OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

pki-tc message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: The Norwegian BankID solution

Dear List,

You may, or may not be interested in hearing how others deal
with the eternal question, how to establish a consumer/citizen
PKI that really works.

The majority of the BankID members, have selected what they
call "banklagrad BankID" which is a server-only PKI solution.

The primary advantage with this (particularly from a bank-
perspective), is that the customers can use the same token-boxes,
one-time-pin scratch cards etc. used for on-line banking, also
for authenticating to servers creating PKI-based signatures and
authentications, using schemes similar to 3D Secure and SAML

Another advantage is that this system runs on all client operating
systems needing no software except for a browser, and can even
be used in public places like Internet cafés (although it may be
unwise to handle sensitive information in such environments).

The PKI services are mainly intended for e-government usage
as for Internet banking there is no imminent need for PKI.

The primary reason for e-Governments to consider using PKI is
in my opinion not digital signatures, but rather the fact that PKI is
the currently only known authentication technology supporting
one-to-many relationships* which is important as there may be
thousands of more or less independent public authorities in a
single country.

In essence: "PKI is a better password"

Anders Rundgren

*) For this to work though requires that something like a
   national ID exists otherwise you don't get very far.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]