Upload
douwe-lycklama
View
245
Download
2
Tags:
Embed Size (px)
DESCRIPTION
Presentation on the future of e-identity in Europe
Citation preview
tomorrow’s transactions today
Single European Identity AreaCan We Achieve A Single European Identity Area?
Douwe Lycklama – London April 8, 2012
2 Toward a Single European Identity Area? Douwe Lycklama – 8 April 2012. © Innopay BV. All rights reserved.
3 Toward a Single European Identity Area? Douwe Lycklama – 8 April 2012. © Innopay BV. All rights reserved.
4 Toward a Single European Identity Area? Douwe Lycklama – 8 April 2012. © Innopay BV. All rights reserved.
Douwe Lycklama, Partner @ Innopay
• EE (engineering TU Delft, 1990)• Consumer electronics background (Philips)• Innopay since 2002: payments, e-identity, e-
invoicing• Passion for consulting and product development
− Complex intangible products/services− Collaborative innovations
• “Make this world a (little) better place ,with better services”
• Co-founder and strategist of the NL E-identity framework eHerkenning
• Member of SSEDIC
• Only just begun …
5 Toward a Single European Identity Area? Douwe Lycklama – 8 April 2012. © Innopay BV. All rights reserved.
Agenda
1. What is e-identity?
2. How is e-identity doing today?
3. The European way forward
tomorrow’s transactions today
E-identity defined in daily useWhat is e-identity?
7 Toward a Single European Identity Area? Douwe Lycklama – 8 April 2012. © Innopay BV. All rights reserved.
Identity is all around us
8 Toward a Single European Identity Area? Douwe Lycklama – 8 April 2012. © Innopay BV. All rights reserved.
First some Lingo….
• Users: consumer or a person acting on behalf of a business or government
• Relying party: A party that want to know who is ‘knocking on his door’
• E-identity: An electronic identity describes a subject (person, organisation or system) via its properties (attributes), in the online/mobile world, in a consistent and verifiable way
• Identification: Identification is the process where a user makes himself known to the relying party in order establish a connection or to gain access to the system/website/web service etc.
• Authentication: The process of making sure that an identified person or entity is indeed ‘the person who he says he is’
9 Toward a Single European Identity Area? Douwe Lycklama – 8 April 2012. © Innopay BV. All rights reserved.
Identity use: Trust, Compliance & Convenience
Trust Compliance Convenience
10 Toward a Single European Identity Area? Douwe Lycklama – 8 April 2012. © Innopay BV. All rights reserved.
Internet = customer not present
11 Toward a Single European Identity Area? Douwe Lycklama – 8 April 2012. © Innopay BV. All rights reserved.
E-identity credentials exist in many forms
12 Toward a Single European Identity Area? Douwe Lycklama – 8 April 2012. © Innopay BV. All rights reserved.
Why e-identity? User Relying party
Higher trust Know who you are dealing with
Compliance Obey the law
Easy of use Be recognised & better services
Better conversion & less costs
Value drivers of e-identity
13 Toward a Single European Identity Area? Douwe Lycklama – 8 April 2012. © Innopay BV. All rights reserved.
What makes a good service proposition?
Source: Prof. Betty Collis, 1993
Profit Pleasure Practicability
14 Toward a Single European Identity Area? Douwe Lycklama – 8 April 2012. © Innopay BV. All rights reserved.
E.g. mobile telephony?
Benefit Realised?
Profit More efficiency in society, low cost
Pleasure Use everywhere, more contact, social interaction, global reach
Practicability Similar to ‘old telephony’, extend old habits
15 Toward a Single European Identity Area? Douwe Lycklama – 8 April 2012. © Innopay BV. All rights reserved.
E.g. online banking?
Promise Realised?
Profit More efficiency in society, no paper
Pleasure Use everywhere, global reach
Practicability New habits needed because of security
tomorrow’s transactions today
Along the 3PsHow is e-identity doing?
17 Toward a Single European Identity Area? Douwe Lycklama – 8 April 2012. © Innopay BV. All rights reserved.
How does e-identity score on the 3Ps?
Promise Realised?
