Anonymous credentials allow users to reveal certain properties (like their age, nationality, subscriptions) about themselves, without revealing their full name. Such credentials have obvious privacy advantages. For increased security and improved user experience, such credentials are ideally implemented on a smart card. Until recently, however, the complex cryptography involved has made this impossible. In this talk I will discuss recent results that show that efficient implementations of anonymous credentials on smart cards are now becoming possible, and I will discuss how this will stimulate the practical application of such credentials in several application domains, like e-government, e-health and the like.
The need for privacy-respecting use of unique identifiers in emerging European eID cards has been underlined by many. The emerging privacy-ABCs (Attribute-based Credentials) technologies have significant potential in this area. One of the goals of the European Project ABC4Trust is to provide a common unified architecture for privacy-ABCs that is independent of the specific technologies existing today (e.g. Idemix, U-Prove) and support the federation and interoperability between them. In this talk I will highlight the most relevant issues of the ABC4Trust architecture and how the project implements it and deploys it in actual production pilots.
The presentation will highlight that TAS3 as an architecture, with pair-wise pseudonymous design throughout, will not mandate as a technical requirement for operation any privacy compromise.
However, we are fully aware that users may supply voluntarily to applications (sometimes the apps even have need to know) privacy compromising information. This motivates the legal/audit/accountability (trustworthiness) aspect of TAS3. Given that PII is going to be given to apps by users, there has to be a credible framework in place to ensure it is handled responsibly and Service Providers are held accountable for handling it so.
The STORK Large Scale Pilot brought eighteen EU and EEA Member States together to implement an interoperability solution on top of their national eID initiatives. The solution has been tested between in 2010 and 2011 in six cross-border pilots. The presentation will describe the technical solution and will discuss lessons learned from its deployment in production systems. Particular attention will be given to privacy aspects. The presentation will describe what privacy measures have been implemented by STORK and will summarize the recommendations that the Article 29 Data Protection Working Party has given on that.
SAML, the OASIS WS* and PKI are all familiar tools for privacy (and security) respecting eID Management. This short presentation will trace the technology paths taken in varous initiatives in Australasia, and what the future may hold