Austrian ID system
There are many things to like about Austria’s national identity system. A good overview is the presentation given at Liberty Alliance’s eGovernment Workshop held in Brussels earlier this year.
First, the absence of an external national unique identifier. Every person gets assigned a unique personal identification number (Source-PIN) that is under his/her own control. Each governmental sector is provided its own specific identifier for that person (Sector Specific PIN) which is derived from the Source-PIN using a one-way cryptographic function.
Secondly, their Citizen Card is more of a concept in that it can be issued in a variety of smartcard form factors, for example a Bank Card or Health Card or even a mobile phone.
The Citizen Card contains both limited personal information (first name, last name, date of birth, Source-PIN) as well as the person’s public key information. The card can therefore be used for both authentication and electronic signatures.
Thirdly, their system is based on open standards, specifically SAML (v1.0 Browser Artifact Profile with plans to go to v2.0).
Finally, the system meets the test that Identity 2.0 experts love. These experts argue that the issuer of the identity credential (government) should not know where the person chooses to establish his/her identity. So, if a person goes to a video/DVD rental store and uses the Citizen Card to prove his/her identity, government has no business in knowing or tracking that. The Austrian system passes that test.
Ironically, in my personal opinion, it is also its major weakness. This is one area that I differ from the Identity 2.0 experts.
As a national identification system, I believe there needs to be a way for government to inform places where an identification credential is used in the event of proven identity fraud. It is not enough to stop future use of a fraudulent identity (say by means of a revocation list in the PKI infrastructure) but an ability to proactively unwind transactions based on that fraudulent identity.
There seem to be a few more minor issues but they are comparatively minor. The first is that all the person’s attributes (first name, last name, and date of birth) are available to everyone to whom identity is proven. Notwithstanding the fact that there is a very small amount of personal information on the Card, there are cases where even these attributes are not required and therefore should not be given. For example, to buy alcohol and prove the person is 18+.
Secondly, it is not clear how the person’s attributes stored on the Card can be easily changed or updated, e.g. in case of a change of name or administrative error.
Finally, as with all smartcards used for online authentication, the need for smartcard readers to access the digital certificate. However, it may be that widespread availability of smartcard readers (one for every computer) is not a problem in Austria.
Overall, there are many, many positive things about Austria’s national identity system that other countries can learn from.