SlideShare a Scribd company logo

OpenSC: eID interoperability through open source software

Martin Paljak
Martin Paljak
Technology
1 of 55
Download to read offline
eID interoperability through open source software Martin Paljak OpenSC Project www.opensc-project.org
Quick background check • Dealing with Estonian eID (1st generation) since 2003 • Involved with OpenID (“OpenID for Estonians, OpenID.ee”) • Open source security/crypto/smart cards/identity software • Maintainer/lead developer of OpenSC Project since 2010 • All opinions expressed are my own
Agenda • What is OpenSC • Problems observed from earth • Why open source matters • How OpenSC can help
OpenSC
OpenSC • Open source software (middleware) for cryptographic smart cards • Developed by independent team of international volunteers
OpenSC • Open source software (middleware) for cryptographic smart cards • Developed by independent team of international volunteers • Provides standard interfaces for software developers and applications to access cryptographic capabilities of smart cards • Standards are published or defined by market
OpenSC • Open source software (middleware) for cryptographic smart cards • Developed by independent team of international volunteers • Provides standard interfaces for software developers and applications to access cryptographic capabilities of smart cards • Standards are published or defined by market • Cross platform (Windows, Mac OS X, Linux/Unix) • PKCS#11, CryptoAPI (minidriver), Tokend/CDSA
OpenSC • Open source software (middleware) for cryptographic smart cards • Developed by independent team of international volunteers • Provides standard interfaces for software developers and applications to access cryptographic capabilities of smart cards • Standards are published or defined by market • Cross platform (Windows, Mac OS X, Linux/Unix) • PKCS#11, CryptoAPI (minidriver), Tokend/CDSA • PKCS#15 (ISO7816-15, IAS-ECC, PIV, EstEID, ...) • Card personalization tools
OpenSC • Open source software (middleware) for cryptographic smart cards • Developed by independent team of international volunteers • Provides standard interfaces for software developers and applications to access cryptographic capabilities of smart cards • Standards are published or defined by market • Cross platform (Windows, Mac OS X, Linux/Unix) • PKCS#11, CryptoAPI (minidriver), Tokend/CDSA • PKCS#15 (ISO7816-15, IAS-ECC, PIV, EstEID, ...) • Card personalization tools • “OpenSC has become the defacto open source smartcard provider”
OpenSC enables applications!
OpenSC enables applications! • Firefox - HTTPS authentication • Thunderbird - S/MIME signatures and encryption • Google Chrome - HTTPS authentication • E-voting - vote signing and authentication • OpenSSH - authentication • Safari - HTTPS authentication • Mail.app - S/MIME signatures and encryption • Outlook - S/MIME signatures and encryption • Open(Libre)Office - digital signatures • Internet Explorer - HTTPS authentication • Adobe Acrobat - digital signatures • OpenVPN - authentication • Putty - authentication • WinSCP - authentication
Real life applications, right now.
OpenSC supports* • Estonian eID • Finnish eID • Spanish eID* • Belgian eID • Portuguese eID • Italian eID • IAS-ECC* • PIV/CAC • Latvian eID* * - work in progress or other but-s or limitations
Problems with eID software projects • Initiation & execution • Trust • Sustainability • Interoperability • Innovation
Regulators endorse execution, incl. open source.
Initiation & execution
Initiation & execution • Reduced platform availability
Initiation & execution • Reduced platform availability • Linux (read: non-Windows)
Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga.
Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga. • Licensing (OpenSC LGPL)
Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga. • Licensing (OpenSC LGPL) • Belgium
Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga. • Licensing (OpenSC LGPL) • Belgium • Spain
Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga. • Licensing (OpenSC LGPL) • Belgium • Spain • Portugal
Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga. • Licensing (OpenSC LGPL) • Belgium • Spain • Portugal • Latvia
Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga. • Licensing (OpenSC LGPL) • Belgium • Spain • Portugal • Latvia • Commercial vs public interest. Cost
Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga. • Licensing (OpenSC LGPL) • Belgium • Spain • Portugal • Latvia • Commercial vs public interest. Cost • Client software is complex and interweaved. Cost
Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga. • Licensing (OpenSC LGPL) • Belgium • Spain • Portugal • Latvia • Commercial vs public interest. Cost • Client software is complex and interweaved. Cost • Keeping up with software changes is challenging
Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga. • Licensing (OpenSC LGPL) • Belgium • Spain • Portugal • Latvia • Commercial vs public interest. Cost • Client software is complex and interweaved. Cost • Keeping up with software changes is challenging • 1st iteration tends to “fail”
Trust
Trust • STOP ABUSING THIS WORD!
Trust • STOP ABUSING THIS WORD! • Opaque systems call for tinfoil hats
Trust • STOP ABUSING THIS WORD! • Opaque systems call for tinfoil hats • “How do I know that the software does not sign a transaction for 10000€?”
Trust • STOP ABUSING THIS WORD! • Opaque systems call for tinfoil hats • “How do I know that the software does not sign a transaction for 10000€?” • Trust is essential for successful widespread adoption
Trust • STOP ABUSING THIS WORD! • Opaque systems call for tinfoil hats • “How do I know that the software does not sign a transaction for 10000€?” • Trust is essential for successful widespread adoption • Does not always mean “cryptographically assured”
Trust • STOP ABUSING THIS WORD! • Opaque systems call for tinfoil hats • “How do I know that the software does not sign a transaction for 10000€?” • Trust is essential for successful widespread adoption • Does not always mean “cryptographically assured” • Who will be the first to publish on-card application?
Trust • STOP ABUSING THIS WORD! • Opaque systems call for tinfoil hats • “How do I know that the software does not sign a transaction for 10000€?” • Trust is essential for successful widespread adoption • Does not always mean “cryptographically assured” • Who will be the first to publish on-card application? • Ergo I’m no cloud believer
Sustainability Interoperability
Sustainability
Sustainability • Silos
Sustainability • Silos • 27x same mistakes? Probably.
Sustainability • Silos • 27x same mistakes? Probably. • eID is infrastructure. “Estache” (“Seto”) the Estonian Apache?
Sustainability • Silos • 27x same mistakes? Probably. • eID is infrastructure. “Estache” (“Seto”) the Estonian Apache? • University computer class = 27x “Elbonian card software”?
Sustainability • Silos • 27x same mistakes? Probably. • eID is infrastructure. “Estache” (“Seto”) the Estonian Apache? • University computer class = 27x “Elbonian card software”? • (PKI smart cards) eID is no CSS or HTML5
Sustainability • Silos • 27x same mistakes? Probably. • eID is infrastructure. “Estache” (“Seto”) the Estonian Apache? • University computer class = 27x “Elbonian card software”? • (PKI smart cards) eID is no CSS or HTML5 • Niche market, requires specific skills
Sustainability • Silos • 27x same mistakes? Probably. • eID is infrastructure. “Estache” (“Seto”) the Estonian Apache? • University computer class = 27x “Elbonian card software”? • (PKI smart cards) eID is no CSS or HTML5 • Niche market, requires specific skills • Cost
Sustainability • Silos • 27x same mistakes? Probably. • eID is infrastructure. “Estache” (“Seto”) the Estonian Apache? • University computer class = 27x “Elbonian card software”? • (PKI smart cards) eID is no CSS or HTML5 • Niche market, requires specific skills • Cost • A plant only grows if you water it
Innovation
Innovation • Commodity vs niche product • Easily available, interchangeable
Innovation • Commodity vs niche product • Easily available, interchangeable • P2P vs platform • SAML vs OpenID
Innovation • Commodity vs niche product • Easily available, interchangeable • P2P vs platform • SAML vs OpenID • eID must be ubiquitous to succeed • Make awkward uses easy to implement
Innovation • Commodity vs niche product • Easily available, interchangeable • P2P vs platform • SAML vs OpenID • eID must be ubiquitous to succeed • Make awkward uses easy to implement • Does open source lead the innovation or jog behind the cool guys?
Innovation • Commodity vs niche product • Easily available, interchangeable • P2P vs platform • SAML vs OpenID • eID must be ubiquitous to succeed • Make awkward uses easy to implement • Does open source lead the innovation or jog behind the cool guys? • Import vs export
Innovation • Commodity vs niche product • Easily available, interchangeable • P2P vs platform • SAML vs OpenID • eID must be ubiquitous to succeed • Make awkward uses easy to implement • Does open source lead the innovation or jog behind the cool guys? • Import vs export • Fibonacci innovation?
How can OpenSC help? • Grassroots community of specialists from different countries • Share knowledge and experiences • No politics. “Show me the solution that works” • Joint lobby group to collaborate with other (open source) projects • Make Firefox (close to 1/3 of the market) to fix their bugs • A reference implementation • Provide a common framework and platform for collaboration, interoperability and innovation
Thank you! Questions? opensc-project.org @MartinPaljak.net

