cidsafe project, 23 september 2010, for eema event
DESCRIPTION
cidSafe, creating a solution for a safe consumer identity in the Netherlands. As presented on 23rd September for the EEMA RIGTRANSCRIPT
![Page 1: cidSafe project, 23 September 2010, for EEMA event](https://reader033.vdocuments.us/reader033/viewer/2022052618/549c9327b479599b318b4793/html5/thumbnails/1.jpg)
cidSafecreating a solution for a safe
consumer identity in the Netherlands
Maarten Wegdam, Novay
EEMA Benelux RIG “e-Identity as a business”
23rd September 2010 @ Everett
![Page 2: cidSafe project, 23 September 2010, for EEMA event](https://reader033.vdocuments.us/reader033/viewer/2022052618/549c9327b479599b318b4793/html5/thumbnails/2.jpg)
Novay?
• Dutch ICT research institute
• Formerly Telematica Instituut
• Innovation projects
• Networked innovation
• Independent, not-for-profit
• ~55 researchers, multi-disciplinary
• Customers include financial sector,
government and semi-government
2
![Page 3: cidSafe project, 23 September 2010, for EEMA event](https://reader033.vdocuments.us/reader033/viewer/2022052618/549c9327b479599b318b4793/html5/thumbnails/3.jpg)
Example identity related projects
• STORK project – lead for WP2 that defined the Levels
of Assurance
• SURFfederation – 700k+ identity federation for higher
education in the Netherlands
• Identity-as-a-Service for B2B – for RDW
• ePassport for online authentication – for NLNet
• eRecognition review – for B2G identity, EZ/ICTU
• Mobile PKI –technology scouting / assessment for
SURFnet/Kennisnet
3
![Page 4: cidSafe project, 23 September 2010, for EEMA event](https://reader033.vdocuments.us/reader033/viewer/2022052618/549c9327b479599b318b4793/html5/thumbnails/4.jpg)
The consumer identity problem
An old problem
4
The user Service provider
• High trust is too expensive
• People forget passwords
• Lack of (validated) attributes
• Low conversion
An old (?) solutionexternalize the identity with an identity provider
(authentication + attributes)
![Page 5: cidSafe project, 23 September 2010, for EEMA event](https://reader033.vdocuments.us/reader033/viewer/2022052618/549c9327b479599b318b4793/html5/thumbnails/5.jpg)
Why not (really) here yet?
5
Three big reasons
market
entry
issues
lack of
trust in
IdP
privacy
issues
![Page 6: cidSafe project, 23 September 2010, for EEMA event](https://reader033.vdocuments.us/reader033/viewer/2022052618/549c9327b479599b318b4793/html5/thumbnails/6.jpg)
Market entry issue
6
100% coverage of consumers
Chicken-egg
• Identity-providers vs relying parties
• Not any more for basic trust (?)
Unclear value chain
![Page 7: cidSafe project, 23 September 2010, for EEMA event](https://reader033.vdocuments.us/reader033/viewer/2022052618/549c9327b479599b318b4793/html5/thumbnails/7.jpg)
Trust and privacy issues
Do you trust all identity providers?
• Security risk
• Business continuity risk
• Privacy risk
Through technical means, when possible …
By making the identity provider ‘behave’
• Through laws
• Through competition
• By agreeing on a set of rules7
Our approach: Reduce the need to trust
the identity provider
![Page 8: cidSafe project, 23 September 2010, for EEMA event](https://reader033.vdocuments.us/reader033/viewer/2022052618/549c9327b479599b318b4793/html5/thumbnails/8.jpg)
8
Making the IdP behave and the
role of government
Decreasing regulation:
Note: models 1 to 3 require some form of
monopoly or regulator
Government issued
Government regulated
Trust framework
Free market (tech standard)
![Page 9: cidSafe project, 23 September 2010, for EEMA event](https://reader033.vdocuments.us/reader033/viewer/2022052618/549c9327b479599b318b4793/html5/thumbnails/9.jpg)
A trust framework
A set of rules that all players agree upon
To have more trust and a healthy ecosystem
• New identity providers can join
• Easy assess for RPs (scalability)
• Balancing interests between IdPs, RPs and users
• Privacy assurances
• Governance / audits
9
![Page 10: cidSafe project, 23 September 2010, for EEMA event](https://reader033.vdocuments.us/reader033/viewer/2022052618/549c9327b479599b318b4793/html5/thumbnails/10.jpg)
Trustworthiness of an identity
10
Authentication
mean
Identity binding
Level of Assurance
![Page 11: cidSafe project, 23 September 2010, for EEMA event](https://reader033.vdocuments.us/reader033/viewer/2022052618/549c9327b479599b318b4793/html5/thumbnails/11.jpg)
Consumer & citizen identity in NL
• There is a citizen identity solution: DigiD
• Issued by snail mail to home address
• Two-factor: username/password + SMS OTP
• BUT: cannot be used in the private sector
• Except healthcare & pension
11
![Page 12: cidSafe project, 23 September 2010, for EEMA event](https://reader033.vdocuments.us/reader033/viewer/2022052618/549c9327b479599b318b4793/html5/thumbnails/12.jpg)
cidSafe initiativea safe consumer identity
• High-trust consumer identity
• Collaborative project by stakeholders
• Goal: breakthrough for high-trust consumer
identity in the Netherlands
• Short-term goal: if and how this is feasible,
with a focus on financial sector
12
![Page 13: cidSafe project, 23 September 2010, for EEMA event](https://reader033.vdocuments.us/reader033/viewer/2022052618/549c9327b479599b318b4793/html5/thumbnails/13.jpg)
Partners
• Achmea, Aegon, Adfiz, Nationale Nederlanden, OHRA,SNS Reaal
Sounding board
Who
13
![Page 14: cidSafe project, 23 September 2010, for EEMA event](https://reader033.vdocuments.us/reader033/viewer/2022052618/549c9327b479599b318b4793/html5/thumbnails/14.jpg)
cidSafe trust framework:
starting points for our solution
1. General usage
2. High trust
3. Easy to use
4. Cost efficiënt for service providers
5. Privacy consious
14
![Page 15: cidSafe project, 23 September 2010, for EEMA event](https://reader033.vdocuments.us/reader033/viewer/2022052618/549c9327b479599b318b4793/html5/thumbnails/15.jpg)
Some cidSafe challenges
15
Evangelizing with relying parties
Openness vs trust
Business Model
Role of government
![Page 16: cidSafe project, 23 September 2010, for EEMA event](https://reader033.vdocuments.us/reader033/viewer/2022052618/549c9327b479599b318b4793/html5/thumbnails/16.jpg)
Take aways on cidSafe
• cidSafe is market initiative for high-trust
consumer identity in NL
• Trust framework approach
• Breakthrough by jointly working on trust
framework
16
More information:
http://cidsafe.novay.nl
http://maarten.wegdam.name