Open Source Identity Management: eID Cards’ Spec Finally disclosed!
In Europe, Italy is one of the forerunners of smartcard deployment and not surprisingly, it has a long-standing history of eID cards and a noteworthy rollout. Together with Spain it is the first big European country to ready to start the general roll-out of eID cards to all citizens.
The “e” in eIDs is really only as good as the services that the card provides access to–without services, an eID card is nothing but a piece of plastic (with a chip). To enable a card to use services requires software, namely something called middleware that interfaces the web browser to the smartcard. Maximizing service access and thus the value perception by citizens, means to “eID-enable” as many environments and applications as possible.
What will seem natural to most Open Source people out there, but often less so to government organizations, is that a single organization cannot easily support all desirable/necessary cases very easily–this is a simple conseguence of the ever increasing scarcity of resources.
Applied to eIDs, most governments provide eID middleware for the “major platforms” which can range from only Windows to a maximum of Windows, Mac OS X, and Linux on Intel. Do you want to access an eID-protected service from your mobile device running Symbian, or from some embedded device that runs Linux on a Strong ARM processor, or even only from Linux on PowerPC?–well, don’t count on governments to help you out any time soon.
So a key factor to using eIDs ubiquitously, and thus create value to citizens, is to enable third, non-government parties to develop and distribute middleware where it is missing. Unfortunately, this is not possible in every European country. While some national eID projects have published their technical specs from the very beginning, others have treated them as confidential and thus prohibited third parties from filling in the gaps. Considering that ID documents are related to “national security” and that government decision makers more often come from a legal than a technical background, this is not as surprising as it may first seem to computer security experts.
In view of the significant negative consequences of unnecessary confidentiality, it is very nice to observe that decisions can indeed change! Italy was one of the European countries who considered the spec of their eIDs confidential. This has in the past prohibited the support of Italian eIDs on non-Windows platforms. Also, the current middleware [that is part of the pilot project and may be replaced for the general roll out] does not play well with Mozilla Firefox (even on Windows). Thankfully, all these are now restrictions of the past since the full spec was indeed published yesterday. I believe that this is the merit of many unnamed people, acting behind the scenes, who used many ways and various opportunities, invested an enormous amount of personal energy, to drop by drop hollow the stone and remove the rocky mountain that blocked the way to freedom. This is the moment for gratitude and for encouraging others with the message that it is not easy, but it is possible and at times it succeeds.
So what will the gained freedom bring us and the citizens who have an Italian eID in their pockets? Here is my take on predicting the future: In a relatively short time, support for the Italian eID card will be added to OpenSC that already supports most other European eIDs and the American PIV. This will provide multi-platform middleware for use by Firefox browers, Virtual Private Networks, Secure Shell, Linux logon, and other applications. Also, commercial players will more easily be able to provide out-of-the-box eID-support in their operating systems or on their devices (such as set top boxes).
I hope that this foreseeable positive development will become a visible experience that demonstrates the benefits of openness and influence those countries who still keep their specs confidential: The community can amplify resources and thus achieve what a single player (in eIDs mostly a government) simply cannot even hope to do. So let us work on making this a reality, let the community provide significant help in making eIDs a success, and from time to time let us remind people that it is openness that made this all possible.