Recommended

Monitoring Java Applications with Prometheus and Grafana
Monitoring Java Applications with Prometheus and GrafanaMonitoring Java Applications with Prometheus and Grafana
Monitoring Java Applications with Prometheus and Grafana
Justin Reock
 
infrastructure as code
infrastructure as codeinfrastructure as code
infrastructure as code
Amazon Web Services
 
Micro services Architecture
Micro services ArchitectureMicro services Architecture
Micro services Architecture
Araf Karsh Hamid
 
Application Performance Monitoring
Application Performance MonitoringApplication Performance Monitoring
Application Performance Monitoring
Olivier Gérardin
 
IBM API Connect - overview
IBM API Connect - overviewIBM API Connect - overview
IBM API Connect - overview
Ramy Bassem
 
Introduction to Docker - 2017
Introduction to Docker - 2017Introduction to Docker - 2017
Introduction to Docker - 2017
Docker, Inc.
 
DevOps: Infrastructure as Code
DevOps: Infrastructure as CodeDevOps: Infrastructure as Code
DevOps: Infrastructure as Code
Julio Aziz Flores Casab
 
IBM DataPower Gateway - Common Use Cases
IBM DataPower Gateway - Common Use CasesIBM DataPower Gateway - Common Use Cases
IBM DataPower Gateway - Common Use Cases
IBM DataPower Gateway
 

Recommended

Monitoring Java Applications with Prometheus and Grafana
Monitoring Java Applications with Prometheus and GrafanaMonitoring Java Applications with Prometheus and Grafana
Monitoring Java Applications with Prometheus and Grafana
Justin Reock
 
infrastructure as code
infrastructure as codeinfrastructure as code
infrastructure as code
Amazon Web Services
 
Micro services Architecture
Micro services ArchitectureMicro services Architecture
Micro services Architecture
Araf Karsh Hamid
 
Application Performance Monitoring
Application Performance MonitoringApplication Performance Monitoring
Application Performance Monitoring
Olivier Gérardin
 
IBM API Connect - overview
IBM API Connect - overviewIBM API Connect - overview
IBM API Connect - overview
Ramy Bassem
 
Introduction to Docker - 2017
Introduction to Docker - 2017Introduction to Docker - 2017
Introduction to Docker - 2017
Docker, Inc.
 
DevOps: Infrastructure as Code
DevOps: Infrastructure as CodeDevOps: Infrastructure as Code
DevOps: Infrastructure as Code
Julio Aziz Flores Casab
 
IBM DataPower Gateway - Common Use Cases
IBM DataPower Gateway - Common Use CasesIBM DataPower Gateway - Common Use Cases
IBM DataPower Gateway - Common Use Cases
IBM DataPower Gateway
 
What Is A Docker Container? | Docker Container Tutorial For Beginners| Docker...
What Is A Docker Container? | Docker Container Tutorial For Beginners| Docker...What Is A Docker Container? | Docker Container Tutorial For Beginners| Docker...
What Is A Docker Container? | Docker Container Tutorial For Beginners| Docker...
Simplilearn
 
Dynatrace
DynatraceDynatrace
Dynatrace
Purnima Kurella
 
Introduction to Microservices
Introduction to MicroservicesIntroduction to Microservices
Introduction to Microservices
Amazon Web Services
 
Apigee Demo: API Platform Overview
Apigee Demo: API Platform OverviewApigee Demo: API Platform Overview
Apigee Demo: API Platform Overview
Apigee | Google Cloud
 
Building Microservices with Apache Kafka
Building Microservices with Apache KafkaBuilding Microservices with Apache Kafka
Building Microservices with Apache Kafka
confluent
 
Crossplane @ Mastering GitOps.pdf
Crossplane @ Mastering GitOps.pdfCrossplane @ Mastering GitOps.pdf
Crossplane @ Mastering GitOps.pdf
QAware GmbH
 
Red Hat OpenShift Operators - Operators ABC
Red Hat OpenShift Operators - Operators ABCRed Hat OpenShift Operators - Operators ABC
Red Hat OpenShift Operators - Operators ABC
Robert Bohne
 
cilium-public.pdf
cilium-public.pdfcilium-public.pdf
cilium-public.pdf
Sanjeev Rampal
 
Elastic Cloud Enterprise @ Cisco
Elastic Cloud Enterprise @ CiscoElastic Cloud Enterprise @ Cisco
Elastic Cloud Enterprise @ Cisco
Elasticsearch
 
Monitoring and Resiliency Testing our Apache Kafka Clusters at Goldman Sachs ...
Monitoring and Resiliency Testing our Apache Kafka Clusters at Goldman Sachs ...Monitoring and Resiliency Testing our Apache Kafka Clusters at Goldman Sachs ...
Monitoring and Resiliency Testing our Apache Kafka Clusters at Goldman Sachs ...
HostedbyConfluent
 
