Successfully reported this slideshow.

Consumer and Citizen Identities: Government Issued or Trust Frameworks? (European Identity Conference 2011)

1

Share

Loading in …3
×
1 of 21
1 of 21

More Related Content

Related Books

Free with a 14 day trial from Scribd

See all

Related Audiobooks

Free with a 14 day trial from Scribd

See all

Consumer and Citizen Identities: Government Issued or Trust Frameworks? (European Identity Conference 2011)

  1. 1. Consumer and Citizen Identities: Government Issued or Trust Frameworks? Maarten Wegdam, Novay European Identity Conference 2011 12 May 2011, Munich
  2. 2. Novay? • Independent Dutch ICT research institute • Formerly Telematica Instituut • “People driven, ICT empowered” • ~55 researchers, multi-disciplinary • Innovation projects • Including financial sector, government and semi- government 2
  3. 3. Old problem [New Yorker cartoon by Peter Steiner] 3
  4. 4. What to expect? • Re-usable identities are the way to go • Government vs trust framework: they co-exist • Banks and government are key • Convincing relying parties: needed and hard work 4
  5. 5. Identity in the offline world 5
  6. 6. And online? Id theft Avoidable costs Lost revenues (?) Frustrated users Privacy/control 6 issues
  7. 7. Solution: re-usable identities (One or) a few trusted identities Of course: secure & trusted Of course: user controlled, privacy sensitive 7
  8. 8. Trust in an identity Authentication Identity Level of means binding Assurance 8
  9. 9. Challenges for trusted re-usable identities lack of privacy market trust in Id issues entry Provider issues 9
  10. 10. The big choice: government or market as identity provider • Government – as in offline world • Market – as phone, internet access, email etc 10
  11. 11. The big choice: government or market as identity provider • Government – as in offline world • Market – as phone, internet access, email etc • Some form of controlled market 11
  12. 12. Decreasing (government) control Government issued Government regulated Trust framework Free market (tech standard) Note: models 1 to 3 require some form of monopoly or regulator 12
  13. 13. Identity trust framework = a set of rules that all players agree upon To have more trust and a healthy ecosystem • A fair business model • New identity providers can join • Easy access for relying parties (scalability) • Balancing interests between players • Privacy assurances • Governance / audits • Support one or more levels of assurance 13
  14. 14. Success criteria C2B/C2G identity • Frequent use of eID essential • For private AND public services (C2B & C2G) • Bank involvement seems key • Government governance required • Easy entrance for relying parties • Ease of use for end-users • High (100%?) user penetration needed [based on use cases study in DK,BE.DE,NO,SE,EE,US in 2010] 14
  15. 15. Government issued eID Identity trust framework Easier market entry Innovation ‘friendlier’ • 100% user coverage User choice • gov as relying party International is easier (?) Clearer bus model Benefits of competition … Neutral branding Re-use existing identities Privacy of Relying party Trust: cultural? User privacy: one big brother or several medium brothers? 15
  16. 16. use-case: trusted and re-usable consumer identity in NL Consortium Financial sector Vision on trust framework Feasibility 16
  17. 17. vision on trust framework • Business model – users should not pay (directly) • Business case – re-use existing identities • Very easy for relying parties to connect • Several levels of assurance – ‘mid’ trust and up • Mobile – from the start • Privacy – state-of-the-art and consent • Government needed for trust (link to eRecognition) 17
  18. 18. : my lessons learned • High-level mngt in financial industry do not understand nerdy terms like trust frameworks • Government needs to be ‘predictable’ !!! • Relying parties: so they don’t wait for gov • Identity providers: trust & no competition • Re-use existing & trusted: you need (all ?) banks as identity providers • not core business, there are risks, and unclear business case ... 18
  19. 19. My 2 cents for relying parties • Re-use identities from others when you can • Heterogeneity - no 1-identity-to-rule-them all, accept heterogeneity as inevitable • Stimulate trust frameworks - it is in your interest to reduce heterogeneity without introducing a monopoly • Architect your identity system to accept different levels of assurance, from different parties • If you have customers from only one nation, can wait a couple of years and live in a government-issued C2B eID country: things may be simpler. 19
  20. 20. 5 things to keep an eye on 1. Will social login (Facebook etc) become more trustworthy? 2. Will domain-specific trust frameworks expand, e.g. higher education? 3. Are four levels-of-assurance (trust levels) really needed? Will users understand? 4. What is the value of an authentication for a relying party? (BankID is pretty cheap …) 5. Are trust frameworks also about trusting the relying parties? 20
  21. 21. Take aways • Re-usable identities are the way to go • If both C2B and C2G: easier market entry, cheaper • Government vs trust framework: they co-exist • Privacy, political, legacy, legislation are factors • Banks and government are key • Market penetration as identity providers • Killer apps as relying parties • Trust • Convincing relying parties: needed and hard work More information: maarten.wegdam@novay.nl http://maarten.wegdam.name 21

×