[OpenID - Eu] Privacy and Security Risks when Authenticating on the Internet with European eID
Henrik Biering
hb at netamia.com
Tue Dec 22 11:59:11 UTC 2009
Robert Ott wrote:
> Now to the OpenID scenario. As SuisseID is based on standard X-509 certificates, there is no barrier that OpenID providers can accept these client certificates and map such certificates to already existing OpenID's. There are providers such as MyOpenID and our Clavid service providing such functionality for free. Thus, user centric OpenID scenario's are already possible today.
>
This direct model does not work for Danish citizens as the government
and the one company to which they have outsourced the ID management
(http://www.danid.dk) requires payment from any company that accepts
client certificates from a user. This is clearly not a scalable model -
and in particular not workable as regards international use.
Kick Willemse wrote:
> 2. In the NL an additional role is introduced "authentication broker" to
> make sure all the RP's do not have to implement all the different SAML IDP
> services individually (And manage all national/ international contractual
> relationships).
>
Not the least for the reason mentioned in my response to Robert, this
"Authentication broker" model is also what we are currently looking into.
> 3. I think using the e-ID could help to keep OpenID decentralised.
> Individuals could use their e-ID to certify their own openid server?
Effective from 1 July 2010 danish citizens will no longer be able to
access their own private key. This will be stored centrally with DanID.
There has been lots of heated discussions in various IT related media
about this change.
=henrik
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-eu/attachments/20091222/770ef285/attachment.htm>
More information about the eu
mailing list