IBM MQ vs Apache ActiveMQ
IBM MQ vs Apache ActiveMQIBM MQ vs Apache ActiveMQ
IBM MQ vs Apache ActiveMQ
Roman Kharkovski
 
Building Microservices with the 12 Factor App Pattern on AWS
Building Microservices with the 12 Factor App Pattern on AWSBuilding Microservices with the 12 Factor App Pattern on AWS
Building Microservices with the 12 Factor App Pattern on AWS
Amazon Web Services
 
Zero-Trust SASE DevSecOps
Zero-Trust SASE DevSecOpsZero-Trust SASE DevSecOps
Zero-Trust SASE DevSecOps
Araf Karsh Hamid
 
Apigee Edge Overview and Roadmap
Apigee Edge Overview and RoadmapApigee Edge Overview and Roadmap
Apigee Edge Overview and Roadmap
Apigee | Google Cloud
 
Top 10 Lessons Learned from the Netflix API - OSCON 2014
Top 10 Lessons Learned from the Netflix API - OSCON 2014Top 10 Lessons Learned from the Netflix API - OSCON 2014
Top 10 Lessons Learned from the Netflix API - OSCON 2014
Daniel Jacobson
 
Mobile application testing tutorial
Mobile application testing tutorialMobile application testing tutorial
Mobile application testing tutorial
Lokesh Agrawal
 
DevOps maturity models Knowit and DASA
DevOps maturity models Knowit and DASADevOps maturity models Knowit and DASA
DevOps maturity models Knowit and DASA
Kari Kakkonen
 
Introduction to Kubernetes
Introduction to KubernetesIntroduction to Kubernetes
Introduction to Kubernetes
rajdeep
 
Architecture: Microservices
Architecture: MicroservicesArchitecture: Microservices
Architecture: Microservices
Amazon Web Services
 
MeetUp Monitoring with Prometheus and Grafana (September 2018)
MeetUp Monitoring with Prometheus and Grafana (September 2018)MeetUp Monitoring with Prometheus and Grafana (September 2018)
MeetUp Monitoring with Prometheus and Grafana (September 2018)
Lucas Jellema
 
JavaCard development Quickstart
JavaCard development QuickstartJavaCard development Quickstart
JavaCard development Quickstart
Martin Paljak
 
OpenDNIe Hackfest
OpenDNIe HackfestOpenDNIe Hackfest
OpenDNIe Hackfest
Martin Paljak
 

More Related Content

What's hot

What Is A Docker Container? | Docker Container Tutorial For Beginners| Docker...
What Is A Docker Container? | Docker Container Tutorial For Beginners| Docker...What Is A Docker Container? | Docker Container Tutorial For Beginners| Docker...
What Is A Docker Container? | Docker Container Tutorial For Beginners| Docker...
Simplilearn
 
Crossplane @ Mastering GitOps.pdf
Crossplane @ Mastering GitOps.pdfCrossplane @ Mastering GitOps.pdf
Crossplane @ Mastering GitOps.pdf
QAware GmbH
 
Monitoring and Resiliency Testing our Apache Kafka Clusters at Goldman Sachs ...
Monitoring and Resiliency Testing our Apache Kafka Clusters at Goldman Sachs ...Monitoring and Resiliency Testing our Apache Kafka Clusters at Goldman Sachs ...
Monitoring and Resiliency Testing our Apache Kafka Clusters at Goldman Sachs ...
HostedbyConfluent
 
Building Microservices with the 12 Factor App Pattern on AWS
Building Microservices with the 12 Factor App Pattern on AWSBuilding Microservices with the 12 Factor App Pattern on AWS
Building Microservices with the 12 Factor App Pattern on AWS
Amazon Web Services
 
Top 10 Lessons Learned from the Netflix API - OSCON 2014
Top 10 Lessons Learned from the Netflix API - OSCON 2014Top 10 Lessons Learned from the Netflix API - OSCON 2014
Top 10 Lessons Learned from the Netflix API - OSCON 2014
Daniel Jacobson
 

What's hot (20)

What Is A Docker Container? | Docker Container Tutorial For Beginners| Docker...
What Is A Docker Container? | Docker Container Tutorial For Beginners| Docker...What Is A Docker Container? | Docker Container Tutorial For Beginners| Docker...
What Is A Docker Container? | Docker Container Tutorial For Beginners| Docker...
 
