Electronic Identity cards (eIDs) are usually smart cards issued by government authorities to citizens. One of their key applications is to secure interaction with remote services on the web. The three key functionalities of eID cards, often referred to as IAS, are:
Currently, several countries
issue or plan to issue eID cards to their
citizens. While there is a common consensus on the need for
both, regional (e.g. European) and world-wide interoperability, the
currently issued cards differ from country to country and software
solutions have purely national scope. Even in the future,
when regional standardization will take effect, on a world-wide basis
there are likely to be multiple different types of eID cards.
The InteropEID Working Group attempts to find software solutions that work with a majority of the eID cards in circulation world-wide. The group is interested in both, client and server components and attempts to cater to all potential platforms ranging from various desktop operating systems to hand held computing platforms. Its effort is complementary to the ongoing eID standardization efforts at European and global level.
InteropEID is an informal community of people who are active in the eID domain and share this common vision. To achieve its objective, the InteropEID community closely collaborates with the existing forums for coordination in the eID domain, in particular the Porvoo Group (see Porvoo7 Resolution and Porvoo 7 Presentation, Porvoo 8 presentation)as well as the Global Collaboration Forum for interoperable eID (EU, Japan, US, Global Platform). It also interacts with policy makers such as the European Commission (see e.g., IDABC 2005 presentation and proceedings), and with European projects such as Modinis-IDM (second Modinis-IDM workshop) and FIDIS. The eID working group of the e-Forum provides a forum for some of the collaboaration.
The InteropEID Working Group plans to provide at least the following deliverables:
The working group sees the possibility of multiple implementations of interoperable software solutions provided by different stakeholders including national governments, international consortia, vendors of operating systems, and the open source community. Different implementations can co-exist and we expect that it will be common practice to combine components from different sources in a single installation. For example, a commercial web browser or e-mail client can access eID services through open source middleware, possibly certified and distributed by the national government.
A key enabling factor for the creation and evolution of interoperable solutions is the public availability of the necessary technical specification to access the eID cards. Restricting access to this technical information is a major impediment to the international collaboration needed to create interoperable solutions.
For the current technical implementation of a first interoperable solutions, the InteropEID community works closely (and overlaps significantly) with the open source/free software community. Most significantly, client-side software is strongly based on OpenSC and other related projects such as OpenSignature; server-side software is based on Apache (including functionality provided by OpenSSL) and OpenPortalGuard. Note that some of the reused free software is the official government solution (see for example Belgian client and server solution).
While we are neutral in respect of implementation options, we believe that open source has significant advantages particularly for low-level middleware. Here, open source/free software was not primarily chosen to reduce cost through the reuse of existing software; much rather, we believe that its organizational model is uniquely suited for international collaboration in the interoperability domain. In particular, benefits are the lack of formal agreements, and the preservation of full national autonomy (e.g. for trusted distributions), and that no coordinating central organization is required. Further, the approach avoids the excessive combinatorial complexity of developing software and evaluating trust for the significant number of platforms.
All stakeholders and other interested parties are welcome to participate at various levels of involvement in this community effort. There are different ways of collaboration including the following:
The main meeting place for the community is currently the interopEID mailing list. The list's web page lets you browse the archive and allows you to subscribe (add your email in the section Iscrizione a InteropEID and chose a password that you type twice, press the Sottoscrivi button). Apologies that the web interface is currently in Italian--we will change to English shortly. For assistance or questions, please don't hesitate to contact Bud Bruegger (bud@comune.grosseto.it)
The best way of contacting the community is the mailing list (subscription required, see How to Participate above) or write e-mail to one of the following persons: