Re: [egov] Authentication to e-Government services

["Anders Rundgren" <anders.rundgren@telia.com>]

Hi David,
This is a complicated task as the goal would be that this
machinery would be a part of a standard browser.  What the
EU, NIST and others could do is essentially to prepare
requirements.  The standardization process is probably
a bit leaning towards W3C as they have at least historically
catered for browser-related standards.  I do believe though
that it is vital that the public sector is well represented in order
to end up with something useful.  The financial sector should
also take a seat or two as as it seems that banks are gearing
up to support e-governments with citizen certificates.

Anders

----- Original Message ----- 
From: "David RR Webber" <david@drrw.info>
To: "Anders Rundgren" <anders.rundgren@telia.com>; <egov@lists.oasis-open.org>
Sent: Sunday, November 02, 2003 16:30
Subject: Re: [egov] Authentication to e-Government services


Anders,

Has any effort been done to develop an EU standard?

Maybe a joint research project between EU, NIST and NTT
would be the way to go on this?

DW

----- Original Message ----- 
From: "Anders Rundgren" <anders.rundgren@telia.com>
To: <egov@lists.oasis-open.org>
Sent: Sunday, November 02, 2003 6:34 AM
Subject: [egov] Authentication to e-Government services


> Dear all,
>
> As authentication of citizens is a primary function of most e-Government
> systems, I thought that the following might be of some interest.
>
>
> Web (browser) PKI Standards - A study
> ----------------------------------------------
>
> I have on behalf of a client, taken the liberty to investigate the state
of
> client-side PKI support in web-browsers with respect to standards
> and interoperability.  There were several reasons for performing this
> study, and a major such was that we have found that none of the pretty
> large Nordic e-government initiatives and on-line banks, actually use
> the browsers' built-in client-side PKI mechanisms at all, most of them
> rather rely on Java applets developed by various ISVs.  The reason for
> this is very obvious:
>
> =============================================
>    Practically every piece of client-side Web-PKI, ranging
>    from on-line certification support to on-line (web-form)
>    signing, is currently entirely vendor-dependent
> =============================================
>
> Some people point to Microsoft and Netscape and maintain that this
> situation is "their fault".  I believe this explanation is far too
simplistic.
> Here is another analysis for what it is worth:
>
> 1) The SW industry supplying basic technology such as operating systems
> and browsers, is entirely dominated by US companies.  However, the US
> is also severely lagging with respect to the usage of PKI which probably
> is taken as a sign by these SW vendors that "there is no market for PKI".
>
> 2) The financial sector in Europe and Asia were the first to take
advantage
> of large-scale usage of client-side PKI and digital signatures.  However,
> the very same financial sector has also demonstrated marginal interest in
> participating in the development of standards that "anybody" could use.
>
> 3) The public sector is the second largest user of PKI (here again looking
> at Europe and Asia), but seems generally lacking a "voice" in the few
> organizations that actually "set the standards".  It is rather the
opposite,
> the public sector appears to be heavily dependent on external consultants
> that usually also have strong ties to certain vendors and their working,
> but unfortunately mostly proprietary solutions.
>
> Assuming that there will be billions of users of Web-PKI in a few years
> from now (here adding the crowd likely to use "The Mobile Internet"),
> it seems that there are quite a few things that need to be fixed.
>
> Regards
> Anders Rundgren
> Independent Consultant, PKI and e-business
> + 46 70 627 74 37 (on CET)
>
>
> To unsubscribe from this mailing list (and be removed from the roster of
the OASIS TC), go to
http://www.oasis-open.org/apps/org/workgroup/egov/members/leave_workgroup.php.
>
>