Dynatrace
DynatraceDynatrace
Dynatrace
 
Introduction to Microservices
Introduction to MicroservicesIntroduction to Microservices
Introduction to Microservices
 
Apigee Demo: API Platform Overview
Apigee Demo: API Platform OverviewApigee Demo: API Platform Overview
Apigee Demo: API Platform Overview
 
Building Microservices with Apache Kafka
Building Microservices with Apache KafkaBuilding Microservices with Apache Kafka
Building Microservices with Apache Kafka
 
Crossplane @ Mastering GitOps.pdf
Crossplane @ Mastering GitOps.pdfCrossplane @ Mastering GitOps.pdf
Crossplane @ Mastering GitOps.pdf
 
Red Hat OpenShift Operators - Operators ABC
Red Hat OpenShift Operators - Operators ABCRed Hat OpenShift Operators - Operators ABC
Red Hat OpenShift Operators - Operators ABC
 
cilium-public.pdf
cilium-public.pdfcilium-public.pdf
cilium-public.pdf
 
Elastic Cloud Enterprise @ Cisco
Elastic Cloud Enterprise @ CiscoElastic Cloud Enterprise @ Cisco
Elastic Cloud Enterprise @ Cisco
 
Monitoring and Resiliency Testing our Apache Kafka Clusters at Goldman Sachs ...
Monitoring and Resiliency Testing our Apache Kafka Clusters at Goldman Sachs ...Monitoring and Resiliency Testing our Apache Kafka Clusters at Goldman Sachs ...
Monitoring and Resiliency Testing our Apache Kafka Clusters at Goldman Sachs ...
 
IBM MQ vs Apache ActiveMQ
IBM MQ vs Apache ActiveMQIBM MQ vs Apache ActiveMQ
IBM MQ vs Apache ActiveMQ
 
Building Microservices with the 12 Factor App Pattern on AWS
Building Microservices with the 12 Factor App Pattern on AWSBuilding Microservices with the 12 Factor App Pattern on AWS
Building Microservices with the 12 Factor App Pattern on AWS
 
Zero-Trust SASE DevSecOps
Zero-Trust SASE DevSecOpsZero-Trust SASE DevSecOps
Zero-Trust SASE DevSecOps
 
Apigee Edge Overview and Roadmap
Apigee Edge Overview and RoadmapApigee Edge Overview and Roadmap
Apigee Edge Overview and Roadmap
 
Top 10 Lessons Learned from the Netflix API - OSCON 2014
Top 10 Lessons Learned from the Netflix API - OSCON 2014Top 10 Lessons Learned from the Netflix API - OSCON 2014
Top 10 Lessons Learned from the Netflix API - OSCON 2014
 
Mobile application testing tutorial
Mobile application testing tutorialMobile application testing tutorial
Mobile application testing tutorial
 
DevOps maturity models Knowit and DASA
DevOps maturity models Knowit and DASADevOps maturity models Knowit and DASA
DevOps maturity models Knowit and DASA
 
Introduction to Kubernetes
Introduction to KubernetesIntroduction to Kubernetes
Introduction to Kubernetes
 
Architecture: Microservices
Architecture: MicroservicesArchitecture: Microservices
Architecture: Microservices
 
MeetUp Monitoring with Prometheus and Grafana (September 2018)
MeetUp Monitoring with Prometheus and Grafana (September 2018)MeetUp Monitoring with Prometheus and Grafana (September 2018)
MeetUp Monitoring with Prometheus and Grafana (September 2018)
 

Viewers also liked

eSmartlock - an antipiracy dongle with integrated DRM functionalities
eSmartlock - an antipiracy dongle with integrated DRM functionalitieseSmartlock - an antipiracy dongle with integrated DRM functionalities
eSmartlock - an antipiracy dongle with integrated DRM functionalities
Yiannis Hatzopoulos
 

Viewers also liked (9)

JavaCard development Quickstart
JavaCard development QuickstartJavaCard development Quickstart
JavaCard development Quickstart
 
OpenDNIe Hackfest
OpenDNIe HackfestOpenDNIe Hackfest
OpenDNIe Hackfest
 
Codebits 2011
Codebits 2011Codebits 2011
Codebits 2011
 
Veebis allkirjastamine ID-kaardiga
Veebis allkirjastamine ID-kaardigaVeebis allkirjastamine ID-kaardiga
Veebis allkirjastamine ID-kaardiga
 
ID-kaardist 100%
ID-kaardist 100%ID-kaardist 100%
ID-kaardist 100%
 
Security applications with Java Card
Security applications with Java CardSecurity applications with Java Card
Security applications with Java Card
 
