Steeds meer winkels accepteren geen contant geld meer. Pinnen moet – in plaats van pinnen mag. Als reden wordt het voorkomen van overvallen genoemd. Maar mag het wel: contant geld weigeren? En wat nu als je nergens meer contant kunt betalen? Dat heeft gevolgen voor de privacy, en de betrouwbaarheid van de samenleving.
In our IRMA project we are implementing attribute based credentials on a smart card. In fact, we are developing a proof of concept for the Dutch Ministry of the Interior, to show that this technology can, in principle, be embedded on a national identity card to support eID functionality. One important other application of eID’s are digital signatures. The use of smart cards (combined with secure terminals) allow the generation of so called qualified digital signatures as specified in the law. How should these two applications be combined on one smart identity card?
Technically it is feasible to provide privacy friendly identity management, for example by using attribute based credentials (ABCs). We are currently demonstrating their applicability in practice, even on smart cards, in the IRMA (I Reveal My Attributes) project. However, the use of ABCs in the real world is still very limited. One of the factors is the lack of a business case that supports the (substantial) cost of establishing an identity management infrastructure. In this (rather long) post I will sketch the issues, and indicate certain ways in which I think money can be made in an identity management infrastructure. The analysis is sketchy, primarily because I am not an economist. I would love a discussion on this topic, to advance the ideas in this post further.