- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Sat, 12 Mar 2016 07:09:37 +0100
- To: Mitar <mmitar@gmail.com>
- Cc: Crispin Cowan <crispin@microsoft.com>, "timeless@gmail.com" <timeless@gmail.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
On 2016-03-12 06:42, Mitar wrote: > Hi! > > On Fri, Mar 11, 2016 at 9:27 PM, Anders Rundgren > <anders.rundgren.net@gmail.com> wrote: >> In my old country (Sweden) I can log in to (almost) any of the national >> banks >> (assuming I have an account there), to all e-government services as well as >> sending money in real-time only using a phone number as account identifier, >> all based on Mobile BankID which is an "App" + X.509 certificate. S/MIME? >> N/A (which says something about the state of eID "standardization"). > > Can you sign legally bound online petitions? Can you yourself develop > a platform where people could sign such petitions? In theory you can but due to the general awkwardness of the Swedish eID (closed, contract-based, paying relying parties), it won't happen. Its only purpose was/is streamlining citizens access to existing services. Note: I was always very much against a closed eID but these days I only work with eID technology and let other folks deal with businesses models, and legality. When it comes to legality I believe the eID bandwagon got rolling (it is?) the wrong way. No other important technology needed a legislation _before_ it was established, be it cars, nuclear energy, or the Web. In the real world case law has proved to be more practical like using DNA for forensics. That is, it is up to a court to decide if a signature is legally binding or not. Most of the eID folks who talk about legally binding signatures tend to focus on edge-cases like wills, selling your house etc. rather than the mundane (boring) day-to-day transactions which are really worth casting in IT. I don't know if it makes you (or anybody else) happier but the 1Bn+ "secure payments cards" does after 20 years still not work on the Web which is why they print the userid/password (PAN + CVC) on the surface to enable usage in what the payment industry calls "Card Not Present" operations! Apparently there is a major "Impedance Mismatch" between different parties in this space...why would eID be any different? Anders
Received on Saturday, 12 March 2016 06:10:47 UTC