Re: White paper of proposed architecture for NSTIC

Hi Anders,

> The problem with this and similar efforts is that you need a
> *platform*.
> 
> The only party that actually has a platform worth mentioning
> is Apple with their iPhone.
> 
> Popular, can host credentials, can be on-line provisioned,
> great connectivity.

Why do you need a platform?  Why can't the browser manage
your credentials (whether or not they are stored in a smart
card).

> Unfortunately I don't think the NSTIC people are prepared
> shelling out any money except on projects using their "own"
> platform, i.e. PIV.  This platform is severely constrained
> and does neither support multiple credentials nor on-line
> provisioning.
> 
> PIV doesn't fit your bank-case.
> 
> That people outside the Feds doesn't have card readers is
> also an indication how "off" this thing would be as a
> foundation for a vibrant identity ecosystem.

NSTIC is not about PIV.  I believe many people involved with
NSTIC think PKI certificates, such as those stored in PIV
smart cards, are a thing of the past, to be replaced with
"privacy-enhanced" credentials such as Idemix anonymous
credentials or U-Prove tokens.  I myself think PKI
certificates have an important role to play going forward,
coexisting with privacy-enhanced credentials.

NSTIC is still pretty much a blank slate.  The first
workshop on technology has not taken place yet.  I'm told it
will take place in the Bay Area during the week of September
19.  I encourage you to attend and contribute your ideas.

> Platform = HW + SW.

Francisco

Received on Wednesday, 20 July 2011 19:25:11 UTC