Chip to Cloud, day 2: My personal attribute hub

This is a talk by Annette Laube, from the University of Bern. It builds on Switzerland’s eID program, extending it for new uses. The idea of national eIDs is to provide electronic signatures, and to certify personal attributes taken from official documents like a passport. The SuisseID used in Switzerland is a tradtional one, in which the attributes are restricted to data present on ID documents, built on a national certificate authority and associated claim assertion service. However, there is a possibility to add claim asserion services, envisioned as coming from other government entities or other official entities.

The motivation of myIDP is to reduce the amount of redundant data that we have to enter in various sites, especially related ot e-government, which is error-prone and leads to many validation problems. In the SuisseID, the idea is to add another claim assertion service. With myIDP, users can save data entered on e-forms that have been accepted by a service provider, for reuse in other circumstances. The idea behind it is that information that has already been accepted somewhere is more likely to be correct. Interestingly, the user has access to the recorded attributes, and can decide to remove some that she doesn’t want to be recorded.

MyIDP can function as an attribute provider or as a claim proxy . As an attribute provider, a service provider requests an attribute, MyIDP then asks the user to confirm the use of a recorded attribute, and signs it before to return it. As a claim proxy, the service provider request comes with a claim list request. MyIDP then returns the signed attribute together with a claim list URI, from which the service provider can download information about where the information has previously been accepted as valid, and use this information to decide how trustworthy the attribute is.

This project sounds really good, because once again, we are movng from hard identity to soft identity, where data is not 100% trusted but nevertheless more trusted than data entered manually. And of course, this model is very nice because, the more it is used, the more trustworthy it gets. The quality of attributes grows as they are getting used, and this is an important property.

No Comments

Leave a Reply

Your email is never shared.Required fields are marked *