An eID should not be linked exclusively to an identity card.

February 8, 2013

Many countries that have an electronic identity (eID) system attach the eID chip to a classical identity card. From a historical perspective this is a natural approach (eIDs have evolved from the electronic or biometric passports). However, as a consequence, people can only own at most a single eID, and a significant group of citizens are excluded from owning an eID at all. This severely affects the coverage and inclusiveness of eID applications, and even prevents the implementation of certain types of eID applications.

There are essentially three problems.

First of all, many applications of eID should not be limited to only citizens of a country (which are typically the only people that are entitled to an identity card from that country). For example, in Germany one can electronically file a change of address at a municipality using an eID. In the Netherlands, we are considering to make it possible to transfer ownership of a car electronically, also using eID. Both services should also be accessible to foreigners without a residence permit, for example.

A single eID card to which all your electronic identities, from many different contexts, are bound poses a security and usability risk. If you lose your single eID card, you have lost access to all your electronic services and accounts. Moreover, for certain uses and professions, it is important to be able to separate context strictly, by using different cards for different contexts. For example, some eID systems also include the possibility to sign documents in a legally binding fashion. The signature of a notary is highly valuable. It should not be possible to mix a notary signature for private use by accident. Using separate cards for both contexts prevents this.

Thirdly, business may want to use the eID infrastructure to provide identity and access management within their organisation, both for accessing IT services, but also for protecting access to their premises. To reduce the risk that such cards are stolen or tampered with, these businesses may want to prevent the use of the business eID card in a private context. (They may even want to set up a completely independent eID ecosystem based on the same technology, but under their own control.)

By binding an eID system to a physical identity card, people are restricted to own only a single eID, and certain people are excluded from the system. As explained above, this has several drawbacks. Future eID systems should therefore not exclusively link the eID chip to an identity card, and also allow that eID chips are embedded on other cards. The architecture of these eID systems must support this.

In case you spot any errors on this page, please notify me!
Or, leave a comment.
Attribute based credentials and digital signatures on a single eID | Jaap-Henk Hoepman - on security, privacy and…
, 2013-03-05 12:54:32

[…] the context separation that was so carefully established using the attribute based credentials. As explained before, the signature of a notary is highly valuable, and it should not be possible to mix a notary […]