Profit Cost saving in business processes
Better service quality
Pleasure Use everywhere, seamless working
Practicability Ease of use, easy to on board
18 Toward a Single European Identity Area? Douwe Lycklama – 8 April 2012. © Innopay BV. All rights reserved.
More specific for e-identity
Promise Key issue to be solved
Benefits (Profit) 1. Cost saving in business processes
2. Better service quality
Huge untapped potential due to low penetration, still many paper processes, lack of awareness
Functionality (Pleasure)
3. Reach for both users and relying party
Fragmented solutions, silo thinking
Ease of use (Practicability)
4. Limited barriers to on board and to use
Many sign up processes, too easy means unsecure
19 Toward a Single European Identity Area? Douwe Lycklama – 8 April 2012. © Innopay BV. All rights reserved.
Key issue 1 and 2: cost and quality
• Cost saving: less paper, more straight through− Sign up − Log in − Digital contracting
• Better quality: ease of use for customer− Mobile: less typing small screens− Recognise returning customers, profiling
• Government policies geared toward digital services. Governments can enforce ‘adoption’ by killer apps (tax, permits, subsidies)
• Awareness in business relatively low, except in e-commerce sector
Huge market potential
20 Toward a Single European Identity Area? Douwe Lycklama – 8 April 2012. © Innopay BV. All rights reserved.
Authentication
Citizen
Company
Government Company
Government
‘Mandate’
Key issue 3: the current market is full of silos
Fragmented
solutions
21 Toward a Single European Identity Area? Douwe Lycklama – 8 April 2012. © Innopay BV. All rights reserved.
Key issue 3: large number of passwords
• As a result customer are put up with large numbers of credentials
22 Toward a Single European Identity Area? Douwe Lycklama – 8 April 2012. © Innopay BV. All rights reserved.
1st generation e-identity: direct model
User (Person,Entity)
Relying party(Business, Government)
Provide Identity
23 Toward a Single European Identity Area? Douwe Lycklama – 8 April 2012. © Innopay BV. All rights reserved.
2nd generation e-identity: platform
Identity platformIdentity platform
User (Person,Entity)
Relying party(Business, Government)
Identity platform
Provide Identity
User name / password
Outsource
EID function
24 Toward a Single European Identity Area? Douwe Lycklama – 8 April 2012. © Innopay BV. All rights reserved.
Key issue 4: ease of use
• Ease of use is a trade off with security− Avoid lengthy sign up processes− Security should be managed adequately
tomorrow’s transactions today
Single European Identity Area?The European way forward
26 Toward a Single European Identity Area? Douwe Lycklama – 8 April 2012. © Innopay BV. All rights reserved.
The key to EID success is
Interoperability
(…or the whole planet will have to sit with one provider)
27 Toward a Single European Identity Area? Douwe Lycklama – 8 April 2012. © Innopay BV. All rights reserved.
The same key as to other two sided markets
paymentsinvoicingtelecom
…
28 Toward a Single European Identity Area? Douwe Lycklama – 8 April 2012. © Innopay BV. All rights reserved.
Why interoperability? Remember 3P’s
• Users: want to identify themselves with as much as possible relying parties− Want less passwords− Harmonised user experienceÞ Maximise ease of use, minimise hassle
• Relying parties: want to identify as much as possible users− Want lower costs− Maximum audienceÞ Minimise cost, maximise usage / sales / conversion
29 Toward a Single European Identity Area? Douwe Lycklama – 8 April 2012. © Innopay BV. All rights reserved.
Interoperability in a fragmented market implies cooperation
between
competing parties
30 Toward a Single European Identity Area? Douwe Lycklama – 8 April 2012. © Innopay BV. All rights reserved.
Cooperation on
Business, functionality, infrastructure
31 Toward a Single European Identity Area? Douwe Lycklama – 8 April 2012. © Innopay BV. All rights reserved.
Europe’s blueprint
32 Toward a Single European Identity Area? Douwe Lycklama – 8 April 2012. © Innopay BV. All rights reserved.
3rd generation e-identity: Trust Framework
Authentication Router
Authentication RouterAuthentication
Provider
Authentication Provider
User (Person, Entity)
Relying party(Business, Government)
Authentication Provider
Authentication Router
Provide Identity
Real-time Routing
Authenticate Network Access
Identity issuer Identity router
33 Toward a Single European Identity Area? Douwe Lycklama – 8 April 2012. © Innopay BV. All rights reserved.
Remember payments ?
