Yesterday, Friday 13th July 2007, I attended a workshop "
Biometrics and eCards".
My main interesst was the "eCard API" which is currently standardized in Germany. This API is intendet to standardize the access of applications to the cards issued by the German government. My first impression of the eCard API was that it is quite (!) complex. Building a complying smartcard, reader and dll/jar/so looks challenging.
Several participants from the industry complaint that the standardization process is not open enough, to late and that the dead-lines are too short. My impression was that everybody exept delegates from the
BMI and
BSI seemed to agree.
Why am I blogging about this here? Because I was happy to learn that Identity Management and Privacy could be found everywhere. It was certainly not the main focus of many talks but CardSpace and SAML and WS-* etc popped up here and there and people I talked to during the breaks all had profound knowledge of this.
This gave me the thought that current and future projects envolving smartcards are not doomed from the beginning.
Germany was one of the first countries to have laws regarding electronic/digital signatures, but all projects (e.g.
e-Vergabe) trying to utilize this and/or to make money from it (eCommerce/eGovernment) currently live in the dark and remote parts of public attention and economic success. By which I don't want to say that this projects are not necessary. They are important projects but people and companies are reluctant to use them until they are forced to by law.
One new project I found especially interessting. Mr. Thomas Biere (BSI) gave a talk about "
Bürgerportale" (citizen portal). One of the functions of the portal is that of a identity/attribute/claims provider. The federal government plans to have these portals be operated by private companies which are certified by the government. Interessting. Mr. Biere said, that they are talking to major ISPs about this.
I am curious how this will work out in the end. Will the Id/STS primarily issuing the claims _it_ knows about a subject or will the main focus be on the usage of government issued/asserted claims. Id/STS interoperability is planned to be left to the operators... Interoperabilty to the portals of germany's states is an open issue too. Integration of emerging other solutions like openElster are open too.
There is a lot of work to do to make the identity revolution happen ;-)
But we will certainly by part of it. (Hm. Don't interprete this post too much in term s of what subsidiaries of Deutsche Telekom will do. These posts are _my_ posts)
