SlideShare a Scribd company logo

OpenSC: eID interoperability through open source software

Martin Paljak
Martin Paljak
Technology
1 of 55
Download to read offline
eID interoperability through open source software Martin Paljak OpenSC Project www.opensc-project.org
Quick background check • Dealing with Estonian eID (1st generation) since 2003 • Involved with OpenID (“OpenID for Estonians, OpenID.ee”) • Open source security/crypto/smart cards/identity software • Maintainer/lead developer of OpenSC Project since 2010 • All opinions expressed are my own
Agenda • What is OpenSC • Problems observed from earth • Why open source matters • How OpenSC can help
OpenSC
OpenSC • Open source software (middleware) for cryptographic smart cards • Developed by independent team of international volunteers
OpenSC • Open source software (middleware) for cryptographic smart cards • Developed by independent team of international volunteers • Provides standard interfaces for software developers and applications to access cryptographic capabilities of smart cards • Standards are published or defined by market
OpenSC • Open source software (middleware) for cryptographic smart cards • Developed by independent team of international volunteers • Provides standard interfaces for software developers and applications to access cryptographic capabilities of smart cards • Standards are published or defined by market • Cross platform (Windows, Mac OS X, Linux/Unix) • PKCS#11, CryptoAPI (minidriver), Tokend/CDSA
OpenSC • Open source software (middleware) for cryptographic smart cards • Developed by independent team of international volunteers • Provides standard interfaces for software developers and applications to access cryptographic capabilities of smart cards • Standards are published or defined by market • Cross platform (Windows, Mac OS X, Linux/Unix) • PKCS#11, CryptoAPI (minidriver), Tokend/CDSA • PKCS#15 (ISO7816-15, IAS-ECC, PIV, EstEID, ...) • Card personalization tools
OpenSC • Open source software (middleware) for cryptographic smart cards • Developed by independent team of international volunteers • Provides standard interfaces for software developers and applications to access cryptographic capabilities of smart cards • Standards are published or defined by market • Cross platform (Windows, Mac OS X, Linux/Unix) • PKCS#11, CryptoAPI (minidriver), Tokend/CDSA • PKCS#15 (ISO7816-15, IAS-ECC, PIV, EstEID, ...) • Card personalization tools • “OpenSC has become the defacto open source smartcard provider”
OpenSC enables applications!
OpenSC enables applications! • Firefox - HTTPS authentication • Thunderbird - S/MIME signatures and encryption • Google Chrome - HTTPS authentication • E-voting - vote signing and authentication • OpenSSH - authentication • Safari - HTTPS authentication • Mail.app - S/MIME signatures and encryption • Outlook - S/MIME signatures and encryption • Open(Libre)Office - digital signatures • Internet Explorer - HTTPS authentication • Adobe Acrobat - digital signatures • OpenVPN - authentication • Putty - authentication • WinSCP - authentication
Real life applications, right now.
OpenSC supports* • Estonian eID • Finnish eID • Spanish eID* • Belgian eID • Portuguese eID • Italian eID • IAS-ECC* • PIV/CAC • Latvian eID* * - work in progress or other but-s or limitations
Problems with eID software projects • Initiation & execution • Trust • Sustainability • Interoperability • Innovation
Regulators endorse execution, incl. open source.
Initiation & execution
Initiation & execution • Reduced platform availability
Initiation & execution • Reduced platform availability • Linux (read: non-Windows)
Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga.
Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga. • Licensing (OpenSC LGPL)
Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga. • Licensing (OpenSC LGPL) • Belgium
Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga. • Licensing (OpenSC LGPL) • Belgium • Spain
Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga. • Licensing (OpenSC LGPL) • Belgium • Spain • Portugal
Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga. • Licensing (OpenSC LGPL) • Belgium • Spain • Portugal • Latvia
Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga. • Licensing (OpenSC LGPL) • Belgium • Spain • Portugal • Latvia • Commercial vs public interest. Cost
Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga. • Licensing (OpenSC LGPL) • Belgium • Spain • Portugal • Latvia • Commercial vs public interest. Cost • Client software is complex and interweaved. Cost
Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga. • Licensing (OpenSC LGPL) • Belgium • Spain • Portugal • Latvia • Commercial vs public interest. Cost • Client software is complex and interweaved. Cost • Keeping up with software changes is challenging
Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga. • Licensing (OpenSC LGPL) • Belgium • Spain • Portugal • Latvia • Commercial vs public interest. Cost • Client software is complex and interweaved. Cost • Keeping up with software changes is challenging • 1st iteration tends to “fail”
Trust
Trust • STOP ABUSING THIS WORD!
Trust • STOP ABUSING THIS WORD! • Opaque systems call for tinfoil hats
Trust • STOP ABUSING THIS WORD! • Opaque systems call for tinfoil hats • “How do I know that the software does not sign a transaction for 10000€?”
Trust • STOP ABUSING THIS WORD! • Opaque systems call for tinfoil hats • “How do I know that the software does not sign a transaction for 10000€?” • Trust is essential for successful widespread adoption
Trust • STOP ABUSING THIS WORD! • Opaque systems call for tinfoil hats • “How do I know that the software does not sign a transaction for 10000€?” • Trust is essential for successful widespread adoption • Does not always mean “cryptographically assured”
Trust • STOP ABUSING THIS WORD! • Opaque systems call for tinfoil hats • “How do I know that the software does not sign a transaction for 10000€?” • Trust is essential for successful widespread adoption • Does not always mean “cryptographically assured” • Who will be the first to publish on-card application?
Trust • STOP ABUSING THIS WORD! • Opaque systems call for tinfoil hats • “How do I know that the software does not sign a transaction for 10000€?” • Trust is essential for successful widespread adoption • Does not always mean “cryptographically assured” • Who will be the first to publish on-card application? • Ergo I’m no cloud believer
Sustainability Interoperability
Sustainability
Sustainability • Silos
Sustainability • Silos • 27x same mistakes? Probably.
Sustainability • Silos • 27x same mistakes? Probably. • eID is infrastructure. “Estache” (“Seto”) the Estonian Apache?
Sustainability • Silos • 27x same mistakes? Probably. • eID is infrastructure. “Estache” (“Seto”) the Estonian Apache? • University computer class = 27x “Elbonian card software”?
Sustainability • Silos • 27x same mistakes? Probably. • eID is infrastructure. “Estache” (“Seto”) the Estonian Apache? • University computer class = 27x “Elbonian card software”? • (PKI smart cards) eID is no CSS or HTML5
Sustainability • Silos • 27x same mistakes? Probably. • eID is infrastructure. “Estache” (“Seto”) the Estonian Apache? • University computer class = 27x “Elbonian card software”? • (PKI smart cards) eID is no CSS or HTML5 • Niche market, requires specific skills
Sustainability • Silos • 27x same mistakes? Probably. • eID is infrastructure. “Estache” (“Seto”) the Estonian Apache? • University computer class = 27x “Elbonian card software”? • (PKI smart cards) eID is no CSS or HTML5 • Niche market, requires specific skills • Cost
Sustainability • Silos • 27x same mistakes? Probably. • eID is infrastructure. “Estache” (“Seto”) the Estonian Apache? • University computer class = 27x “Elbonian card software”? • (PKI smart cards) eID is no CSS or HTML5 • Niche market, requires specific skills • Cost • A plant only grows if you water it
Innovation
Innovation • Commodity vs niche product • Easily available, interchangeable
Innovation • Commodity vs niche product • Easily available, interchangeable • P2P vs platform • SAML vs OpenID
Innovation • Commodity vs niche product • Easily available, interchangeable • P2P vs platform • SAML vs OpenID • eID must be ubiquitous to succeed • Make awkward uses easy to implement
Innovation • Commodity vs niche product • Easily available, interchangeable • P2P vs platform • SAML vs OpenID • eID must be ubiquitous to succeed • Make awkward uses easy to implement • Does open source lead the innovation or jog behind the cool guys?
Innovation • Commodity vs niche product • Easily available, interchangeable • P2P vs platform • SAML vs OpenID • eID must be ubiquitous to succeed • Make awkward uses easy to implement • Does open source lead the innovation or jog behind the cool guys? • Import vs export
Innovation • Commodity vs niche product • Easily available, interchangeable • P2P vs platform • SAML vs OpenID • eID must be ubiquitous to succeed • Make awkward uses easy to implement • Does open source lead the innovation or jog behind the cool guys? • Import vs export • Fibonacci innovation?
How can OpenSC help? • Grassroots community of specialists from different countries • Share knowledge and experiences • No politics. “Show me the solution that works” • Joint lobby group to collaborate with other (open source) projects • Make Firefox (close to 1/3 of the market) to fix their bugs • A reference implementation • Provide a common framework and platform for collaboration, interoperability and innovation
Thank you! Questions? opensc-project.org @MartinPaljak.net