Authentication Router
Authentication RouterAuthentication
Provider
Authentication Provider
Buyer Merchant
Issuer Acquirer
34 Toward a Single European Identity Area? Douwe Lycklama – 8 April 2012. © Innopay BV. All rights reserved.
Trust Frameworks: a few defined around across the globe • Open Identity Exchange (OIX)
− Different Trust Frameworks for different contexts − The U.S. Government ICAM Trust Framework, The Telcom Data Trust Framework, Respect Trust
Framework− A Trust Framework is a certification program that enables a party who accepts a digital identity
credential (called the relying party) to trust the identity, security, and privacy policies of the party who issues the credential (called the identity service provider) and vice versa.
• bankID− One Trust Framework developed by several large Nordic Banks− BankID is the leading electronic identification in Sweden, and is used for multiple context− Nine issuing banks, just banks…
• eHerkenning − One single trust framework for multiple contexts − A Trust Framework is a coherent set of agreements in order to facilitate a digital identity ecosystem
which is operational in order to collaboratively create trust, security and privacy to serve end users in the market.
• Key differentiators− OIX uses different Trust Frameworks for different contexts, bankID is just offered by banks− eHerkenning is one e-identity Trust Framework for every context
35 Toward a Single European Identity Area? Douwe Lycklama – 8 April 2012. © Innopay BV. All rights reserved.
More initiatives
• UK Identity assurance program
• USA: NSTIC
• STORK: EU interoperability of ID tokens
• Standardisation: SAML, XACML, ISO, …
• EU regulation
36 Toward a Single European Identity Area? Douwe Lycklama – 8 April 2012. © Innopay BV. All rights reserved.
Key points of EU proposed regulation
• Aimed at cross border acceptance of government e-identity tokens for government services
• Digital signature (repair earlier 1999 directive), electronic seals and time stamping
• Countries can register their e-identity token in Brussel => all EU27 countries have to accept the token
• The registering country has to:− accept liability in return− offer free on-line access for relying parties to the tokens
• This seems to incentivise countries to issue high assurance level EID’s and register them with EU
37 Toward a Single European Identity Area? Douwe Lycklama – 8 April 2012. © Innopay BV. All rights reserved.
Reflection on EU proposed regulation
• Which problem are we solving? Only the governments as relying party or the European society at large?
− Marrying, medical, tendering, incorporation, studying: how often does this happen in a persons or companies life? Or as part of the whole economy?
• No business-to-business and business-to-consumer focus, therefore not addressing the fragmentation in the most relevant area’s.
• No common understanding of levels of assurance will hamper harmonisation. Relying parties will need to know what to trust and what not
38 Toward a Single European Identity Area? Douwe Lycklama – 8 April 2012. © Innopay BV. All rights reserved.
Potential winners in the identity market
• Regulated industries: banks, governments, telco’s => all have an existing relation with the customer
• Social media players: Facebook, Google, LinkedIn
• Specialised (local) e-identity players
39 Toward a Single European Identity Area? Douwe Lycklama – 8 April 2012. © Innopay BV. All rights reserved.
Huge challenge: business model
• Benefits for the relying party not aligned with cost of the user for the credentials and check
• Willingness to pay increases of time: as more services become available, it becomes more attractive to have an e-identity token
• Governments can drive adoption via exclusive and compulsory service (e.g. tax)
• Innovation still has to take place in this domain
40 Toward a Single European Identity Area? Douwe Lycklama – 8 April 2012. © Innopay BV. All rights reserved.
Take away’s of this session
1. E-identity is the critical component for advancing online business, because it adds trust. Trust leads to more business. It is the ‘new money’
2. E-identity should be ‘right’ (3P!) for BOTH user and relying party, including the business model. That will push for ‘non silo’ and ‘multiple assurance levels’
3. Standardise part of today’s e-identity offerings in such a way that they become easier available for relying parties. Via separate gateways or as part of a trust framework. We can learn from the payment industry here!
4. Take the non-national view (first European, then global?)
41 Toward a Single European Identity Area? Douwe Lycklama – 8 April 2012. © Innopay BV. All rights reserved.
Above all: think 3P!
Source: Prof. Betty Collis, 1993
Profit Pleasure Practicability