Javacardtech
JavacardtechJavacardtech
Javacardtech
 
eSmartlock - an antipiracy dongle with integrated DRM functionalities
eSmartlock - an antipiracy dongle with integrated DRM functionalitieseSmartlock - an antipiracy dongle with integrated DRM functionalities
eSmartlock - an antipiracy dongle with integrated DRM functionalities
 
eSmartlock a USB Javacard dongle with anti-piracy and DRM services
eSmartlock a USB Javacard dongle with anti-piracy and DRM serviceseSmartlock a USB Javacard dongle with anti-piracy and DRM services
eSmartlock a USB Javacard dongle with anti-piracy and DRM services
 

Similar to OpenSC: eID interoperability through open source software

No Delay Software Company Overview
No Delay Software Company OverviewNo Delay Software Company Overview
No Delay Software Company Overview
NoDelay Software
 
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud XiaoFruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao
Shakacon
 
михаил дударев
михаил дударевмихаил дударев
михаил дударев
apps4allru
 

Similar to OpenSC: eID interoperability through open source software (20)

No Delay Software Company Overview
No Delay Software Company OverviewNo Delay Software Company Overview
No Delay Software Company Overview
 
TypeScript - Javascript done right
TypeScript - Javascript done rightTypeScript - Javascript done right
TypeScript - Javascript done right
 
PyData Texas 2015 Keynote
PyData Texas 2015 KeynotePyData Texas 2015 Keynote
PyData Texas 2015 Keynote
 
Cybersecurity Roadmap for Beginners
Cybersecurity Roadmap for BeginnersCybersecurity Roadmap for Beginners
Cybersecurity Roadmap for Beginners
 
Єгор Попович, CTO @Tesseract, (Lviv, Ukraine) "Blockchain user: myth or reali...
Єгор Попович, CTO @Tesseract, (Lviv, Ukraine) "Blockchain user: myth or reali...Єгор Попович, CTO @Tesseract, (Lviv, Ukraine) "Blockchain user: myth or reali...
Єгор Попович, CTO @Tesseract, (Lviv, Ukraine) "Blockchain user: myth or reali...
 
The Internet of Things and You - A Developers Guide to IoT
The Internet of Things and You - A Developers Guide to IoTThe Internet of Things and You - A Developers Guide to IoT
The Internet of Things and You - A Developers Guide to IoT
 
OASIS: open source and open standards: internet of things
OASIS: open source and open standards: internet of thingsOASIS: open source and open standards: internet of things
OASIS: open source and open standards: internet of things
 
OASIS: How open source and open standards work together: the Internet of Things
OASIS: How open source and open standards work together: the Internet of ThingsOASIS: How open source and open standards work together: the Internet of Things
OASIS: How open source and open standards work together: the Internet of Things
 
Open Source and the Internet of Things
Open Source and the Internet of ThingsOpen Source and the Internet of Things
Open Source and the Internet of Things
 
Contributing to Open Source
Contributing to Open SourceContributing to Open Source
Contributing to Open Source
 
Internet of Things 101 - For software engineers
Internet of Things 101 - For software engineersInternet of Things 101 - For software engineers
Internet of Things 101 - For software engineers
 
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud XiaoFruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao
 
Elements of Connected Products
Elements of Connected ProductsElements of Connected Products
Elements of Connected Products
 
Building the Ultimate Device Matrix
Building the Ultimate Device MatrixBuilding the Ultimate Device Matrix
Building the Ultimate Device Matrix
 
SIGFOX Makers Tour - Madrid
SIGFOX Makers Tour - MadridSIGFOX Makers Tour - Madrid
SIGFOX Makers Tour - Madrid
 
михаил дударев
михаил дударевмихаил дударев
михаил дударев
 
Developing a NodeBot using Intel XDK IoT Edition
Developing a NodeBot using Intel XDK IoT EditionDeveloping a NodeBot using Intel XDK IoT Edition
Developing a NodeBot using Intel XDK IoT Edition
 
Null mumbai-iot-workshop
Null mumbai-iot-workshopNull mumbai-iot-workshop
Null mumbai-iot-workshop
 
Sundance's presentation at B:RAI 2020
Sundance's presentation at B:RAI 2020Sundance's presentation at B:RAI 2020
Sundance's presentation at B:RAI 2020
 
Embarcadero's Connected Development
Embarcadero's Connected DevelopmentEmbarcadero's Connected Development
Embarcadero's Connected Development
 

Recently uploaded

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 

Recently uploaded (20)

Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 

OpenSC: eID interoperability through open source software

  • 1. eID interoperability through open source software Martin Paljak OpenSC Project www.opensc-project.org
  • 2. Quick background check • Dealing with Estonian eID (1st generation) since 2003 • Involved with OpenID (“OpenID for Estonians, OpenID.ee”) • Open source security/crypto/smart cards/identity software • Maintainer/lead developer of OpenSC Project since 2010 • All opinions expressed are my own
  • 3. Agenda • What is OpenSC • Problems observed from earth • Why open source matters • How OpenSC can help
  • 5. OpenSC • Open source software (middleware) for cryptographic smart cards • Developed by independent team of international volunteers
  • 6. OpenSC • Open source software (middleware) for cryptographic smart cards • Developed by independent team of international volunteers • Provides standard interfaces for software developers and applications to access cryptographic capabilities of smart cards • Standards are published or defined by market
  • 7. OpenSC • Open source software (middleware) for cryptographic smart cards • Developed by independent team of international volunteers • Provides standard interfaces for software developers and applications to access cryptographic capabilities of smart cards • Standards are published or defined by market • Cross platform (Windows, Mac OS X, Linux/Unix) • PKCS#11, CryptoAPI (minidriver), Tokend/CDSA
  • 8. OpenSC • Open source software (middleware) for cryptographic smart cards • Developed by independent team of international volunteers • Provides standard interfaces for software developers and applications to access cryptographic capabilities of smart cards • Standards are published or defined by market • Cross platform (Windows, Mac OS X, Linux/Unix) • PKCS#11, CryptoAPI (minidriver), Tokend/CDSA • PKCS#15 (ISO7816-15, IAS-ECC, PIV, EstEID, ...) • Card personalization tools
  • 9. OpenSC • Open source software (middleware) for cryptographic smart cards • Developed by independent team of international volunteers • Provides standard interfaces for software developers and applications to access cryptographic capabilities of smart cards • Standards are published or defined by market • Cross platform (Windows, Mac OS X, Linux/Unix) • PKCS#11, CryptoAPI (minidriver), Tokend/CDSA • PKCS#15 (ISO7816-15, IAS-ECC, PIV, EstEID, ...) • Card personalization tools • “OpenSC has become the defacto open source smartcard provider”
  • 11. OpenSC enables applications! • Firefox - HTTPS authentication • Thunderbird - S/MIME signatures and encryption • Google Chrome - HTTPS authentication • E-voting - vote signing and authentication • OpenSSH - authentication • Safari - HTTPS authentication • Mail.app - S/MIME signatures and encryption • Outlook - S/MIME signatures and encryption • Open(Libre)Office - digital signatures • Internet Explorer - HTTPS authentication • Adobe Acrobat - digital signatures • OpenVPN - authentication • Putty - authentication • WinSCP - authentication
  • 13. OpenSC supports* • Estonian eID • Finnish eID • Spanish eID* • Belgian eID • Portuguese eID • Italian eID • IAS-ECC* • PIV/CAC • Latvian eID* * - work in progress or other but-s or limitations
  • 14. Problems with eID software projects • Initiation & execution • Trust • Sustainability • Interoperability • Innovation
  • 15. Regulators endorse execution, incl. open source.
  • 17. Initiation & execution • Reduced platform availability
  • 18. Initiation & execution • Reduced platform availability • Linux (read: non-Windows)
  • 19. Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga.
  • 20. Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga. • Licensing (OpenSC LGPL)
  • 21. Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga. • Licensing (OpenSC LGPL) • Belgium
  • 22. Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga. • Licensing (OpenSC LGPL) • Belgium • Spain
  • 23. Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga. • Licensing (OpenSC LGPL) • Belgium • Spain • Portugal
  • 24. Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga. • Licensing (OpenSC LGPL) • Belgium • Spain • Portugal • Latvia
  • 25. Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga. • Licensing (OpenSC LGPL) • Belgium • Spain • Portugal • Latvia • Commercial vs public interest. Cost
  • 26. Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga. • Licensing (OpenSC LGPL) • Belgium • Spain • Portugal • Latvia • Commercial vs public interest. Cost • Client software is complex and interweaved. Cost
  • 27. Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga. • Licensing (OpenSC LGPL) • Belgium • Spain • Portugal • Latvia • Commercial vs public interest. Cost • Client software is complex and interweaved. Cost • Keeping up with software changes is challenging