Recommended

Kali presentation
Kali presentationKali presentation
Kali presentationZain Ul abadin
 
Github Actions and Terraform.pdf
Github Actions and Terraform.pdfGithub Actions and Terraform.pdf
Github Actions and Terraform.pdfVishwas N
 
Kali linux
Kali linuxKali linux
Kali linuxabdulla78
 
eBPF Workshop
eBPF WorkshopeBPF Workshop
eBPF WorkshopMichael Kehoe
 
Hacking Lab con ProxMox e Metasploitable
Hacking Lab con ProxMox e MetasploitableHacking Lab con ProxMox e Metasploitable
Hacking Lab con ProxMox e MetasploitableAndrea Draghetti
 
kali linux.pptx
kali linux.pptxkali linux.pptx
kali linux.pptxanumeha bhatnagar
 
Understanding kube proxy in ipvs mode
Understanding kube proxy in ipvs modeUnderstanding kube proxy in ipvs mode
Understanding kube proxy in ipvs modeVictor Morales
 
[KubeCon EU 2022] Running containerd and k3s on macOS
[KubeCon EU 2022] Running containerd and k3s on macOS[KubeCon EU 2022] Running containerd and k3s on macOS
[KubeCon EU 2022] Running containerd and k3s on macOSAkihiro Suda
 

Recommended

Kali presentation
Kali presentationKali presentation
Kali presentationZain Ul abadin
 
Github Actions and Terraform.pdf
Github Actions and Terraform.pdfGithub Actions and Terraform.pdf
Github Actions and Terraform.pdfVishwas N
 
Kali linux
Kali linuxKali linux
Kali linuxabdulla78
 
eBPF Workshop
eBPF WorkshopeBPF Workshop
eBPF WorkshopMichael Kehoe
 
Hacking Lab con ProxMox e Metasploitable
Hacking Lab con ProxMox e MetasploitableHacking Lab con ProxMox e Metasploitable
Hacking Lab con ProxMox e MetasploitableAndrea Draghetti
 
kali linux.pptx
kali linux.pptxkali linux.pptx
kali linux.pptxanumeha bhatnagar
 
Understanding kube proxy in ipvs mode
Understanding kube proxy in ipvs modeUnderstanding kube proxy in ipvs mode
Understanding kube proxy in ipvs modeVictor Morales
 
[KubeCon EU 2022] Running containerd and k3s on macOS
[KubeCon EU 2022] Running containerd and k3s on macOS[KubeCon EU 2022] Running containerd and k3s on macOS
[KubeCon EU 2022] Running containerd and k3s on macOSAkihiro Suda
 
Cilium - Bringing the BPF Revolution to Kubernetes Networking and Security
Cilium - Bringing the BPF Revolution to Kubernetes Networking and SecurityCilium - Bringing the BPF Revolution to Kubernetes Networking and Security
Cilium - Bringing the BPF Revolution to Kubernetes Networking and SecurityThomas Graf
 
DPDK (Data Plane Development Kit)
DPDK (Data Plane Development Kit) DPDK (Data Plane Development Kit)
DPDK (Data Plane Development Kit) ymtech
 
Fundamentals of Linux Privilege Escalation
Fundamentals of Linux Privilege EscalationFundamentals of Linux Privilege Escalation
Fundamentals of Linux Privilege Escalationnullthreat
 
Cilium + Istio with Gloo Mesh
Cilium + Istio with Gloo MeshCilium + Istio with Gloo Mesh
Cilium + Istio with Gloo MeshChristian Posta
 
eBPF - Rethinking the Linux Kernel
eBPF - Rethinking the Linux KerneleBPF - Rethinking the Linux Kernel
eBPF - Rethinking the Linux KernelThomas Graf
 
Ubuntu OS.pptx
Ubuntu OS.pptxUbuntu OS.pptx
Ubuntu OS.pptxAhmedSubhanFarjamBai
 
Getting started with Ansible
Getting started with AnsibleGetting started with Ansible
Getting started with AnsibleIvan Serdyuk
 
Vyos clustering ipsec
Vyos clustering ipsecVyos clustering ipsec
Vyos clustering ipsecGireesh Hariharasubramony
 
eBPF - Observability In Deep
eBPF - Observability In DeepeBPF - Observability In Deep
eBPF - Observability In DeepMydbops
 
NMap
NMapNMap
NMapPritesh Raka
 
kali linux
kali linuxkali linux
kali linuxDarshan Dalwadi
 
Cilium - API-aware Networking and Security for Containers based on BPF
Cilium - API-aware Networking and Security for Containers based on BPFCilium - API-aware Networking and Security for Containers based on BPF
Cilium - API-aware Networking and Security for Containers based on BPFThomas Graf
 
Advanced Container Security
Advanced Container Security Advanced Container Security
Advanced Container Security Amazon Web Services
 
Stratum: Next-Gen SDN (beyond OpenFlow)
Stratum: Next-Gen SDN (beyond OpenFlow)Stratum: Next-Gen SDN (beyond OpenFlow)
Stratum: Next-Gen SDN (beyond OpenFlow)PLVision
 
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...Edureka!
 
Intel DPDK Step by Step instructions
Intel DPDK Step by Step instructionsIntel DPDK Step by Step instructions
Intel DPDK Step by Step instructionsHisaki Ohara
 
4 palo alto licenses
4 palo alto licenses4 palo alto licenses
4 palo alto licensesMostafa El Lathy
 
IPSec VPN & IPSec Protocols
IPSec VPN & IPSec Protocols IPSec VPN & IPSec Protocols
IPSec VPN & IPSec Protocols NetProtocol Xpert
 
BugBounty Tips.pdf
BugBounty Tips.pdfBugBounty Tips.pdf
BugBounty Tips.pdfKhaledMohamed767546
 
Accelerating Envoy and Istio with Cilium and the Linux Kernel
Accelerating Envoy and Istio with Cilium and the Linux KernelAccelerating Envoy and Istio with Cilium and the Linux Kernel
Accelerating Envoy and Istio with Cilium and the Linux KernelThomas Graf
 
