Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Consumer and Citizen Identities:Government Issued or Trust Frameworks?Maarten Wegdam, NovayEuropean Identity Conference 20...
Novay?    •   Independent Dutch ICT research institute    •   Formerly Telematica Instituut    •   “People driven, ICT emp...
Old problem                  [New Yorker cartoon by Peter Steiner]3
What to expect?    • Re-usable identities are the way to go    • Government vs trust framework: they co-exist    • Banks a...
Identity in the offline world5
And online?           Id theft        Avoidable costs                          Lost revenues (?)       Frustrated users   ...
Solution: re-usable identities        (One or) a few trusted identities          Of course: secure & trusted       Of cour...
Trust in an identity    Authentication    Identity    Level of       means          binding    Assurance8
Challenges for trusted re-usable identities      lack of     privacy      market    trust in Id   issues        entry     ...
The big choice: government or     market as identity provider     • Government – as in offline world     • Market – as pho...
The big choice: government or     market as identity provider     • Government – as in offline world     • Market – as pho...
Decreasing (government) control                   Government issued                  Government regulated                 ...
Identity trust framework = a set of rules            that all players agree upon      To have more trust and a healthy eco...
Success criteria C2B/C2G identity     • Frequent use of eID essential     • For private AND public services (C2B & C2G)   ...
Government issued eID           Identity trust frameworkEasier market entry            Innovation ‘friendlier’• 100% user ...
use-case:     trusted and re-usable consumer identity in NLConsortiumFinancial sectorVision on trust frameworkFeasibility16
vision on trust framework     •   Business model – users should not pay (directly)     •   Business case – re-use existing...
: my lessons learned     • High-level mngt in financial industry do not       understand nerdy terms like trust frameworks...
My 2 cents for relying parties     • Re-use identities from others when you can     • Heterogeneity - no 1-identity-to-rul...
5 things to keep an eye on     1. Will social login (Facebook etc) become more        trustworthy?     2. Will domain-spec...
Take aways           • Re-usable identities are the way to go               • If both C2B and C2G: easier market entry, ch...
Upcoming SlideShare
Loading in …5
×

Consumer and Citizen Identities: Government Issued or Trust Frameworks? (European Identity Conference 2011)

1,952 views

Published on

As presented at the European Identity Conference 2011, on 12 May 2011

Published in: Technology, News & Politics
  • Be the first to comment

  • Be the first to like this

Consumer and Citizen Identities: Government Issued or Trust Frameworks? (European Identity Conference 2011)

  1. 1. Consumer and Citizen Identities:Government Issued or Trust Frameworks?Maarten Wegdam, NovayEuropean Identity Conference 201112 May 2011, Munich
  2. 2. Novay? • Independent Dutch ICT research institute • Formerly Telematica Instituut • “People driven, ICT empowered” • ~55 researchers, multi-disciplinary • Innovation projects • Including financial sector, government and semi- government2
  3. 3. Old problem [New Yorker cartoon by Peter Steiner]3
  4. 4. What to expect? • Re-usable identities are the way to go • Government vs trust framework: they co-exist • Banks and government are key • Convincing relying parties: needed and hard work4
  5. 5. Identity in the offline world5
  6. 6. And online? Id theft Avoidable costs Lost revenues (?) Frustrated users Privacy/control6 issues
  7. 7. Solution: re-usable identities (One or) a few trusted identities Of course: secure & trusted Of course: user controlled, privacy sensitive7
  8. 8. Trust in an identity Authentication Identity Level of means binding Assurance8
  9. 9. Challenges for trusted re-usable identities lack of privacy market trust in Id issues entry Provider issues9
  10. 10. The big choice: government or market as identity provider • Government – as in offline world • Market – as phone, internet access, email etc10
  11. 11. The big choice: government or market as identity provider • Government – as in offline world • Market – as phone, internet access, email etc • Some form of controlled market11
  12. 12. Decreasing (government) control Government issued Government regulated Trust framework Free market (tech standard) Note: models 1 to 3 require some form of monopoly or regulator12
  13. 13. Identity trust framework = a set of rules that all players agree upon To have more trust and a healthy ecosystem • A fair business model • New identity providers can join • Easy access for relying parties (scalability) • Balancing interests between players • Privacy assurances • Governance / audits • Support one or more levels of assurance13
  14. 14. Success criteria C2B/C2G identity • Frequent use of eID essential • For private AND public services (C2B & C2G) • Bank involvement seems key • Government governance required • Easy entrance for relying parties • Ease of use for end-users • High (100%?) user penetration needed [based on use cases study in DK,BE.DE,NO,SE,EE,US in 2010]14
  15. 15. Government issued eID Identity trust frameworkEasier market entry Innovation ‘friendlier’• 100% user coverage User choice• gov as relying party International is easier (?)Clearer bus model Benefits of competition …Neutral branding Re-use existing identitiesPrivacy of Relying party Trust: cultural? User privacy: one big brother or several medium brothers?15
  16. 16. use-case: trusted and re-usable consumer identity in NLConsortiumFinancial sectorVision on trust frameworkFeasibility16
  17. 17. vision on trust framework • Business model – users should not pay (directly) • Business case – re-use existing identities • Very easy for relying parties to connect • Several levels of assurance – ‘mid’ trust and up • Mobile – from the start • Privacy – state-of-the-art and consent • Government needed for trust (link to eRecognition)17
  18. 18. : my lessons learned • High-level mngt in financial industry do not understand nerdy terms like trust frameworks • Government needs to be ‘predictable’ !!! • Relying parties: so they don’t wait for gov • Identity providers: trust & no competition • Re-use existing & trusted: you need (all ?) banks as identity providers • not core business, there are risks, and unclear business case ...18
  19. 19. My 2 cents for relying parties • Re-use identities from others when you can • Heterogeneity - no 1-identity-to-rule-them all, accept heterogeneity as inevitable • Stimulate trust frameworks - it is in your interest to reduce heterogeneity without introducing a monopoly • Architect your identity system to accept different levels of assurance, from different parties • If you have customers from only one nation, can wait a couple of years and live in a government-issued C2B eID country: things may be simpler.19
  20. 20. 5 things to keep an eye on 1. Will social login (Facebook etc) become more trustworthy? 2. Will domain-specific trust frameworks expand, e.g. higher education? 3. Are four levels-of-assurance (trust levels) really needed? Will users understand? 4. What is the value of an authentication for a relying party? (BankID is pretty cheap …) 5. Are trust frameworks also about trusting the relying parties?20
  21. 21. Take aways • Re-usable identities are the way to go • If both C2B and C2G: easier market entry, cheaper • Government vs trust framework: they co-exist • Privacy, political, legacy, legislation are factors • Banks and government are key • Market penetration as identity providers • Killer apps as relying parties • Trust • Convincing relying parties: needed and hard work More information: maarten.wegdam@novay.nl http://maarten.wegdam.name21

×