130408 digital e-identity europe innopay douwe lycklama ips final

tomorrow’s transactions today

Single European Identity AreaCan We Achieve A Single European Identity Area?

Douwe Lycklama – London April 8, 2012


Douwe Lycklama, Partner @ Innopay

• EE (engineering TU Delft, 1990)• Consumer electronics background (Philips)• Innopay since 2002: payments, e-identity, e-

invoicing• Passion for consulting and product development

− Complex intangible products/services− Collaborative innovations

• “Make this world a (little) better place ,with better services”

• Co-founder and strategist of the NL E-identity framework eHerkenning

• Member of SSEDIC

• Only just begun …


Agenda

1. What is e-identity?

2. How is e-identity doing today?

3. The European way forward


E-identity defined in daily useWhat is e-identity?


Identity is all around us


First some Lingo….

• Users: consumer or a person acting on behalf of a business or government

• Relying party: A party that want to know who is ‘knocking on his door’

• E-identity: An electronic identity describes a subject (person, organisation or system) via its properties (attributes), in the online/mobile world, in a consistent and verifiable way

• Identification: Identification is the process where a user makes himself known to the relying party in order establish a connection or to gain access to the system/website/web service etc.

• Authentication: The process of making sure that an identified person or entity is indeed ‘the person who he says he is’


Identity use: Trust, Compliance & Convenience

Trust Compliance Convenience


Internet = customer not present


E-identity credentials exist in many forms


Why e-identity? User Relying party

Higher trust Know who you are dealing with

Compliance Obey the law

Easy of use Be recognised & better services

Better conversion & less costs

Value drivers of e-identity


What makes a good service proposition?

Source: Prof. Betty Collis, 1993

Profit Pleasure Practicability


E.g. mobile telephony?

Benefit Realised?

Profit More efficiency in society, low cost

Pleasure Use everywhere, more contact, social interaction, global reach

Practicability Similar to ‘old telephony’, extend old habits


E.g. online banking?

Promise Realised?

Profit More efficiency in society, no paper

Pleasure Use everywhere, global reach

Practicability New habits needed because of security


Along the 3PsHow is e-identity doing?


How does e-identity score on the 3Ps?

Promise Realised?

Profit Cost saving in business processes

Better service quality

Pleasure Use everywhere, seamless working

Practicability Ease of use, easy to on board


More specific for e-identity

Promise Key issue to be solved

Benefits (Profit) 1. Cost saving in business processes

2. Better service quality

Huge untapped potential due to low penetration, still many paper processes, lack of awareness

Functionality (Pleasure)

3. Reach for both users and relying party

Fragmented solutions, silo thinking

Ease of use (Practicability)

4. Limited barriers to on board and to use

Many sign up processes, too easy means unsecure


Key issue 1 and 2: cost and quality

• Cost saving: less paper, more straight through− Sign up − Log in − Digital contracting

• Better quality: ease of use for customer− Mobile: less typing small screens− Recognise returning customers, profiling

• Government policies geared toward digital services. Governments can enforce ‘adoption’ by killer apps (tax, permits, subsidies)

• Awareness in business relatively low, except in e-commerce sector

Huge market potential


Authentication

Citizen

Company

Government Company

Government

‘Mandate’

Key issue 3: the current market is full of silos

Fragmented

solutions


Key issue 3: large number of passwords

• As a result customer are put up with large numbers of credentials


1st generation e-identity: direct model

User (Person,Entity)

Relying party(Business, Government)

Provide Identity


2nd generation e-identity: platform

Identity platformIdentity platform

User (Person,Entity)


Identity platform

Provide Identity

User name / password

Outsource

EID function


Key issue 4: ease of use

• Ease of use is a trade off with security− Avoid lengthy sign up processes− Security should be managed adequately


Single European Identity Area?The European way forward


The key to EID success is

Interoperability

(…or the whole planet will have to sit with one provider)


The same key as to other two sided markets

paymentsinvoicingtelecom

…


Why interoperability? Remember 3P’s

• Users: want to identify themselves with as much as possible relying parties− Want less passwords− Harmonised user experienceÞ Maximise ease of use, minimise hassle

• Relying parties: want to identify as much as possible users− Want lower costs− Maximum audienceÞ Minimise cost, maximise usage / sales / conversion


Interoperability in a fragmented market implies cooperation

between

competing parties


Cooperation on

Business, functionality, infrastructure


Europe’s blueprint


3rd generation e-identity: Trust Framework

Authentication Router

Authentication RouterAuthentication

Provider

Authentication Provider

User (Person, Entity)




Provide Identity

Real-time Routing

Authenticate Network Access

Identity issuer Identity router


Remember payments ?


