Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

cidSafe project, 23 September 2010, for EEMA event


Published on

cidSafe, creating a solution for a safe consumer identity in the Netherlands. As presented on 23rd September for the EEMA RIG

Published in: Technology, News & Politics
  • Be the first to comment

  • Be the first to like this

cidSafe project, 23 September 2010, for EEMA event

  1. 1. cid Safe creating a solution for a safe consumer identity in the Netherlands Maarten Wegdam, Novay EEMA Benelux RIG “e-Identity as a business” 23rd September 2010 @ Everett
  2. 2. Novay? • Dutch ICT research institute • Formerly Telematica Instituut • Innovation projects • Networked innovation • Independent, not-for-profit • ~55 researchers, multi-disciplinary • Customers include financial sector, government and semi-government 2
  3. 3. Example identity related projects • STORK project – lead for WP2 that defined the Levels of Assurance • SURFfederation – 700k+ identity federation for higher education in the Netherlands • Identity-as-a-Service for B2B – for RDW • ePassport for online authentication – for NLNet • eRecognition review – for B2G identity, EZ/ICTU • Mobile PKI –technology scouting / assessment for SURFnet/Kennisnet 3
  4. 4. The consumer identity problem An old problem The user Service provider • High trust is too expensive • People forget passwords • Lack of (validated) attributes • Low conversion An old (?) solution externalize the identity with an identity provider 4 (authentication + attributes)
  5. 5. Why not (really) here yet? Three big reasons market lack of privacy entry trust in issues issues IdP 5
  6. 6. Market entry issue 100% coverage of consumers Chicken-egg • Identity-providers vs relying parties • Not any more for basic trust (?) Unclear value chain 6
  7. 7. Trust and privacy issues Do you trust all identity providers? • Security risk • Business continuity risk • Privacy risk Our approach: Reduce the need to trust the identity provider Through technical means, when possible … By making the identity provider ‘behave’ • Through laws • Through competition 7 • By agreeing on a set of rules
  8. 8. Making the IdP behave and the role of government Decreasing regulation: Government issued Government regulated Trust framework Free market (tech standard) Note: models 1 to 3 require some form of monopoly or regulator 8
  9. 9. A trust framework A set of rules that all players agree upon To have more trust and a healthy ecosystem • New identity providers can join • Easy assess for RPs (scalability) • Balancing interests between IdPs, RPs and users • Privacy assurances • Governance / audits 9
  10. 10. Trustworthiness of an identity Authentication Identity Level of mean binding Assurance 10
  11. 11. Consumer & citizen identity in NL • There is a citizen identity solution: DigiD • Issued by snail mail to home address • Two-factor: username/password + SMS OTP • BUT: cannot be used in the private sector • Except healthcare & pension 11
  12. 12. cidSafe initiative a safe consumer identity • High-trust consumer identity • Collaborative project by stakeholders • Goal: breakthrough for high-trust consumer identity in the Netherlands • Short-term goal: if and how this is feasible, with a focus on financial sector 12
  13. 13. Who Partners Sounding • Achmea, Aegon, Adfiz, Nationale Nederlanden, board OHRA,SNS Reaal 13
  14. 14. cidSafe trust framework: starting points for our solution 1. General usage 2. High trust 3. Easy to use 4. Cost efficiënt for service providers 5. Privacy consious 14
  15. 15. Some cidSafe challenges Evangelizing with relying parties Openness vs trust Business Model Role of government 15
  16. 16. Take aways on cidSafe • cidSafe is market initiative for high-trust consumer identity in NL • Trust framework approach • Breakthrough by jointly working on trust framework More information: 16