OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

pki-tc message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: Re: [pki-tc] US e-government ID-challenge

Military steps
Some smart-card ID systems have been deployed and have become defacto
machine-readable ID systems.  In the States much of technology is driven by the
military.  This US military has rolled out a chip-based ID card.  This idea is also
gaining traction with health-care delivery systems; many times operated by a State
State government steps
Some movement is taken place to bolster credentials for Driving Licenses.  After
9-11 there seems more willingness to review and modify State licensing programs.
Example; the State of Ohio dropped the habit of issuing a driver's license for four
years to non-resident aliens.  Now, your State of Ohio license expires when your
VISA credentials expire.  If your Immigration and Naturalization Service [INS] non-
resident alien card expires on October 5, 2003; so will your Driver's license.
I seem more movement in identity consolidation or identity aggregation at the present.
No one is ready to tackle a large strategic program like a major roll-out of a new
identity system.
Dave Sweigert
----- Original Message -----
Sent: Friday, February 14, 2003 10:02 AM
Subject: Re: [pki-tc] US e-government ID-challenge

I think you answered another question, how to carry your citizen-ID.
Due to [censored lines concerning banks, card manufacturers and software makers] practically everybody have shelved their smart card-based PKI ID-programs.  But PKI is still alive and well although only in the form of "soft" certificates.  In Scandinavia millions of on-line bank-customers use such.
But the question was really how e-governments are supposed to work in the absence of naming-systems aligned to on-line activity.  The Swedish system is based on a unique static citizen code which is used as a universal "key" in authorities' information systems.  To introduce such schemes in countries like the US, seems impossible as peoples' trust in governments seem relatively limited.
A counter-measure could be that independent ID-providers like banks, supported naming-schemes like the following:
- ID-provider (globally unique id)
- Common Name (of subject)
- Client number (static locally unique id)

Sample ID: "http://www.mybank.com/gid" : "CN=Marion Anderson, serialNumber=0766864"

This would work as globally unique pseudo-citizen-codes but without the political problems associated with huge central registries held by government authorities.

In case some parties need other information about the subject like social security number, registered address etc, the client (citizen) can using the very same certificate, request their bank (using an on-line service), to create a signed registry file based on other account information.
Anders Rundgren
Consultant in PKI and secure e-business
+46 70 - 627 74 37
----- Original Message -----
Sent: Friday, February 14, 2003 15:26
Subject: Re: [pki-tc] US e-government ID-challenge

I am not sure I understand the argument.
I worked in Luxembourg for a year attempting to launch a PKI-based
credit card [see the Providian GetSnart VISA concept]. 
It didn't take off because web-access control systems aren't supporting
user-end use of smart cards.  Microsoft interfaced to smart card readers
with Windows 2000 and how many clients have implemented smart-
card based authentication in W2K; I bet only a handful.
My humble thoughts.
David Sweigert, CISSP
----- Original Message -----
Sent: Friday, February 14, 2003 4:04 AM
Subject: [pki-tc] US e-government ID-challenge

This is a very silent list but I give it a try anyway.
Coming from a country (Sweden) that established a working national identity-scheme some 40 years ago, which was with ease "recasted" into PKI, I wonder how countries like the US, lacking such systems are going to get e-governments running.
As far as I know, social security numbers as used in the US are not sufficient as there are duplicates and many countries do not have identity systems at all, that are aligned to on-line usage.
Anders Rundgren
Consultant PKI and secure e-business

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC