Upload
lee-kelley
View
219
Download
0
Tags:
Embed Size (px)
Citation preview
Anonymous, Liberal, User-Centric Anonymous, Liberal, User-Centric Electronic Identity Electronic Identity ––
New Systematic Design of e-ID New Systematic Design of e-ID InfrastructureInfrastructure
Libor NeumannLibor NeumannAANECT a.s.NECT a.s.
www.oasis-open.org
Motivation Big ideas, current needs
Single European Information Space Pan-European e-gov services E-Government 2.0
Current challenges Lack of interoperability Underestimated privacy threats Unaccepted complexity by the end-user Lack of personification
E-ID (authentication) is key enabler
New e-ID design
Searching of e-ID solution Systematic analysis Design from scratch
System design methodology was used New way of thinking about e-ID New principles, new methods
ALUCID® - Anonymous, Liberal, and User-Centric electronic IDentity
Anonymous identity Anonymous identity – Nonsense?
Real life examples of anonymous identity Dog and its master Mother and her baby Program variable in virtual memory
ALUCID® separates distinguishing between subjects from naming of subjects (claims)
Identifiers and credentials are very large random (or pseudorandom) numbers with limited validity in time.
Names (claims) can be protected application data
Open Standard Interfaces
Local Communication Channel
Logical Communication
Remote Communication
Channel
Internet
Near Area Communication
Open Standard Interfaces
Communication
Program
ALUCID® technology
subjects
User
Service Provider
SecureStableLink
N a m e S u rn a m eR e g is te r
in d e x
Jo h n D o e 1 7 2 5 8 4D o n a ld D u c k 5 8 9 2 4 1H e rry P o t te r 2 5 9 8 6 3… … …
U s e r D a ta b a s e
Personal Electronic Identity Gadget
ALUCID® Identity
Machine
XML
XML
WS: XML+http
Missing entities No login names, no passwords. No forgotten
password, no phished password, … No user certificate. No recertification, no extra
charges, no names on the network,… No identity provider. No user communication
with an identity provider, no personal information managed by third party, …
No government-issued identity. No “numbering” of citizens, no misuse of state-issued identifiers,…
No biometric data without access control. No cloned biometric data from e-ID use, no remote verification of biometric data origin,...
End-user Extremely simple use – have a PEIG® (Personal
Electronic Identity Gadget) and activate/deactivate it.
User freedoms: Selecting a product, producer, form, size, features,… Selecting an activation method No obligation to use that PEIG Possibility to use more than one PEIG Possibility to change his/her mind in future
Direct access to personified services Service provider takes care of his/her security Virtually private Internet (“My Internet”) Universal use of PEIG
End-user point of view
Service Provider A
PEIG®
UserService
Provider B
Service Provider C
End-User scenario The user scenario should be:
The user selects a PEIG®. It is sold empty. The user teaches his or her PEIG to recognize him
or her when activated. The user connects the first time to the service
provider and uses the activated PEIG. The user can (but need not) give his or her personal
data to the service provider The user will be able to open his or her personified
service directly if he or she activates his or her PEIG. The same procedure can be used with any other
service provider supporting ALUCID®.
Prototype demo
Thank you for your attention [email protected]