Ideas

Establishing national managed Identity Federations (EU-28)

  • Heinrich Mautne... profile
    Heinrich Mautne...
    6 May 2015 - updated 4 years ago
  • 2 comments
    Total votes: 1

PROBLEMS & FACTS

 

  1. For every citizen it is clear, that his/her travelling passport is validated in the own country and nowhere else.
  2. For every citizen it is clear, that this document (passport) has a great value and identifies him/her in a legally valid manner
  3. In daily (offline) life every citizen uses at least 4 different identities (ID) in different situations in his/her lifetime.
  1. legally valid - ID (governed by state, eg. passport)
  2. proofed-ID (act of verifying an ID document by someone and saving these ID-data for eg. Telco-Contract, imatriculation, etc Thus this verified ID becomes a „proofed-ID“)
  3. self-claimed-ID ( data that we communicate to other parties without verification by these parties eg. Hello, my name is Donald Duck)
  4. anonymous-ID (Hi, Buddy! whereby „Buddy“ is simply authenticated by repeatedly recognition of someones face, voice, behavior, etc)
  1. This „ID- Behavior“ has been formed over decades and is the base of social interaction worldwide.
  2. After 15 years of commercialized internet we still have not managed to transfer offline ID-Behavior to the DIGITAL LIFE

 

instead we

 

  1. exchange personal data based on „self-claimed-ID“ or „anonymous-ID“ for registrations to web accounts which are then governed by US firms outside the EU
  2. make this data available in order to „supposedly“ legally  binding agreements (Terms and conditions)
  3. share secrets (Passwords) for beeing able to authenticate against these webaccounts
  4. are landing in a password-hazzle (Ø 30 webaccounts/online user in EU)
  5. share these pesronal data with service providers outside the EU, mainly US.
  6. THIS LEADS TO THE CONCLUSION THAT THE EU IS LOSING ITS CITIZENS TO THE US et.alt.

 

PROPOSAL - Establishing national managed Identity Federations (EU-28) in order to

 

  1. increase online security
  2. enable data protection and control by the citizens
  3. facilitate portability from one to another account enabling „right to forget“
  4. transferring the offline ID-Behavior-model to digital life by
  5. connecting the „legally valid-ID = eID of country“, „proofed-ID“, „self-claimed-ID“ and the „anonymous-ID“ with ONE digital „CITIZEN- USERNAME“.
  6. Strengthening authentication in common by 2 & multi-factors using the phone and its possibilities generating or beeing this second-factor 

 

 

Tags: 
data protectionportabilitysecurity

Comments

Log in to post comments
Adam WATSON BROWN's picture
Adam WATSON BROWN,
06/05/2015 17:35

Potentially there is a vast opportunity for authentication. I already have the Google authenticator app on my phone and I think such services could ultimately do away with cumbersome 2-step authorisation systems based on SMS.

I'm uneasy with the view that these services should be provided on a national basis as this will once again Balkanise the market; but maybe I'm being too pessimistic and the federation idea briefly mentioned above would solve that problem. Read the PDF and comment.

Total votes: 0
Heinrich Mautner Markhof's picture
Heinrich Mautne...,
10/05/2015 13:23

there are dozens of authentication-methods, that should normaly rely on certain security standards. Google authenticator is certainly using a method that is standardized - but offered by Google. This is the point that the EU has to look at. In StarTrust more than 10 standardized and globally accepted authentication methods are implemented and serviced by a national /EU trusted service. The advantage in it ist, that citizens trust more in national services than in services offerd by the big players. The EU is best advised when considering EU-28-national serviced authentication as a service and not to handover credential-services to outside of EUrope....

Total votes: 1