Connected Products
 
Building the Ultimate Device Matrix
Building the Ultimate Device MatrixBuilding the Ultimate Device Matrix
Building the Ultimate Device Matrix
 
SIGFOX Makers Tour - Madrid
SIGFOX Makers Tour - MadridSIGFOX Makers Tour - Madrid
SIGFOX Makers Tour - Madrid
 
михаил дударев
михаил дударевмихаил дударев
михаил дударев
 
Developing a NodeBot using Intel XDK IoT Edition
Developing a NodeBot using Intel XDK IoT EditionDeveloping a NodeBot using Intel XDK IoT Edition
Developing a NodeBot using Intel XDK IoT Edition
 
Null mumbai-iot-workshop
Null mumbai-iot-workshopNull mumbai-iot-workshop
Null mumbai-iot-workshop
 
Sundance's presentation at B:RAI 2020
Sundance's presentation at B:RAI 2020Sundance's presentation at B:RAI 2020
Sundance's presentation at B:RAI 2020
 
Embarcadero's Connected Development
Embarcadero's Connected DevelopmentEmbarcadero's Connected Development
Embarcadero's Connected Development
 

Recently uploaded

TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformLess Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
WSO2
 
API Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governanceAPI Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governance
WSO2
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 

Recently uploaded (20)

Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
 
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Modernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using BallerinaModernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using Ballerina
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformLess Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
 
API Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governanceAPI Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governance
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Design and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data ScienceDesign and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data Science
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDM
 
How to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfHow to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cf
 