JavaCard development Quickstart
JavaCard development QuickstartJavaCard development Quickstart
JavaCard development QuickstartMartin Paljak
 
OpenDNIe Hackfest
OpenDNIe HackfestOpenDNIe Hackfest
OpenDNIe HackfestMartin Paljak
 

More Related Content

What's hot

Cilium - Bringing the BPF Revolution to Kubernetes Networking and Security
Cilium - Bringing the BPF Revolution to Kubernetes Networking and SecurityCilium - Bringing the BPF Revolution to Kubernetes Networking and Security
Cilium - Bringing the BPF Revolution to Kubernetes Networking and SecurityThomas Graf
 
DPDK (Data Plane Development Kit)
DPDK (Data Plane Development Kit) DPDK (Data Plane Development Kit)
DPDK (Data Plane Development Kit) ymtech
 
Fundamentals of Linux Privilege Escalation
Fundamentals of Linux Privilege EscalationFundamentals of Linux Privilege Escalation
Fundamentals of Linux Privilege Escalationnullthreat
 
Cilium + Istio with Gloo Mesh
Cilium + Istio with Gloo MeshCilium + Istio with Gloo Mesh
Cilium + Istio with Gloo MeshChristian Posta
 
eBPF - Rethinking the Linux Kernel
eBPF - Rethinking the Linux KerneleBPF - Rethinking the Linux Kernel
eBPF - Rethinking the Linux KernelThomas Graf
 
Getting started with Ansible
Getting started with AnsibleGetting started with Ansible
Getting started with AnsibleIvan Serdyuk
 
eBPF - Observability In Deep
eBPF - Observability In DeepeBPF - Observability In Deep
eBPF - Observability In DeepMydbops
 
Cilium - API-aware Networking and Security for Containers based on BPF
Cilium - API-aware Networking and Security for Containers based on BPFCilium - API-aware Networking and Security for Containers based on BPF
Cilium - API-aware Networking and Security for Containers based on BPFThomas Graf
 
Stratum: Next-Gen SDN (beyond OpenFlow)
Stratum: Next-Gen SDN (beyond OpenFlow)Stratum: Next-Gen SDN (beyond OpenFlow)
Stratum: Next-Gen SDN (beyond OpenFlow)PLVision
 
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...Edureka!
 
Intel DPDK Step by Step instructions
Intel DPDK Step by Step instructionsIntel DPDK Step by Step instructions
Intel DPDK Step by Step instructionsHisaki Ohara
 
IPSec VPN & IPSec Protocols
IPSec VPN & IPSec Protocols IPSec VPN & IPSec Protocols
IPSec VPN & IPSec Protocols NetProtocol Xpert
 
Accelerating Envoy and Istio with Cilium and the Linux Kernel
Accelerating Envoy and Istio with Cilium and the Linux KernelAccelerating Envoy and Istio with Cilium and the Linux Kernel
Accelerating Envoy and Istio with Cilium and the Linux KernelThomas Graf
 

What's hot (20)

Cilium - Bringing the BPF Revolution to Kubernetes Networking and Security
Cilium - Bringing the BPF Revolution to Kubernetes Networking and SecurityCilium - Bringing the BPF Revolution to Kubernetes Networking and Security
Cilium - Bringing the BPF Revolution to Kubernetes Networking and Security
 
DPDK (Data Plane Development Kit)
DPDK (Data Plane Development Kit) DPDK (Data Plane Development Kit)
DPDK (Data Plane Development Kit)
 
Fundamentals of Linux Privilege Escalation
Fundamentals of Linux Privilege EscalationFundamentals of Linux Privilege Escalation
Fundamentals of Linux Privilege Escalation
 
Cilium + Istio with Gloo Mesh
Cilium + Istio with Gloo MeshCilium + Istio with Gloo Mesh
Cilium + Istio with Gloo Mesh
 
eBPF - Rethinking the Linux Kernel
eBPF - Rethinking the Linux KerneleBPF - Rethinking the Linux Kernel
eBPF - Rethinking the Linux Kernel
 
Ubuntu OS.pptx
Ubuntu OS.pptxUbuntu OS.pptx
Ubuntu OS.pptx
 
Getting started with Ansible
Getting started with AnsibleGetting started with Ansible
Getting started with Ansible
 
Vyos clustering ipsec
Vyos clustering ipsecVyos clustering ipsec
Vyos clustering ipsec
 
eBPF - Observability In Deep
eBPF - Observability In DeepeBPF - Observability In Deep
eBPF - Observability In Deep
 
NMap
NMapNMap
NMap
 
kali linux
kali linuxkali linux
kali linux
 
Cilium - API-aware Networking and Security for Containers based on BPF
Cilium - API-aware Networking and Security for Containers based on BPFCilium - API-aware Networking and Security for Containers based on BPF
Cilium - API-aware Networking and Security for Containers based on BPF
 
