[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [egov] Authentication to e-Government services
Anders, Has any effort been done to develop an EU standard? Maybe a joint research project between EU, NIST and NTT would be the way to go on this? DW ----- Original Message ----- From: "Anders Rundgren" <anders.rundgren@telia.com> To: <egov@lists.oasis-open.org> Sent: Sunday, November 02, 2003 6:34 AM Subject: [egov] Authentication to e-Government services > Dear all, > > As authentication of citizens is a primary function of most e-Government > systems, I thought that the following might be of some interest. > > > Web (browser) PKI Standards - A study > ---------------------------------------------- > > I have on behalf of a client, taken the liberty to investigate the state of > client-side PKI support in web-browsers with respect to standards > and interoperability. There were several reasons for performing this > study, and a major such was that we have found that none of the pretty > large Nordic e-government initiatives and on-line banks, actually use > the browsers' built-in client-side PKI mechanisms at all, most of them > rather rely on Java applets developed by various ISVs. The reason for > this is very obvious: > > ============================================= > Practically every piece of client-side Web-PKI, ranging > from on-line certification support to on-line (web-form) > signing, is currently entirely vendor-dependent > ============================================= > > Some people point to Microsoft and Netscape and maintain that this > situation is "their fault". I believe this explanation is far too simplistic. > Here is another analysis for what it is worth: > > 1) The SW industry supplying basic technology such as operating systems > and browsers, is entirely dominated by US companies. However, the US > is also severely lagging with respect to the usage of PKI which probably > is taken as a sign by these SW vendors that "there is no market for PKI". > > 2) The financial sector in Europe and Asia were the first to take advantage > of large-scale usage of client-side PKI and digital signatures. However, > the very same financial sector has also demonstrated marginal interest in > participating in the development of standards that "anybody" could use. > > 3) The public sector is the second largest user of PKI (here again looking > at Europe and Asia), but seems generally lacking a "voice" in the few > organizations that actually "set the standards". It is rather the opposite, > the public sector appears to be heavily dependent on external consultants > that usually also have strong ties to certain vendors and their working, > but unfortunately mostly proprietary solutions. > > Assuming that there will be billions of users of Web-PKI in a few years > from now (here adding the crowd likely to use "The Mobile Internet"), > it seems that there are quite a few things that need to be fixed. > > Regards > Anders Rundgren > Independent Consultant, PKI and e-business > + 46 70 627 74 37 (on CET) > > > To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/egov/members/leave_workgroup.php. > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]