Authentication RouterAuthentication

Provider


Buyer Merchant

Issuer Acquirer


Trust Frameworks: a few defined around across the globe • Open Identity Exchange (OIX)

− Different Trust Frameworks for different contexts − The U.S. Government ICAM Trust Framework, The Telcom Data Trust Framework, Respect Trust

Framework− A Trust Framework is a certification program that enables a party who accepts a digital identity

credential (called the relying party) to trust the identity, security, and privacy policies of the party who issues the credential (called the identity service provider) and vice versa.

• bankID− One Trust Framework developed by several large Nordic Banks− BankID is the leading electronic identification in Sweden, and is used for multiple context− Nine issuing banks, just banks…

• eHerkenning − One single trust framework for multiple contexts − A Trust Framework is a coherent set of agreements in order to facilitate a digital identity ecosystem

which is operational in order to collaboratively create trust, security and privacy to serve end users in the market.

• Key differentiators− OIX uses different Trust Frameworks for different contexts, bankID is just offered by banks− eHerkenning is one e-identity Trust Framework for every context


More initiatives

• UK Identity assurance program

• USA: NSTIC

• STORK: EU interoperability of ID tokens

• Standardisation: SAML, XACML, ISO, …

• EU regulation


Key points of EU proposed regulation

• Aimed at cross border acceptance of government e-identity tokens for government services

• Digital signature (repair earlier 1999 directive), electronic seals and time stamping

• Countries can register their e-identity token in Brussel => all EU27 countries have to accept the token

• The registering country has to:− accept liability in return− offer free on-line access for relying parties to the tokens

• This seems to incentivise countries to issue high assurance level EID’s and register them with EU


Reflection on EU proposed regulation

• Which problem are we solving? Only the governments as relying party or the European society at large?

− Marrying, medical, tendering, incorporation, studying: how often does this happen in a persons or companies life? Or as part of the whole economy?

• No business-to-business and business-to-consumer focus, therefore not addressing the fragmentation in the most relevant area’s.

• No common understanding of levels of assurance will hamper harmonisation. Relying parties will need to know what to trust and what not


Potential winners in the identity market

• Regulated industries: banks, governments, telco’s => all have an existing relation with the customer

• Social media players: Facebook, Google, LinkedIn

• Specialised (local) e-identity players


Huge challenge: business model

• Benefits for the relying party not aligned with cost of the user for the credentials and check

• Willingness to pay increases of time: as more services become available, it becomes more attractive to have an e-identity token

• Governments can drive adoption via exclusive and compulsory service (e.g. tax)

• Innovation still has to take place in this domain


Take away’s of this session

1. E-identity is the critical component for advancing online business, because it adds trust. Trust leads to more business. It is the ‘new money’

2. E-identity should be ‘right’ (3P!) for BOTH user and relying party, including the business model. That will push for ‘non silo’ and ‘multiple assurance levels’

3. Standardise part of today’s e-identity offerings in such a way that they become easier available for relying parties. Via separate gateways or as part of a trust framework. We can learn from the payment industry here!

4. Take the non-national view (first European, then global?)


Above all: think 3P!

Source: Prof. Betty Collis, 1993

Profit Pleasure Practicability


Thank you

Douwe Lycklama - [email protected]

For your attention

130408 digital e-identity europe innopay douwe lycklama ips final

Economy & Finance

identity use

electronic identity

innopay bv

identitywhy eidentity

door eidentity

eidentity credentials

eidentity score

douwe lycklama london