[OpenID] OpenID Registration Scenario

John Wang jwanggroups at gmail.com
Thu Jul 12 17:47:10 UTC 2007 

On 7/12/07, Martin Paljak <martin at paljak.pri.ee> wrote:
>
> On 12.07.2007, at 18:43, John Wang wrote:
>
> > For nationally issued ID documents, I wouldn't be surprised if
> > government agencies like customs will have readers, but I doubt
> > most individuals will have readers (that require external hardware
> > and software drivers) to use them from their personal computers.
>
> Many newer laptops have smart card readers built in.


I'm not up to date on this. What percentage of new laptop sales have
built-in smart card readers? Do major laptop vendors like Apple, Dell,
Gateway, HP and Lenovo include built-in smart card readers in their popular
models?

Many computer
> sellers in Estonia bundle a card reader with their offer and it costs
> about 6€ to buy one from virtually any computer shop in Estonia if
> your coputer does not have it. Currently roughly 80% of Estonians
> have an eID card. 50k+ users use it already (I guess daily. And the
> number is growing fast, expected to reach 300k+ by 2009).


Thanks for mentioning the Estonia eID project. According to
https://open.id.ee/about/english, Estonia eID "has not yet been offically
launched and is in public beta phase." I'll read up on this more soon but it
is it far enough along to claim success or would it be better to wait and
see a bit longer? My guess is the following is a marketing, not technical,
claim "Your online identity can never be stolen because your OpenID is
attached to your real identity." Never is a very strong word. One way to
make this difficult to steal would be to require biometrics at
known/controlled authentication points but even in those situations,
compromise can happen. I didn't see any biometric component for the eID so
I'm not sure how it would be tied to one's real identity.

Also, what do you mean by "bundle"? Is it an external USB device or built
right into the computer as an internal, unremovable (except with
screwdriver) component? I'm not sure about the eID project but just giving
free external readers to people hasn't been successful in getting them to
use them in the past.

Most institutions that actually bite security (like banks) already have
> their internal smart card rollouts for years I guess.


Internal roll out is a bit different than consumer use on an external
network. Smart cards and other authentication devices that require
infrastructure upgrade are typically more successful when the issuer also
controls the infrastructure, however this isn't the case with consumer PCs
attached to the Internet. If they have had successful rollouts, I imagine
they would be talking about them and we wouldn't have to speculate. Which
major banks of done this successfully?

Looking at usage patterns you are looking from a different view point
> - government stuff does not mean 'only those who can be forced to use
> shall use them' - people buy stuff if it helps them do something more
> easily. Digital signatures and e-services enabled by having strong
> authentication are something that allow me to live in my summer
> cottage all summer and never leave it as I can do most 'paperwork'
> over the internet. Securely. I save 2x the price of the reader if I
> don't have to go to the city for some 'official stuff'.


I'm sure most of the people on this list can be classified as "early
adopters" but will it pass the "grandmother test"?

You will buy a reader if you have something to do with it.
>
> > After all, why don't end users have magstripe readers for credit
> > cards with their personal computers today?
> > The hardware as been available but I don't think the benefits
> > justify the additional costs.
>
> Magnetic stripes is not a technology to compare with smart cards
> (even though you can find them both on credit cards) Magstripe is
> just a way of 'reading data' whereas smart cards provide actual value
> (crypto) not just a bunch of bits to blindly read.


They are different in terms of technology but they have the same reader
issues from an end user perspective. People have been trying to get Internet
users on smart cards for over 10 years.

I'll leave the future predictions alone for now but it would be interesting
if they do take off. I'm also waiting for the day we can automatically split
group lunch costs and "beaming" money to the restaurant instead of using
cash. That would be cool IMO.

-- 
John Wang
http://www.dev411.com/blog/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20070712/9a33d559/attachment-0002.htm>

More information about the general mailing list