Advanced Container Security
Advanced Container Security Advanced Container Security
Advanced Container Security
 
Stratum: Next-Gen SDN (beyond OpenFlow)
Stratum: Next-Gen SDN (beyond OpenFlow)Stratum: Next-Gen SDN (beyond OpenFlow)
Stratum: Next-Gen SDN (beyond OpenFlow)
 
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
 
Intel DPDK Step by Step instructions
Intel DPDK Step by Step instructionsIntel DPDK Step by Step instructions
Intel DPDK Step by Step instructions
 
4 palo alto licenses
4 palo alto licenses4 palo alto licenses
4 palo alto licenses
 
IPSec VPN & IPSec Protocols
IPSec VPN & IPSec Protocols IPSec VPN & IPSec Protocols
IPSec VPN & IPSec Protocols
 
BugBounty Tips.pdf
BugBounty Tips.pdfBugBounty Tips.pdf
BugBounty Tips.pdf
 
Accelerating Envoy and Istio with Cilium and the Linux Kernel
Accelerating Envoy and Istio with Cilium and the Linux KernelAccelerating Envoy and Istio with Cilium and the Linux Kernel
Accelerating Envoy and Istio with Cilium and the Linux Kernel
 

Viewers also liked

JavaCard development Quickstart
JavaCard development QuickstartJavaCard development Quickstart
JavaCard development QuickstartMartin Paljak
 
Veebis allkirjastamine ID-kaardiga
Veebis allkirjastamine ID-kaardigaVeebis allkirjastamine ID-kaardiga
Veebis allkirjastamine ID-kaardigaMartin Paljak
 
Security applications with Java Card
Security applications with Java CardSecurity applications with Java Card
Security applications with Java CardJulien SIMON
 
eSmartlock - an antipiracy dongle with integrated DRM functionalities
eSmartlock - an antipiracy dongle with integrated DRM functionalitieseSmartlock - an antipiracy dongle with integrated DRM functionalities
eSmartlock - an antipiracy dongle with integrated DRM functionalitiesYiannis Hatzopoulos
 
eSmartlock a USB Javacard dongle with anti-piracy and DRM services
eSmartlock a USB Javacard dongle with anti-piracy and DRM serviceseSmartlock a USB Javacard dongle with anti-piracy and DRM services
eSmartlock a USB Javacard dongle with anti-piracy and DRM servicesYiannis Hatzopoulos
 

Viewers also liked (9)

JavaCard development Quickstart
JavaCard development QuickstartJavaCard development Quickstart
JavaCard development Quickstart
 
OpenDNIe Hackfest
OpenDNIe HackfestOpenDNIe Hackfest
OpenDNIe Hackfest
 
Codebits 2011
Codebits 2011Codebits 2011
Codebits 2011
 
Veebis allkirjastamine ID-kaardiga
Veebis allkirjastamine ID-kaardigaVeebis allkirjastamine ID-kaardiga
Veebis allkirjastamine ID-kaardiga
 
ID-kaardist 100%
ID-kaardist 100%ID-kaardist 100%
ID-kaardist 100%
 
Security applications with Java Card
Security applications with Java CardSecurity applications with Java Card
Security applications with Java Card
 
Javacardtech
JavacardtechJavacardtech
Javacardtech
 
eSmartlock - an antipiracy dongle with integrated DRM functionalities
eSmartlock - an antipiracy dongle with integrated DRM functionalitieseSmartlock - an antipiracy dongle with integrated DRM functionalities
eSmartlock - an antipiracy dongle with integrated DRM functionalities
 
eSmartlock a USB Javacard dongle with anti-piracy and DRM services
eSmartlock a USB Javacard dongle with anti-piracy and DRM serviceseSmartlock a USB Javacard dongle with anti-piracy and DRM services
eSmartlock a USB Javacard dongle with anti-piracy and DRM services
 

Similar to OpenSC: eID interoperability through open source software

No Delay Software Company Overview
No Delay Software Company OverviewNo Delay Software Company Overview
No Delay Software Company OverviewNoDelay Software
 
TypeScript - Javascript done right
TypeScript - Javascript done rightTypeScript - Javascript done right
TypeScript - Javascript done rightWekoslav Stefanovski
 
PyData Texas 2015 Keynote
PyData Texas 2015 KeynotePyData Texas 2015 Keynote
PyData Texas 2015 KeynotePeter Wang
 
Єгор Попович, CTO @Tesseract, (Lviv, Ukraine) "Blockchain user: myth or reali...
Єгор Попович, CTO @Tesseract, (Lviv, Ukraine) "Blockchain user: myth or reali...Єгор Попович, CTO @Tesseract, (Lviv, Ukraine) "Blockchain user: myth or reali...
Єгор Попович, CTO @Tesseract, (Lviv, Ukraine) "Blockchain user: myth or reali...Dakiry
 
