W3C home > Mailing lists > Public > public-xg-webid@w3.org > February 2011

RE: WebID-ISSUE-27 (bblfish): track electronic IDentity (eID) initivatives [liaison with other groups]

From: Peter Williams <home_pw@msn.com>
Date: Tue, 8 Feb 2011 09:23:39 -0800
Message-ID: <SNT143-w229A971CC7DCFEFE08898C92EA0@phx.gbl>
To: <jeff@sayremedia.com>, <henry.story@bblfish.net>
CC: "public-xg-webid@w3.org" <public-xg-webid@w3.org>

Im going to get a terrible reputation for drivelling on about history. But it teaches so much (especially since strong global crypto is less than 20 years old...)
 
I yet have posters in my garage that my wife designed, that promoted the (NASA backbone portion of the) internet to school kids JUST getting onto the internet in the 91/92/93/94 period. Colleagues went around a hundred schools, installing modems, to raise awareness.  etc. The was the parents would learn from the kids. One place to then go in the class lesson on the internet/web was the whitehouse.gov site - which was on a couple of sun servers in a closet in the mansion somewhere, trying to lay low, not hum to much or get shot by the secret service for spying. News about dogs and family events, abounded.
 
Then, every other Federal agency got the news: get a webserver (and a presence). They duly did, and some even though about offering public services. (I remember helping IRS, USPS, SSA and others...coaxed by DoD/NSA who were paying for all the outreach, including me). When they did, they came under a 1975 mandate called: you have obligations to protect the files and communcations, using encryption and ike: You know, that DES stuff! So, they all went and bought what the banks were buying: VeriSign/RSA certs, that armed the SSL of the webservers. They all used the public DNS for their names (some in .gov, some not).
 
So, government folks CAN use the public infrastructure. They dont HAVE to split off., and be a "special" assurance domain  
 
> Date: Tue, 8 Feb 2011 08:45:17 -0800
> From: jeff@sayremedia.com
> To: henry.story@bblfish.net
> CC: jeff@sayremedia.com; public-xg-webid@w3.org
> Subject: Re: WebID-ISSUE-27 (bblfish): track electronic IDentity (eID) initivatives [liaison with other groups]
> 
> 
> >
> > On 8 Feb 2011, henry.story@bblfish.net wrote:
> >
> > Yes, indeed those come together. We should perhaps have a wiki
> > page eID
> > eID/Europe
> > eID/USA
> >
> > To track what is going on.
> 
> I agree. A new wiki to pull together the various government identity
> initiatives is a good idea.
> 
> >
> >>
> >> It is inevitable that sovereign governments will create their own
> >> identification protocols.
> >
> > Well, I think it is inevitable that they will all end up using TLS,
> > just simply because browsers are so widely deployed. We should not
> > assume that government officials are unable to see the obvious
> 
> I should have been more precise. Instead of saying that governments will
> create their own identification protocols, I meant governments will
> politicize the issue of Internet-based identity.
> 
> I think you are correct in suggesting that we should put forth possible
> WebID use cases for governments and NGOs alike. The financial sector is a
> great space on which to concentrate.
> 
> Jeff
> 
> >> I suggest that we consider combining all such government initiatives
> >> into
> >> a single issue so as to better track and organize our discussions around
> >> this important topic.
> >
> > yes, this is also tied of tracking hardware authentication devices it
> > seems,
> > which can be deployed by other institutions, such as banks for example. In
> > fact once one puts players like banks, states and others the role of
> > WebIDs becomes a lot clearer.
> >
> > There are a few use cases for governments.
> >
> > - Give the government a WebID. Each country can create a foaf:Group of
> > countries that it trusts to distributed WebIDs. This would be linked
> > data. The companies of that country could link to that list, to
> > regularly crawl the list of countries to get their latest WebIDs, and so
> > allow their users access. (assuming privacy issues are dealt with).
> >
> > - Perhaps a similar idea as above but with NASDAQ or some governement
> > directly keeping a list of companies WebIDs. So this is useful if I want
> > to know that I am doing business with a legal entity, or if my bank, or
> > a foreign bank wants to know if some company is legal... [this is very
> > vague]
> >
> > I am sure Tim Berners' Lee has put up ideas on the subject somehwere
> > already 20 years ago....
> >
> > Henry
> >
> >
> >>
> >>>
> >>> WebID-ISSUE-27 (bblfish): track electronic IDentity (eID) initivatives
> >>> [liaison with other groups]
> >>>
> >>> http://www.w3.org/2005/Incubator/webid/track/issues/27
> >>>
> >>> Raised by: Henry Story
> >>> On product: liaison with other groups
> >>>
> >>>
> >>> On 8 Feb 2011, at 11:11, Henry Story wrote:
> >>>
> >>> In Monday's teleconf Martin Gaedke pointed out
> >>>
> >>> gaedke: regarding electronic IDs, there is something going on in
> >>> Germany
> >>> ... also in other countries ongoing
> >>> <webr3> like the US too
> >>> <gaedke> http://www.epass.de/
> >>> <gaedke> http://www.personalausweisportal.de/
> >>>
> >>> This started the thread on German Identity Cards
> >>> http://lists.w3.org/Archives/Public/public-xg-webid/2011Feb/0097.html
> >>>
> >>> I added a lot of the links that came up on that thread on wikipedia's
> >>> page
> >>>
> >>> http://en.wikipedia.org/wiki/Electronic_identity_card
> >>>
> >>> which is a bit of a mess at present, and not very well written up. They
> >>> are still missing a good simple architectural overview of what eID's
> >>> do.
> >>> In 2009 the EU came out with "Privacy Features of European eID
> >>> CardSpecifications"
> >>>
> >>> http://www.enisa.europa.eu/act/it/eid/eid-cards-en
> >>>
> >>> What is worrying is that the German Identity card is RFID enabled. See
> >>> this video where Chris Piaget queries these cards
> >>>
> >>> http://www.youtube.com/watch?v=9isKnDiJNPk
> >>>
> >>> Not sure if there is a problem here. The german card has a pin, to
> >>> protect
> >>> it.
> >>>
> >>> A lot of the information is either too hight level marketing, or too
> >>> low
> >>> level technical. Some questions we need to answer are are:
> >>> - how do these interact with TLS?
> >>> - Is the TLS/Browser interaction the main use case?
> >>> (The linux article shows this nicely [1])
> >>> => if they interact well then it should be a positive for WebID, as
> >>> it will just
> >>> increase the TLS userbase, and spread eID card readers that could
> >>> also be useful in a web
> >>> of trust
> >>> - they have signature functionality. When is that used? Via TLS?
> >>> - the german id cards readers seem to have SOAP interfaces to query
> >>> them. Is this just legacy stuff.
> >>>
> >>>
> >>> [1] But is the Belgian eID scheme the same as the german one?
> >>> http://nauseamedialis.org/belgian_eid_archlinux
> >>> My guess is that given the ubiquity of the browser, they will all be
> >>> using TLS
> >>>
> >>>
> >>>
> >>>
> >>
> >>
> >>
> >
> > Social Web Architect
> > http://bblfish.net/
> >
> >
> >
> 
> 
> 
 		 	   		  
Received on Tuesday, 8 February 2011 17:24:13 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:06:22 UTC