Re: WebID-ISSUE-27 (bblfish): track electronic IDentity (eID) initivatives [liaison with other groups] from jeff@sayremedia.com on 2011-02-08 (public-xg-webid@w3.org from February 2011)

From: <jeff@sayremedia.com>
Date: Tue, 8 Feb 2011 08:45:17 -0800
To: "Henry Story" <henry.story@bblfish.net>
Cc: jeff@sayremedia.com, "WebID Incubator Group WG" <public-xg-webid@w3.org>
Message-ID: <1cf15fd4de7913c75930b5e77da8df14.squirrel@webmail.sayremedia.com>
>
> On 8 Feb 2011, henry.story@bblfish.net wrote:
>
> Yes, indeed those come together. We should perhaps have a wiki
> page eID
>      eID/Europe
>      eID/USA
>
> To track what is going on.

I agree. A new wiki to pull together the various government identity
initiatives is a good idea.

>
>>
>> It is inevitable that sovereign governments will create their own
>> identification protocols.
>
> Well, I think it is inevitable that they will all end up using TLS,
> just simply because browsers are so widely deployed. We should not
> assume that government officials are unable to see the obvious

I should have been more precise. Instead of saying that governments will
create their own identification protocols, I meant governments will
politicize the issue of Internet-based identity.

I think you are correct in suggesting that we should put forth possible
WebID use cases for governments and NGOs alike. The financial sector is a
great space on which to concentrate.

Jeff

>> I suggest that we consider combining all such government initiatives
>> into
>> a single issue so as to better track and organize our discussions around
>> this important topic.
>
> yes, this is also tied of tracking hardware authentication devices it
> seems,
> which can be deployed by other institutions, such as banks for example. In
> fact once one puts players like banks, states and others the role of
> WebIDs becomes a lot clearer.
>
> There are a few use cases for governments.
>
>   - Give the government a WebID. Each country can create a foaf:Group of
> countries that it trusts to distributed WebIDs. This would be linked
> data. The companies of that country could link to that list, to
> regularly crawl the list of countries to get their latest WebIDs, and so
> allow their users access. (assuming privacy issues are dealt with).
>
>   - Perhaps a similar idea as above but with NASDAQ or some governement
> directly keeping a list of companies WebIDs. So this is useful if I want
> to know that I am doing business with a legal entity, or if my bank, or
> a foreign bank wants to know if some company is legal... [this is very
> vague]
>
>   I am sure Tim Berners' Lee has put up ideas on the subject somehwere
> already 20 years ago....
>
> 	Henry
>
>
>>
>>>
>>> WebID-ISSUE-27 (bblfish): track electronic IDentity (eID) initivatives
>>> [liaison with other groups]
>>>
>>> http://www.w3.org/2005/Incubator/webid/track/issues/27
>>>
>>> Raised by: Henry Story
>>> On product: liaison with other groups
>>>
>>>
>>> On 8 Feb 2011, at 11:11, Henry Story wrote:
>>>
>>> In Monday's teleconf Martin Gaedke pointed out
>>>
>>>   gaedke: regarding electronic IDs, there is something going on in
>>> Germany
>>>   ... also in other countries ongoing
>>>   <webr3> like the US too
>>>  <gaedke> http://www.epass.de/
>>>  <gaedke> http://www.personalausweisportal.de/
>>>
>>> This started the thread on German Identity Cards
>>>  http://lists.w3.org/Archives/Public/public-xg-webid/2011Feb/0097.html
>>>
>>> I added a lot of the links that came up on that thread on wikipedia's
>>> page
>>>
>>>  http://en.wikipedia.org/wiki/Electronic_identity_card
>>>
>>> which is a bit of a mess at present, and not very well written up. They
>>> are still missing a good simple architectural overview of what eID's
>>> do.
>>> In 2009 the EU came out with "Privacy Features of European eID
>>> CardSpecifications"
>>>
>>>  http://www.enisa.europa.eu/act/it/eid/eid-cards-en
>>>
>>> What is worrying is that the German Identity card is RFID enabled. See
>>> this video where Chris Piaget queries these cards
>>>
>>>   http://www.youtube.com/watch?v=9isKnDiJNPk
>>>
>>> Not sure if there is a problem here. The german card has a pin, to
>>> protect
>>> it.
>>>
>>> A lot of the information is either too hight level marketing, or too
>>> low
>>> level technical. Some questions we need to answer are are:
>>>   - how do these interact with TLS?
>>>   - Is the TLS/Browser interaction the main use case?
>>>      (The linux article shows this nicely [1])
>>>     => if they interact well then it should be a positive for WebID, as
>>> it will just
>>>       increase the TLS userbase, and spread eID card readers that could
>>> also be useful in a web
>>>       of trust
>>>   - they have signature functionality. When is that used? Via TLS?
>>>   - the german id cards readers seem to have SOAP interfaces to query
>>> them. Is this just legacy stuff.
>>>
>>>
>>> [1] But is the Belgian eID scheme the same as the german one?
>>>    http://nauseamedialis.org/belgian_eid_archlinux
>>>    My guess is that given the ubiquity of the browser, they will all be
>>> using TLS
>>>
>>>
>>>
>>>
>>
>>
>>
>
> Social Web Architect
> http://bblfish.net/
>
>
>
Received on Tuesday, 8 February 2011 16:45:50 UTC