[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [pki-tc] Sector specific IDs - An EU or user requirement
Anders, Interesting, thanks. Recognizing that there are many perspectives on how to enforce privacy laws and directives, it's interesting that X.509 certificates per se should be viewed as a problem for privacy. Certainly the policies and implementation decision would play a major role in determining what privacy risks were inherent in using certificates (as in the Canadian use of an anonymous DN (the MBUN) in the ePass program architecture. Certificates can still be issued and keys used, but there is no personally identifiable information in the certificate. I'm not sure what the Government of Canada experience has been with this system, but on paper it appears to provide effective privacy protections while maintaining the strength of PKI. John -----Original Message----- From: Anders Rundgren [mailto:anders.rundgren@telia.com] Sent: Saturday, March 18, 2006 5:36 AM To: PKI TC Subject: [pki-tc] Sector specific IDs - An EU or user requirement Hi Guys, You may not be aware of this, but on the continent, the privacy issue in eIDs is a core consideration. It has forced the Austrians to even abandon the X.509 certificate, as the Austrians claim you should have one ID for each site (or sector). They currently in some way, create IDs locally to achieve this. http://europa.eu.int/idabc/en/document/3910/5803 presentation http://europa.eu.int/idabc/servlets/Doc?id=19404 and paper (in the proceedings http://europa.eu.int/idabc/servlets/Doc?id=20734). Although I consider privacy less vital, I would not ignore it, since such ideas could become EU standards. I'm rather proposing that the requirements should be studied and agreed-upon before going further. Particularly the idea that you gradually could reduce the myriad of logins you have today and replace them with TTP based ID-solutions seems nice. This should also be very important for commercial certificate vendors, since it could increase eID usage by a mile. Anders Rundgren --------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail. You may a link to this group and all your TCs in OASIS at: https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]