The Internet of Things and You - A Developers Guide to IoT
The Internet of Things and You - A Developers Guide to IoTThe Internet of Things and You - A Developers Guide to IoT
The Internet of Things and You - A Developers Guide to IoTJim McKeeth
 
OASIS: open source and open standards: internet of things
OASIS: open source and open standards: internet of thingsOASIS: open source and open standards: internet of things
OASIS: open source and open standards: internet of thingsJamie Clark
 
OASIS: How open source and open standards work together: the Internet of Things
OASIS: How open source and open standards work together: the Internet of ThingsOASIS: How open source and open standards work together: the Internet of Things
OASIS: How open source and open standards work together: the Internet of ThingsJames Bryce Clark
 
Open Source and the Internet of Things
Open Source and the Internet of ThingsOpen Source and the Internet of Things
Open Source and the Internet of ThingsBlack Duck by Synopsys
 
Contributing to Open Source
Contributing to Open SourceContributing to Open Source
Contributing to Open SourceAmol A. Sale
 
Internet of Things 101 - For software engineers
Internet of Things 101 - For software engineersInternet of Things 101 - For software engineers
Internet of Things 101 - For software engineersKashif Ali Siddiqui
 
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud XiaoFruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud XiaoShakacon
 
Elements of Connected Products
Elements of Connected ProductsElements of Connected Products
Elements of Connected ProductsJordan Husney
 
Building the Ultimate Device Matrix
Building the Ultimate Device MatrixBuilding the Ultimate Device Matrix
Building the Ultimate Device MatrixCarly Vanderwert
 
михаил дударев
михаил дударевмихаил дударев
михаил дударевapps4allru
 
Developing a NodeBot using Intel XDK IoT Edition
Developing a NodeBot using Intel XDK IoT EditionDeveloping a NodeBot using Intel XDK IoT Edition
Developing a NodeBot using Intel XDK IoT EditionIntel® Software
 
Null mumbai-iot-workshop
Null mumbai-iot-workshopNull mumbai-iot-workshop
Null mumbai-iot-workshopNitesh Malviya
 
Embarcadero's Connected Development
Embarcadero's Connected DevelopmentEmbarcadero's Connected Development
Embarcadero's Connected DevelopmentJim McKeeth
 

Similar to OpenSC: eID interoperability through open source software (20)

No Delay Software Company Overview
No Delay Software Company OverviewNo Delay Software Company Overview
No Delay Software Company Overview
 
TypeScript - Javascript done right
TypeScript - Javascript done rightTypeScript - Javascript done right
TypeScript - Javascript done right
 
PyData Texas 2015 Keynote
PyData Texas 2015 KeynotePyData Texas 2015 Keynote
PyData Texas 2015 Keynote
 
Cybersecurity Roadmap for Beginners
Cybersecurity Roadmap for BeginnersCybersecurity Roadmap for Beginners
Cybersecurity Roadmap for Beginners
 
Єгор Попович, CTO @Tesseract, (Lviv, Ukraine) "Blockchain user: myth or reali...
Єгор Попович, CTO @Tesseract, (Lviv, Ukraine) "Blockchain user: myth or reali...Єгор Попович, CTO @Tesseract, (Lviv, Ukraine) "Blockchain user: myth or reali...
Єгор Попович, CTO @Tesseract, (Lviv, Ukraine) "Blockchain user: myth or reali...
 
The Internet of Things and You - A Developers Guide to IoT
The Internet of Things and You - A Developers Guide to IoTThe Internet of Things and You - A Developers Guide to IoT
The Internet of Things and You - A Developers Guide to IoT
 
OASIS: open source and open standards: internet of things
OASIS: open source and open standards: internet of thingsOASIS: open source and open standards: internet of things
OASIS: open source and open standards: internet of things
 
OASIS: How open source and open standards work together: the Internet of Things
OASIS: How open source and open standards work together: the Internet of ThingsOASIS: How open source and open standards work together: the Internet of Things
OASIS: How open source and open standards work together: the Internet of Things
 
Open Source and the Internet of Things
Open Source and the Internet of ThingsOpen Source and the Internet of Things
Open Source and the Internet of Things
 
Contributing to Open Source
Contributing to Open SourceContributing to Open Source
Contributing to Open Source
 
Internet of Things 101 - For software engineers
Internet of Things 101 - For software engineersInternet of Things 101 - For software engineers
Internet of Things 101 - For software engineers
 
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud XiaoFruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao
 
Elements of Connected Products
Elements of Connected ProductsElements of Connected Products
Elements of Connected Products
 
Building the Ultimate Device Matrix
Building the Ultimate Device MatrixBuilding the Ultimate Device Matrix
Building the Ultimate Device Matrix
 
SIGFOX Makers Tour - Madrid
SIGFOX Makers Tour - MadridSIGFOX Makers Tour - Madrid
SIGFOX Makers Tour - Madrid
 
