RE: WebID-ISSUE-27 (bblfish): track electronic IDentity (eID) initivatives [liaison with other groups] from Peter Williams on 2011-02-08 (public-xg-webid@w3.org from February 2011)

From: Peter Williams <home_pw@msn.com>
Date: Tue, 8 Feb 2011 08:24:31 -0800
To: <jeff@sayremedia.com>, "public-xg-webid@w3.org" <public-xg-webid@w3.org>
Message-ID: <SNT143-w5448ED027E9CFA7AD7D27F92EA0@phx.gbl>
I'd keep the card concept and the bridge concept distinct.
 
The americans are only regulating - not mandating. The german scheme is doing both, repeating the experiment tried in Australia. The regulation tries to standardize quality metrics, whereas the mandate is about excluding.
 
But, its helping round out the concept set. At the commodity level, there is the de-centralized, highly individualized webid. But, it can be built upon - to address social contracts with more organizational flavor.
 
The power of X.509 was that it stayed a framework, free of politics (mostly, standardizing the RSA cipher excepted). It allows a space of opinion.
 
We also have to keep in balance that the webid trust properties have to be is webby - being between profiles - not between keys. Thus we can avoid (hopefully) the error IETF made, in getting involved in KMI and trying to tie *everything* to crypto assurance (instread of twitter/facebook-style follower culture).
 
 
> Date: Tue, 8 Feb 2011 07:49:31 -0800
> From: jeff@sayremedia.com
> To: public-xg-webid@w3.org
> Subject: Re: WebID-ISSUE-27 (bblfish): track electronic IDentity (eID) initivatives [liaison with other groups]
> 
> We should package this issue along with ISSUE-8: US (Commerce Department?)
> ID initiative
> 
> http://www.w3.org/2005/Incubator/webid/track/issues/8
> 
> It is inevitable that sovereign governments will create their own
> identification protocols. In the discussion threads linked to in the above
> link, I commented on how government-run identity protocols are
> antithetical to the Web as the Web (and of course the Internet) transcends
> national boundaries.
> 
> I suggest that we consider combining all such government initiatives into
> a single issue so as to better track and organize our discussions around
> this important topic.
> 
> >
> > WebID-ISSUE-27 (bblfish): track electronic IDentity (eID) initivatives
> > [liaison with other groups]
> >
> > http://www.w3.org/2005/Incubator/webid/track/issues/27
> >
> > Raised by: Henry Story
> > On product: liaison with other groups
> >
> >
> > On 8 Feb 2011, at 11:11, Henry Story wrote:
> >
> > In Monday's teleconf Martin Gaedke pointed out
> >
> > gaedke: regarding electronic IDs, there is something going on in
> > Germany
> > ... also in other countries ongoing
> > <webr3> like the US too
> > <gaedke> http://www.epass.de/
> > <gaedke> http://www.personalausweisportal.de/
> >
> > This started the thread on German Identity Cards
> > http://lists.w3.org/Archives/Public/public-xg-webid/2011Feb/0097.html
> >
> > I added a lot of the links that came up on that thread on wikipedia's page
> >
> > http://en.wikipedia.org/wiki/Electronic_identity_card
> >
> > which is a bit of a mess at present, and not very well written up. They
> > are still missing a good simple architectural overview of what eID's do.
> > In 2009 the EU came out with "Privacy Features of European eID
> > CardSpecifications"
> >
> > http://www.enisa.europa.eu/act/it/eid/eid-cards-en
> >
> > What is worrying is that the German Identity card is RFID enabled. See
> > this video where Chris Piaget queries these cards
> >
> > http://www.youtube.com/watch?v=9isKnDiJNPk
> >
> > Not sure if there is a problem here. The german card has a pin, to protect
> > it.
> >
> > A lot of the information is either too hight level marketing, or too low
> > level technical. Some questions we need to answer are are:
> > - how do these interact with TLS?
> > - Is the TLS/Browser interaction the main use case?
> > (The linux article shows this nicely [1])
> > => if they interact well then it should be a positive for WebID, as
> > it will just
> > increase the TLS userbase, and spread eID card readers that could
> > also be useful in a web
> > of trust
> > - they have signature functionality. When is that used? Via TLS?
> > - the german id cards readers seem to have SOAP interfaces to query
> > them. Is this just legacy stuff.
> >
> >
> > [1] But is the Belgian eID scheme the same as the german one?
> > http://nauseamedialis.org/belgian_eid_archlinux
> > My guess is that given the ubiquity of the browser, they will all be
> > using TLS
> >
> >
> >
> >
> 
> 
>
Received on Tuesday, 8 February 2011 16:25:25 UTC