RE: German eID

Hi,

Personally, I am less concerned about the technical aspects.

"Künftig können Sie mit dem neuen Personalausweis viele Dienste im Internet und an Automaten bequem, einfach und sicher nutzen, die bisher mit einem aufwendigen Registrierungsprozess verbunden sind. Die Anbieter dieser Dienste können Unternehmen oder Behörden sein. Nur Anbieter, die eine Berechtigung von der Vergabestelle für Berechtigungszertifikate (VfB) im Bundesverwaltungsamt bekommen, dürfen Dienste mit dem neuen Personalausweis anbieten."

The bottom line is: only companies and government agencies will be legally offer services that leverage the new eID authentication. Corporate entities will have to get a government permit.

Two possible (favourable) scenarios:

- national governments adopt WebID (quite unlikely given current maturity and political support) for their eAuth purposes
- the eID cards become a media to store WebIDs along with the gov issued identity (quite a few legal issues)

As Mr. Williams said, it comes down to W3C's lobby and liaising capabilities whether the emerging standard will get traction in government agencies.

TimBL was very successful in promoting Linked Data in the British and US gov, so I do have hopes.

Laszlo


-----Original Message-----
From: public-xg-webid-request@w3.org [mailto:public-xg-webid-request@w3.org] On Behalf Of Henry Story
Sent: Dienstag, 8. Februar 2011 11:11
To: WebID XG
Cc: Martin Gaedke
Subject: German eID

In Monday's teleconf Martin Gaedke pointed out

gaedke: regarding electronic IDs, there is something going on in Germany
.... also in other countries ongoing
<webr3> like the US too
<gaedke> http://www.epass.de/
<gaedke> http://www.personalausweisportal.de/

I found the technical details here
http://www.personalausweisportal.de/cln_102/SharedDocs/Downloads/DE/Technik_Flyer.html?nn=830460

As I understand these card work with a public key infrastracture. The CA is
certificate is a Card Verifiable Certificates ISO 7816, and the certificates
for the qualified electronic signature are X509 certs.

It will require client software that supports the eCard-API, and an eID server. These are defined here www.bsi.bund.de.

 1. BSI TR-03110 EAC und PACE
 2. BSI TR-03112 eCard-API
 3. BSI TR-03127 Architektur
 4. BSI TR-03130 eID-Server

Perhaps the picture here helps
https://www.bsi.bund.de/ContentBSI/Publikationen/TechnischeRichtlinien/tr03112/index_htm.html

Not sure how international these standards are, or how open. 


It would be intresting to see if browsers can interact with these cards, if they contain an X509 certificate, and if these could contain a WebID.

Henry


Social Web Architect
http://bblfish.net/

Received on Tuesday, 8 February 2011 12:54:48 UTC