Posts filed under ‘PKI’
I’m just back from attending eGovernment 2008 in Canberra. For me, the big draw was an opportunity to attend a three hour workshop focussed on the UK’s Government Gateway. I sure wasn’t disappointed- the insights into the Government Gateway were quite an eye opener.
Attending the conference also led me to reflect on how online authentication is working for the Queen’s subjects in the UK, Australia, and New Zealand. It’s quite fascinating how each of them reflect diverse approaches and are also very much a product of their times.
First, Australia. Still very PKI focussed, as in standard X.509 certs in the user’s computer. There are some good intentions from the federal policy body AGIMO (Australian Government Information Management Office) to move on to solutions that work for people (not computers) but the mindset of the average government official is definitely digital certs.
A good example of this focus is the success of VANguard. VANguard’s authentication service is probably best described as an authentication broker whose main function is to allow for interoperability of digital certs issued by various CAs. This is a good step so that businesses (it’s mostly business-focussed) can use the same digital cert with multiple RPs. It’s a back-end hub so that various front-ends and portals, such as bizgate in South Australia, can draw on its functionality. Still, it has all the limitations inherent in the old PKI designs.
It’ll be interesting to see how AGIMO’s proposed National e-Authentication Framework will differ from their existing AGAF (Australian Government e-Authentication Framework) which is separate for businesses and individuals.
Back to the UK’s Government Gateway. From the outside, so much of the focus has been on the UK’s plans for a national identity card that people, including me, can’t distinguish the good stuff they have done and are continuing to do in the online authentication space from the bad. Jim Purves, Head of Product Strategy in the Cabinet Office gave terrific insights into the chequered history of the Gateway as well as plans going forward.
The Gateway is very privacy-protective, very focussed on providing authentication and SSO for the UK Government’s online services. They are introducing SAML 2 soon but that also has the downside of continued support for all the current protocols. They’ve had some significant funding challenges in the past but now have “strategic investors” from within government so the future is bright. Trust and confidence in the Gateway is at an all-time high.
Purely speculative on my part but I think they’ve got a big cloud on the horizon- when the national identity card folks come calling. That could potentially lead to a fundamental change in approach. That’s the unfortunate steamrolling impact of the national identity card. Also interesting how they handle pan-European interoperability but, with a strong Liberty Alliance foundation, I imagine they are well placed to handle that.
So, how does NZ stack up? The proper comparison is with the GLS or Government Logon Service (which will be re-branded igovt later this year). There’s no doubt that the GLS is the most privacy-protective of the lot and has all the right moving bits.
But, there is clearly one area that the GLS should look at- adding a web services (ID-WSF) capability in addition to the current browser re-direct (ID-FF). That will provide many new opportunities off the same infrastructure, such as acting as an authenticating receiver for XML messages. The UK’s Government Gateway currently does that for all electronic tax filings direct from standard tax and accounting packages.
All in all, interesting times and much thinking…
… how the Identity Governance Framework (IGF) continues to evolve. There’s a recent Liberty webcast by Phil Hunt of Oracle New Standards to Protect Privacy Through Governing Policy to get a good feel for the state of play.
… how CardSpace and U-Prove integration pans out. Paul’s conjectured integration is food for thought. So is the comment to his post by Christian Paquin (now part of Microsoft’s Identity and Access Group) that”One design goal (at least, for me) will be to minimize the integration changes for all participants involved in the data flow.”
… how identity-based encryption continues to progress. Interesting article in The Register about a research paper released at the Eurocrypt 2008 conference describing a new cryptographically strong “primitive” that advances functional encryption. Functional encryption tries to simplify things over PKI by allowing data to be encrypted using attributes directly tied to the recipients.
… the fascinating discussions at Liberty’s Privacy Summit. An interesting recent presentation by Sun’s Robin Wilton is a good example which gives a good overview of the ‘Ladder’, ‘Onion’ and ‘Silo’ models.
There are many things to like about Austria’s national identity system. A good overview is the presentation given at Liberty Alliance’s eGovernment Workshop held in Brussels earlier this year.
First, the absence of an external national unique identifier. Every person gets assigned a unique personal identification number (Source-PIN) that is under his/her own control. Each governmental sector is provided its own specific identifier for that person (Sector Specific PIN) which is derived from the Source-PIN using a one-way cryptographic function.
Secondly, their Citizen Card is more of a concept in that it can be issued in a variety of smartcard form factors, for example a Bank Card or Health Card or even a mobile phone.
The Citizen Card contains both limited personal information (first name, last name, date of birth, Source-PIN) as well as the person’s public key information. The card can therefore be used for both authentication and electronic signatures.
Thirdly, their system is based on open standards, specifically SAML (v1.0 Browser Artifact Profile with plans to go to v2.0).
Finally, the system meets the test that Identity 2.0 experts love. These experts argue that the issuer of the identity credential (government) should not know where the person chooses to establish his/her identity. So, if a person goes to a video/DVD rental store and uses the Citizen Card to prove his/her identity, government has no business in knowing or tracking that. The Austrian system passes that test.
Ironically, in my personal opinion, it is also its major weakness. This is one area that I differ from the Identity 2.0 experts.
As a national identification system, I believe there needs to be a way for government to inform places where an identification credential is used in the event of proven identity fraud. It is not enough to stop future use of a fraudulent identity (say by means of a revocation list in the PKI infrastructure) but an ability to proactively unwind transactions based on that fraudulent identity.
There seem to be a few more minor issues but they are comparatively minor. The first is that all the person’s attributes (first name, last name, and date of birth) are available to everyone to whom identity is proven. Notwithstanding the fact that there is a very small amount of personal information on the Card, there are cases where even these attributes are not required and therefore should not be given. For example, to buy alcohol and prove the person is 18+.
Secondly, it is not clear how the person’s attributes stored on the Card can be easily changed or updated, e.g. in case of a change of name or administrative error.
Finally, as with all smartcards used for online authentication, the need for smartcard readers to access the digital certificate. However, it may be that widespread availability of smartcard readers (one for every computer) is not a problem in Austria.
Overall, there are many, many positive things about Austria’s national identity system that other countries can learn from.
In my previous post about interoperable authentication credentials, I had referred to news from Australia in which ANZ Bank is piloting how its business customers can use their bank-issued smartcards with government.
In light of the FinancialTech Insider article, in retrospect I should have mentioned that the smartcards issued by ANZ use the IdenTrust certificate for authentication with the government. This re-emphasises the efforts being made by IdenTrust to breathe new life into banks’ PKI infrastructures.
The article makes a good point that, “IdenTrust is the only bank-developed identity authentication platform and unlike other digital ID solutions, it emphasizes the interoperability of its digital certificates and their ability to function cross-border.”
This might just be enough to give the banks an edge as a global-scale identity player.
Still, it is hard to overlook the troubled history of PKI. Much has been written about the problems with PKI. One of the good ones is by security guru Peter Gutmann called “Everything you Never Wanted to Know about PKI but were Forced to Find Out.”
With a title like that, it’s an insightful but very long read!