михаил дударев
михаил дударевмихаил дударев
михаил дударев
 
Developing a NodeBot using Intel XDK IoT Edition
Developing a NodeBot using Intel XDK IoT EditionDeveloping a NodeBot using Intel XDK IoT Edition
Developing a NodeBot using Intel XDK IoT Edition
 
Null mumbai-iot-workshop
Null mumbai-iot-workshopNull mumbai-iot-workshop
Null mumbai-iot-workshop
 
Sundance's presentation at B:RAI 2020
Sundance's presentation at B:RAI 2020Sundance's presentation at B:RAI 2020
Sundance's presentation at B:RAI 2020
 
Embarcadero's Connected Development
Embarcadero's Connected DevelopmentEmbarcadero's Connected Development
Embarcadero's Connected Development
 

Recently uploaded

GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 

Recently uploaded (20)

GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 

OpenSC: eID interoperability through open source software

  • 1. eID interoperability through open source software Martin Paljak OpenSC Project www.opensc-project.org
  • 2. Quick background check • Dealing with Estonian eID (1st generation) since 2003 • Involved with OpenID (“OpenID for Estonians, OpenID.ee”) • Open source security/crypto/smart cards/identity software • Maintainer/lead developer of OpenSC Project since 2010 • All opinions expressed are my own
  • 3. Agenda • What is OpenSC • Problems observed from earth • Why open source matters • How OpenSC can help
  • 5. OpenSC • Open source software (middleware) for cryptographic smart cards • Developed by independent team of international volunteers
  • 6. OpenSC • Open source software (middleware) for cryptographic smart cards • Developed by independent team of international volunteers • Provides standard interfaces for software developers and applications to access cryptographic capabilities of smart cards • Standards are published or defined by market
  • 7. OpenSC • Open source software (middleware) for cryptographic smart cards • Developed by independent team of international volunteers • Provides standard interfaces for software developers and applications to access cryptographic capabilities of smart cards • Standards are published or defined by market • Cross platform (Windows, Mac OS X, Linux/Unix) • PKCS#11, CryptoAPI (minidriver), Tokend/CDSA
  • 8. OpenSC • Open source software (middleware) for cryptographic smart cards • Developed by independent team of international volunteers • Provides standard interfaces for software developers and applications to access cryptographic capabilities of smart cards • Standards are published or defined by market • Cross platform (Windows, Mac OS X, Linux/Unix) • PKCS#11, CryptoAPI (minidriver), Tokend/CDSA • PKCS#15 (ISO7816-15, IAS-ECC, PIV, EstEID, ...) • Card personalization tools
  • 9. OpenSC • Open source software (middleware) for cryptographic smart cards • Developed by independent team of international volunteers • Provides standard interfaces for software developers and applications to access cryptographic capabilities of smart cards • Standards are published or defined by market • Cross platform (Windows, Mac OS X, Linux/Unix) • PKCS#11, CryptoAPI (minidriver), Tokend/CDSA • PKCS#15 (ISO7816-15, IAS-ECC, PIV, EstEID, ...) • Card personalization tools • “OpenSC has become the defacto open source smartcard provider”
  • 11. OpenSC enables applications! • Firefox - HTTPS authentication • Thunderbird - S/MIME signatures and encryption • Google Chrome - HTTPS authentication • E-voting - vote signing and authentication • OpenSSH - authentication • Safari - HTTPS authentication • Mail.app - S/MIME signatures and encryption • Outlook - S/MIME signatures and encryption • Open(Libre)Office - digital signatures • Internet Explorer - HTTPS authentication • Adobe Acrobat - digital signatures • OpenVPN - authentication • Putty - authentication • WinSCP - authentication
  • 13. OpenSC supports* • Estonian eID • Finnish eID • Spanish eID* • Belgian eID • Portuguese eID • Italian eID • IAS-ECC* • PIV/CAC • Latvian eID* * - work in progress or other but-s or limitations
  • 14. Problems with eID software projects • Initiation & execution • Trust • Sustainability • Interoperability • Innovation
  • 15. Regulators endorse execution, incl. open source.
  • 17. Initiation & execution • Reduced platform availability
  • 18. Initiation & execution • Reduced platform availability • Linux (read: non-Windows)
  • 19. Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga.
  • 20. Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga. • Licensing (OpenSC LGPL)
  • 21. Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga. • Licensing (OpenSC LGPL) • Belgium
  • 22. Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga. • Licensing (OpenSC LGPL) • Belgium • Spain
  • 23. Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga. • Licensing (OpenSC LGPL) • Belgium • Spain • Portugal
  • 24. Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga. • Licensing (OpenSC LGPL) • Belgium • Spain • Portugal • Latvia
  • 25. Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga. • Licensing (OpenSC LGPL) • Belgium • Spain • Portugal • Latvia • Commercial vs public interest. Cost
  • 26. Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga. • Licensing (OpenSC LGPL) • Belgium • Spain • Portugal • Latvia • Commercial vs public interest. Cost • Client software is complex and interweaved. Cost