OpenSC: eID interoperability through open source software

  • 1. eID interoperability through open source software Martin Paljak OpenSC Project www.opensc-project.org
  • 2. Quick background check • Dealing with Estonian eID (1st generation) since 2003 • Involved with OpenID (“OpenID for Estonians, OpenID.ee”) • Open source security/crypto/smart cards/identity software • Maintainer/lead developer of OpenSC Project since 2010 • All opinions expressed are my own
  • 3. Agenda • What is OpenSC • Problems observed from earth • Why open source matters • How OpenSC can help
  • 5. OpenSC • Open source software (middleware) for cryptographic smart cards • Developed by independent team of international volunteers
  • 6. OpenSC • Open source software (middleware) for cryptographic smart cards • Developed by independent team of international volunteers • Provides standard interfaces for software developers and applications to access cryptographic capabilities of smart cards • Standards are published or defined by market
  • 7. OpenSC • Open source software (middleware) for cryptographic smart cards • Developed by independent team of international volunteers • Provides standard interfaces for software developers and applications to access cryptographic capabilities of smart cards • Standards are published or defined by market • Cross platform (Windows, Mac OS X, Linux/Unix) • PKCS#11, CryptoAPI (minidriver), Tokend/CDSA
  • 8. OpenSC • Open source software (middleware) for cryptographic smart cards • Developed by independent team of international volunteers • Provides standard interfaces for software developers and applications to access cryptographic capabilities of smart cards • Standards are published or defined by market • Cross platform (Windows, Mac OS X, Linux/Unix) • PKCS#11, CryptoAPI (minidriver), Tokend/CDSA • PKCS#15 (ISO7816-15, IAS-ECC, PIV, EstEID, ...) • Card personalization tools
  • 9. OpenSC • Open source software (middleware) for cryptographic smart cards • Developed by independent team of international volunteers • Provides standard interfaces for software developers and applications to access cryptographic capabilities of smart cards • Standards are published or defined by market • Cross platform (Windows, Mac OS X, Linux/Unix) • PKCS#11, CryptoAPI (minidriver), Tokend/CDSA • PKCS#15 (ISO7816-15, IAS-ECC, PIV, EstEID, ...) • Card personalization tools • “OpenSC has become the defacto open source smartcard provider”
  • 11. OpenSC enables applications! • Firefox - HTTPS authentication • Thunderbird - S/MIME signatures and encryption • Google Chrome - HTTPS authentication • E-voting - vote signing and authentication • OpenSSH - authentication • Safari - HTTPS authentication • Mail.app - S/MIME signatures and encryption • Outlook - S/MIME signatures and encryption • Open(Libre)Office - digital signatures • Internet Explorer - HTTPS authentication • Adobe Acrobat - digital signatures • OpenVPN - authentication • Putty - authentication • WinSCP - authentication
  • 13. OpenSC supports* • Estonian eID • Finnish eID • Spanish eID* • Belgian eID • Portuguese eID • Italian eID • IAS-ECC* • PIV/CAC • Latvian eID* * - work in progress or other but-s or limitations
  • 14. Problems with eID software projects • Initiation & execution • Trust • Sustainability • Interoperability • Innovation
  • 15. Regulators endorse execution, incl. open source.
  • 17. Initiation & execution • Reduced platform availability
  • 18. Initiation & execution • Reduced platform availability • Linux (read: non-Windows)
  • 19. Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga.
  • 20. Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga. • Licensing (OpenSC LGPL)
  • 21. Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga. • Licensing (OpenSC LGPL) • Belgium
  • 22. Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga. • Licensing (OpenSC LGPL) • Belgium • Spain
  • 23. Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga. • Licensing (OpenSC LGPL) • Belgium • Spain • Portugal
  • 24. Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga. • Licensing (OpenSC LGPL) • Belgium • Spain • Portugal • Latvia
  • 25. Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga. • Licensing (OpenSC LGPL) • Belgium • Spain • Portugal • Latvia • Commercial vs public interest. Cost
  • 26. Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga. • Licensing (OpenSC LGPL) • Belgium • Spain • Portugal • Latvia • Commercial vs public interest. Cost • Client software is complex and interweaved. Cost
  • 27. Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga. • Licensing (OpenSC LGPL) • Belgium • Spain • Portugal • Latvia • Commercial vs public interest. Cost • Client software is complex and interweaved. Cost • Keeping up with software changes is challenging
  • 28. Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga. • Licensing (OpenSC LGPL) • Belgium • Spain • Portugal • Latvia • Commercial vs public interest. Cost • Client software is complex and interweaved. Cost • Keeping up with software changes is challenging • 1st iteration tends to “fail”
  • 29. Trust
  • 31. Trust • STOP ABUSING THIS WORD! • Opaque systems call for tinfoil hats
  • 32. Trust • STOP ABUSING THIS WORD! • Opaque systems call for tinfoil hats • “How do I know that the software does not sign a transaction for 10000€?”
  • 33. Trust • STOP ABUSING THIS WORD! • Opaque systems call for tinfoil hats • “How do I know that the software does not sign a transaction for 10000€?” • Trust is essential for successful widespread adoption
  • 34. Trust • STOP ABUSING THIS WORD! • Opaque systems call for tinfoil hats • “How do I know that the software does not sign a transaction for 10000€?” • Trust is essential for successful widespread adoption • Does not always mean “cryptographically assured”
  • 35. Trust • STOP ABUSING THIS WORD! • Opaque systems call for tinfoil hats • “How do I know that the software does not sign a transaction for 10000€?” • Trust is essential for successful widespread adoption • Does not always mean “cryptographically assured” • Who will be the first to publish on-card application?
  • 36. Trust • STOP ABUSING THIS WORD! • Opaque systems call for tinfoil hats • “How do I know that the software does not sign a transaction for 10000€?” • Trust is essential for successful widespread adoption • Does not always mean “cryptographically assured” • Who will be the first to publish on-card application? • Ergo I’m no cloud believer
  • 37. Sustainability Interoperability
  • 40. Sustainability • Silos • 27x same mistakes? Probably.
  • 41. Sustainability • Silos • 27x same mistakes? Probably. • eID is infrastructure. “Estache” (“Seto”) the Estonian Apache?
  • 42. Sustainability • Silos • 27x same mistakes? Probably. • eID is infrastructure. “Estache” (“Seto”) the Estonian Apache? • University computer class = 27x “Elbonian card software”?
  • 43. Sustainability • Silos • 27x same mistakes? Probably. • eID is infrastructure. “Estache” (“Seto”) the Estonian Apache? • University computer class = 27x “Elbonian card software”? • (PKI smart cards) eID is no CSS or HTML5
  • 44. Sustainability • Silos • 27x same mistakes? Probably. • eID is infrastructure. “Estache” (“Seto”) the Estonian Apache? • University computer class = 27x “Elbonian card software”? • (PKI smart cards) eID is no CSS or HTML5 • Niche market, requires specific skills
  • 45. Sustainability • Silos • 27x same mistakes? Probably. • eID is infrastructure. “Estache” (“Seto”) the Estonian Apache? • University computer class = 27x “Elbonian card software”? • (PKI smart cards) eID is no CSS or HTML5 • Niche market, requires specific skills • Cost
  • 46. Sustainability • Silos • 27x same mistakes? Probably. • eID is infrastructure. “Estache” (“Seto”) the Estonian Apache? • University computer class = 27x “Elbonian card software”? • (PKI smart cards) eID is no CSS or HTML5 • Niche market, requires specific skills • Cost • A plant only grows if you water it
  • 48. Innovation • Commodity vs niche product • Easily available, interchangeable
  • 49. Innovation • Commodity vs niche product • Easily available, interchangeable • P2P vs platform • SAML vs OpenID
  • 50. Innovation • Commodity vs niche product • Easily available, interchangeable • P2P vs platform • SAML vs OpenID • eID must be ubiquitous to succeed • Make awkward uses easy to implement
  • 51. Innovation • Commodity vs niche product • Easily available, interchangeable • P2P vs platform • SAML vs OpenID • eID must be ubiquitous to succeed • Make awkward uses easy to implement • Does open source lead the innovation or jog behind the cool guys?
  • 52. Innovation • Commodity vs niche product • Easily available, interchangeable • P2P vs platform • SAML vs OpenID • eID must be ubiquitous to succeed • Make awkward uses easy to implement • Does open source lead the innovation or jog behind the cool guys? • Import vs export
  • 53. Innovation • Commodity vs niche product • Easily available, interchangeable • P2P vs platform • SAML vs OpenID • eID must be ubiquitous to succeed • Make awkward uses easy to implement • Does open source lead the innovation or jog behind the cool guys? • Import vs export • Fibonacci innovation?
  • 54. How can OpenSC help? • Grassroots community of specialists from different countries • Share knowledge and experiences • No politics. “Show me the solution that works” • Joint lobby group to collaborate with other (open source) projects • Make Firefox (close to 1/3 of the market) to fix their bugs • A reference implementation • Provide a common framework and platform for collaboration, interoperability and innovation
  • 55. Thank you! Questions? opensc-project.org @MartinPaljak.net