W3C home > Mailing lists > Public > public-xg-webid@w3.org > February 2011

Re: WebID-ISSUE-27 (bblfish): track electronic IDentity (eID) initivatives [liaison with other groups]

From: Henry Story <henry.story@bblfish.net>
Date: Tue, 8 Feb 2011 17:20:44 +0100
Cc: "WebID Incubator Group WG" <public-xg-webid@w3.org>
Message-Id: <91EE7395-28CD-4396-BF91-6775EF8B0DE8@bblfish.net>
To: jeff@sayremedia.com

On 8 Feb 2011, at 16:49, jeff@sayremedia.com wrote:

> We should package this issue along with ISSUE-8: US (Commerce Department?)
> ID initiative
> 
> http://www.w3.org/2005/Incubator/webid/track/issues/8

Yes, indeed those come together. We should perhaps have a wiki
page eID
     eID/Europe
     eID/USA

To track what is going on.

> 
> It is inevitable that sovereign governments will create their own
> identification protocols.

Well, I think it is inevitable that they will all end up using TLS, 
just simply because browsers are so widely deployed. We should not
assume that government officials are unable to see the obvious.

What we should track is where this does not happen, because that would
be unusual.

> In the discussion threads linked to in the above
> link, I commented on how government-run identity protocols are
> antithetical to the Web as the Web (and of course the Internet) transcends
> national boundaries.

yes, currently if they use TLS and if they put themselves forward as CAs  then the use of their card will be limited to national services, most likely, just because the CAs won't be that widely distributed.

> I suggest that we consider combining all such government initiatives into
> a single issue so as to better track and organize our discussions around
> this important topic.

yes, this is also tied of tracking hardware authentication devices it seems,
which can be deployed by other institutions, such as banks for example. In fact once one puts players like banks, states and others the role of WebIDs becomes a lot clearer.

There are a few use cases for governments.

  - Give the government a WebID. Each country can create a foaf:Group of countries that it trusts to distributed WebIDs. This would be linked data. The companies of that country could link to that list, to regularly crawl the list of countries to get their latest WebIDs, and so allow their users access. (assuming privacy issues are dealt with).

  - Perhaps a similar idea as above but with NASDAQ or some governement directly keeping a list of companies WebIDs. So this is useful if I want to know that I am doing business with a legal entity, or if my bank, or a foreign bank wants to know if some company is legal... [this is very vague]

  I am sure Tim Berners' Lee has put up ideas on the subject somehwere already 20 years ago....

	Henry


> 
>> 
>> WebID-ISSUE-27 (bblfish): track electronic IDentity (eID) initivatives
>> [liaison with other groups]
>> 
>> http://www.w3.org/2005/Incubator/webid/track/issues/27
>> 
>> Raised by: Henry Story
>> On product: liaison with other groups
>> 
>> 
>> On 8 Feb 2011, at 11:11, Henry Story wrote:
>> 
>> In Monday's teleconf Martin Gaedke pointed out
>> 
>>   gaedke: regarding electronic IDs, there is something going on in
>> Germany
>>   ... also in other countries ongoing
>>   <webr3> like the US too
>>  <gaedke> http://www.epass.de/
>>  <gaedke> http://www.personalausweisportal.de/
>> 
>> This started the thread on German Identity Cards
>>  http://lists.w3.org/Archives/Public/public-xg-webid/2011Feb/0097.html
>> 
>> I added a lot of the links that came up on that thread on wikipedia's page
>> 
>>  http://en.wikipedia.org/wiki/Electronic_identity_card
>> 
>> which is a bit of a mess at present, and not very well written up. They
>> are still missing a good simple architectural overview of what eID's do.
>> In 2009 the EU came out with "Privacy Features of European eID
>> CardSpecifications"
>> 
>>  http://www.enisa.europa.eu/act/it/eid/eid-cards-en
>> 
>> What is worrying is that the German Identity card is RFID enabled. See
>> this video where Chris Piaget queries these cards
>> 
>>   http://www.youtube.com/watch?v=9isKnDiJNPk
>> 
>> Not sure if there is a problem here. The german card has a pin, to protect
>> it.
>> 
>> A lot of the information is either too hight level marketing, or too low
>> level technical. Some questions we need to answer are are:
>>   - how do these interact with TLS?
>>   - Is the TLS/Browser interaction the main use case?
>>      (The linux article shows this nicely [1])
>>     => if they interact well then it should be a positive for WebID, as
>> it will just
>>       increase the TLS userbase, and spread eID card readers that could
>> also be useful in a web
>>       of trust
>>   - they have signature functionality. When is that used? Via TLS?
>>   - the german id cards readers seem to have SOAP interfaces to query
>> them. Is this just legacy stuff.
>> 
>> 
>> [1] But is the Belgian eID scheme the same as the german one?
>>    http://nauseamedialis.org/belgian_eid_archlinux
>>    My guess is that given the ubiquity of the browser, they will all be
>> using TLS
>> 
>> 
>> 
>> 
> 
> 
> 

Social Web Architect
http://bblfish.net/
Received on Tuesday, 8 February 2011 16:21:24 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:06:22 UTC