  • 27. Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga. • Licensing (OpenSC LGPL) • Belgium • Spain • Portugal • Latvia • Commercial vs public interest. Cost • Client software is complex and interweaved. Cost • Keeping up with software changes is challenging
  • 28. Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga. • Licensing (OpenSC LGPL) • Belgium • Spain • Portugal • Latvia • Commercial vs public interest. Cost • Client software is complex and interweaved. Cost • Keeping up with software changes is challenging • 1st iteration tends to “fail”
  • 29. Trust
  • 31. Trust • STOP ABUSING THIS WORD! • Opaque systems call for tinfoil hats
  • 32. Trust • STOP ABUSING THIS WORD! • Opaque systems call for tinfoil hats • “How do I know that the software does not sign a transaction for 10000€?”
  • 33. Trust • STOP ABUSING THIS WORD! • Opaque systems call for tinfoil hats • “How do I know that the software does not sign a transaction for 10000€?” • Trust is essential for successful widespread adoption
  • 34. Trust • STOP ABUSING THIS WORD! • Opaque systems call for tinfoil hats • “How do I know that the software does not sign a transaction for 10000€?” • Trust is essential for successful widespread adoption • Does not always mean “cryptographically assured”
  • 35. Trust • STOP ABUSING THIS WORD! • Opaque systems call for tinfoil hats • “How do I know that the software does not sign a transaction for 10000€?” • Trust is essential for successful widespread adoption • Does not always mean “cryptographically assured” • Who will be the first to publish on-card application?
  • 36. Trust • STOP ABUSING THIS WORD! • Opaque systems call for tinfoil hats • “How do I know that the software does not sign a transaction for 10000€?” • Trust is essential for successful widespread adoption • Does not always mean “cryptographically assured” • Who will be the first to publish on-card application? • Ergo I’m no cloud believer
  • 37. Sustainability Interoperability
  • 40. Sustainability • Silos • 27x same mistakes? Probably.
  • 41. Sustainability • Silos • 27x same mistakes? Probably. • eID is infrastructure. “Estache” (“Seto”) the Estonian Apache?
  • 42. Sustainability • Silos • 27x same mistakes? Probably. • eID is infrastructure. “Estache” (“Seto”) the Estonian Apache? • University computer class = 27x “Elbonian card software”?
  • 43. Sustainability • Silos • 27x same mistakes? Probably. • eID is infrastructure. “Estache” (“Seto”) the Estonian Apache? • University computer class = 27x “Elbonian card software”? • (PKI smart cards) eID is no CSS or HTML5
  • 44. Sustainability • Silos • 27x same mistakes? Probably. • eID is infrastructure. “Estache” (“Seto”) the Estonian Apache? • University computer class = 27x “Elbonian card software”? • (PKI smart cards) eID is no CSS or HTML5 • Niche market, requires specific skills
  • 45. Sustainability • Silos • 27x same mistakes? Probably. • eID is infrastructure. “Estache” (“Seto”) the Estonian Apache? • University computer class = 27x “Elbonian card software”? • (PKI smart cards) eID is no CSS or HTML5 • Niche market, requires specific skills • Cost
  • 46. Sustainability • Silos • 27x same mistakes? Probably. • eID is infrastructure. “Estache” (“Seto”) the Estonian Apache? • University computer class = 27x “Elbonian card software”? • (PKI smart cards) eID is no CSS or HTML5 • Niche market, requires specific skills • Cost • A plant only grows if you water it
  • 48. Innovation • Commodity vs niche product • Easily available, interchangeable
  • 49. Innovation • Commodity vs niche product • Easily available, interchangeable • P2P vs platform • SAML vs OpenID
  • 50. Innovation • Commodity vs niche product • Easily available, interchangeable • P2P vs platform • SAML vs OpenID • eID must be ubiquitous to succeed • Make awkward uses easy to implement
  • 51. Innovation • Commodity vs niche product • Easily available, interchangeable • P2P vs platform • SAML vs OpenID • eID must be ubiquitous to succeed • Make awkward uses easy to implement • Does open source lead the innovation or jog behind the cool guys?
  • 52. Innovation • Commodity vs niche product • Easily available, interchangeable • P2P vs platform • SAML vs OpenID • eID must be ubiquitous to succeed • Make awkward uses easy to implement • Does open source lead the innovation or jog behind the cool guys? • Import vs export
  • 53. Innovation • Commodity vs niche product • Easily available, interchangeable • P2P vs platform • SAML vs OpenID • eID must be ubiquitous to succeed • Make awkward uses easy to implement • Does open source lead the innovation or jog behind the cool guys? • Import vs export • Fibonacci innovation?
  • 54. How can OpenSC help? • Grassroots community of specialists from different countries • Share knowledge and experiences • No politics. “Show me the solution that works” • Joint lobby group to collaborate with other (open source) projects • Make Firefox (close to 1/3 of the market) to fix their bugs • A reference implementation • Provide a common framework and platform for collaboration, interoperability and innovation
  • 55. Thank you! Questions? opensc-project.org @MartinPaljak.net