  • 28. Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga. • Licensing (OpenSC LGPL) • Belgium • Spain • Portugal • Latvia • Commercial vs public interest. Cost • Client software is complex and interweaved. Cost • Keeping up with software changes is challenging • 1st iteration tends to “fail”
  • 29. Trust
  • 31. Trust • STOP ABUSING THIS WORD! • Opaque systems call for tinfoil hats
  • 32. Trust • STOP ABUSING THIS WORD! • Opaque systems call for tinfoil hats • “How do I know that the software does not sign a transaction for 10000€?”
  • 33. Trust • STOP ABUSING THIS WORD! • Opaque systems call for tinfoil hats • “How do I know that the software does not sign a transaction for 10000€?” • Trust is essential for successful widespread adoption
  • 34. Trust • STOP ABUSING THIS WORD! • Opaque systems call for tinfoil hats • “How do I know that the software does not sign a transaction for 10000€?” • Trust is essential for successful widespread adoption • Does not always mean “cryptographically assured”
  • 35. Trust • STOP ABUSING THIS WORD! • Opaque systems call for tinfoil hats • “How do I know that the software does not sign a transaction for 10000€?” • Trust is essential for successful widespread adoption • Does not always mean “cryptographically assured” • Who will be the first to publish on-card application?
  • 36. Trust • STOP ABUSING THIS WORD! • Opaque systems call for tinfoil hats • “How do I know that the software does not sign a transaction for 10000€?” • Trust is essential for successful widespread adoption • Does not always mean “cryptographically assured” • Who will be the first to publish on-card application? • Ergo I’m no cloud believer
  • 37. Sustainability Interoperability
  • 40. Sustainability • Silos • 27x same mistakes? Probably.
  • 41. Sustainability • Silos • 27x same mistakes? Probably. • eID is infrastructure. “Estache” (“Seto”) the Estonian Apache?
  • 42. Sustainability • Silos • 27x same mistakes? Probably. • eID is infrastructure. “Estache” (“Seto”) the Estonian Apache? • University computer class = 27x “Elbonian card software”?
  • 43. Sustainability • Silos • 27x same mistakes? Probably. • eID is infrastructure. “Estache” (“Seto”) the Estonian Apache? • University computer class = 27x “Elbonian card software”? • (PKI smart cards) eID is no CSS or HTML5
  • 44. Sustainability • Silos • 27x same mistakes? Probably. • eID is infrastructure. “Estache” (“Seto”) the Estonian Apache? • University computer class = 27x “Elbonian card software”? • (PKI smart cards) eID is no CSS or HTML5 • Niche market, requires specific skills
  • 45. Sustainability • Silos • 27x same mistakes? Probably. • eID is infrastructure. “Estache” (“Seto”) the Estonian Apache? • University computer class = 27x “Elbonian card software”? • (PKI smart cards) eID is no CSS or HTML5 • Niche market, requires specific skills • Cost
  • 46. Sustainability • Silos • 27x same mistakes? Probably. • eID is infrastructure. “Estache” (“Seto”) the Estonian Apache? • University computer class = 27x “Elbonian card software”? • (PKI smart cards) eID is no CSS or HTML5 • Niche market, requires specific skills • Cost • A plant only grows if you water it
  • 48. Innovation • Commodity vs niche product • Easily available, interchangeable
  • 49. Innovation • Commodity vs niche product • Easily available, interchangeable • P2P vs platform • SAML vs OpenID
  • 50. Innovation • Commodity vs niche product • Easily available, interchangeable • P2P vs platform • SAML vs OpenID • eID must be ubiquitous to succeed • Make awkward uses easy to implement
  • 51. Innovation • Commodity vs niche product • Easily available, interchangeable • P2P vs platform • SAML vs OpenID • eID must be ubiquitous to succeed • Make awkward uses easy to implement • Does open source lead the innovation or jog behind the cool guys?
  • 52. Innovation • Commodity vs niche product • Easily available, interchangeable • P2P vs platform • SAML vs OpenID • eID must be ubiquitous to succeed • Make awkward uses easy to implement • Does open source lead the innovation or jog behind the cool guys? • Import vs export
  • 53. Innovation • Commodity vs niche product • Easily available, interchangeable • P2P vs platform • SAML vs OpenID • eID must be ubiquitous to succeed • Make awkward uses easy to implement • Does open source lead the innovation or jog behind the cool guys? • Import vs export • Fibonacci innovation?
  • 54. How can OpenSC help? • Grassroots community of specialists from different countries • Share knowledge and experiences • No politics. “Show me the solution that works” • Joint lobby group to collaborate with other (open source) projects • Make Firefox (close to 1/3 of the market) to fix their bugs • A reference implementation • Provide a common framework and platform for collaboration, interoperability and innovation
  • 55. Thank you! Questions? opensc-project.org @MartinPaljak.net