European Workshop on Trust & Identity

In cooperation with GeantLogo184x80

EIW 2013 Tue Session 1A

Whose identiy is it anyway?

Gov / Academic / Social ID - a place for everyone

Convener: Ajay
Notetaker: Nicole

  • Can you ‘trust’ your government ID for other ‘uses’?


Massively different uses of the national ID card (physical) and online credentials.

  • Use case of logging in to comment on a national newspaper.


The context of verification. Should I have to provide some sort of verified identity? In most criminal cases this can be traced anyway.

  • What sort of ownership do I have of my ‘eID’?


Is there such a thing as a citizen ID? We tend to view them more as government owned ID that is forced upon us and we have to use in certain contexts. If we changed the sense of ‘ownership’ of this towards the citize

  • Is there a continued role for educational institutions as ID providers?


Why do educational institutions currently act as credential providers? Is it a control thing, is there a value add here?

  • What about current ‘universal’ IDs?


Not really comparable. The context in which we use credit cards to pay or driving licenses to prove age don’t really stand up to the use cases we are discussing in the federated space.

  • Who actually physically provide the eID? Does the government physically control the infrastructure?


The UK has recently tendered for a group of external providers to be the identity services used by citizens. There is not a great match between these providers and credentials that people would naturally have (although paypal are now on board) but it blurs the picture of social / citizen / government yet more.

  • What about student mobility? Does social ID help here?


Is ORCID solving this? No – ORCID is just concerned with academic identifiers. There are some services looking at solving this problem – such as the CommIT project in the US (http://www.pesc.org/interior.php?page_id=214) and Digitary services such as DARE (ww.digitary.net/ukdare) in the UK.

We tend to end up using gateways / proxies/ fudges to make all of this work nicely together. Many of these tend to be provided on an as is basis – relying on APIs from services like Google / Facebook that can and do change frequently.

  • Why are none of the sectors doing well at working outside their space


(government, health, social, education)?

Constraints of funding, constraints of governance.

  • Watch out for the telcos?


Will this actually be about google / apple or will we really see sim cards, phones as the identifiers?