The Estonian eID. Re: South Korean ID system to be rebuilt from scratch from Anders Rundgren on 2014-10-20 (public-credentials@w3.org from October 2014)

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Mon, 20 Oct 2014 17:32:37 +0200
To: public-credentials@w3.org
Message-ID: <54452B15.2060105@gmail.com>

The Estonian eID system has been viewed as a success.

Now they are facing huge problems since their system is based on browser plugins
which about to be "outlawed".

This is one of the areas which WebCrypto.Next is about to address.
Personally I think it won't work for the same reason EMV-cards never made it to the web
(The web is an entirely different execution environment than locally installed "trusted" code).

The right solution (TM) is IMO to honor the application but scrapping the technology.

Anders

On 2014-10-20 17:23, Manu Sporny wrote:
> On 10/18/2014 12:22 PM, ottonomy@gmail.com wrote:
>> This article doesn't get deep into technical details, but it does
>> say Estonians can authenticate their ownership of an identity and
>> sign documents (and they have two corresponding PINs for their ID
>> card.) And if cards are lost they can be cancelled.
>
> Yep, important lessons to be learned from the Estonians:
>
> http://en.wikipedia.org/wiki/Estonian_ID_card
> http://siteresources.worldbank.org/EXTEDEVELOPMENT/Resources/Martens_Estonia.ppt
>
> It's basically a chip-and-pin card based on open standards,
> public/private key crypto, and X.509.
>
> These same fundamental things underpin the Secure Messaging[1] and
> Identity Credentials[2] specs. For example:
>
> 1. It's based on public key crypto and is compatible w/ X.509. The
>     technology can be used for digital signatures and encryption.
> 2. Credentials are assigned to a single identity.
> 3. An identity always has a public key associated with it so that the
>     identity can use their private key to prove ownership over a
>     particular credential. This is important because receivers want
>     to have proof that the sender of a credential is also the entity
>     that the credential was initially assigned to and that they
>     authorized the credential to be sent to the receiver.
> 4. If a private key is stolen, the public key can be deactivated by the
>     owner of the identity. Assigning a new public key is a fairly
>     trivial process.
>
> The downsides for the Estonian system:
>
> 1. It requires a government issued card.
> 2. Centralized certificate authority (privately run, government-backed
>     monopoly).
> 3. Sledge-hammer approach. Required if you're over the age of 15.
>     Requires you to walk into a regional office (no gradual steps to go
>     from "unidentified" to "weakly proofed identity", to "strongly
>     proofed identity").
>
> It's really an impressive feat considering they started working on this
> back in 1997, when PKI was /really/ bleeding edge.
>
> -- manu
>

Received on Monday, 20 October 2014 15:33:15 UTC