OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

pki-tc message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [pki-tc] Sector specific IDs - An EU or user requirement


Interesting, thanks.  Recognizing that there are many perspectives on
how to enforce privacy laws and directives, it's interesting that X.509
certificates per se should be viewed as a problem for privacy.
Certainly the policies and implementation decision would play a major
role in determining what privacy risks were inherent in using
certificates (as in the Canadian use of an anonymous DN (the MBUN) in
the ePass program architecture.  Certificates can still be issued and
keys used, but there is no personally identifiable information in the
certificate.  I'm not sure what the Government of Canada experience has
been with this system, but on paper it appears to provide effective
privacy protections while maintaining the strength of PKI.


-----Original Message-----
From: Anders Rundgren [mailto:anders.rundgren@telia.com] 
Sent: Saturday, March 18, 2006 5:36 AM
Subject: [pki-tc] Sector specific IDs - An EU or user requirement

Hi Guys,

You may not be aware of this, but on the continent, the privacy issue in
eIDs is a core consideration.  It has forced the Austrians to even
the X.509 certificate, as the Austrians claim you should have one ID for
site (or sector).  They currently in some way, create IDs locally to
achieve this.

http://europa.eu.int/idabc/en/document/3910/5803 presentation 
http://europa.eu.int/idabc/servlets/Doc?id=19404 and paper (in the 
proceedings http://europa.eu.int/idabc/servlets/Doc?id=20734).

Although I consider privacy less vital, I would not ignore it, since
ideas could become EU standards.  I'm rather proposing that the
requirements should be studied and agreed-upon before going further.

Particularly the idea that you gradually could reduce the myriad of
you have today and replace them with TTP based ID-solutions seems nice.
This should also be very important for commercial certificate vendors,
it could increase eID usage by a mile.

Anders Rundgren

To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail.  You may a link to this group and all your TCs in

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]