Se ha denunciado esta presentación.
Se está descargando tu SlideShare. ×

OpenSC: eID interoperability through open source software

Anuncio
Anuncio
Anuncio
Anuncio
Anuncio
Anuncio
Anuncio
Anuncio
Anuncio
Anuncio
Anuncio
Anuncio
Próximo SlideShare
OpenDNIe Hackfest
OpenDNIe Hackfest
Cargando en…3
×

Eche un vistazo a continuación

1 de 55 Anuncio

Más Contenido Relacionado

Similares a OpenSC: eID interoperability through open source software (20)

Más reciente (20)

Anuncio

OpenSC: eID interoperability through open source software

  1. 1. eID interoperability through open source software Martin Paljak OpenSC Project www.opensc-project.org
  2. 2. Quick background check • Dealing with Estonian eID (1st generation) since 2003 • Involved with OpenID (“OpenID for Estonians, OpenID.ee”) • Open source security/crypto/smart cards/identity software • Maintainer/lead developer of OpenSC Project since 2010 • All opinions expressed are my own
  3. 3. Agenda • What is OpenSC • Problems observed from earth • Why open source matters • How OpenSC can help
  4. 4. OpenSC
  5. 5. OpenSC • Open source software (middleware) for cryptographic smart cards • Developed by independent team of international volunteers
  6. 6. OpenSC • Open source software (middleware) for cryptographic smart cards • Developed by independent team of international volunteers • Provides standard interfaces for software developers and applications to access cryptographic capabilities of smart cards • Standards are published or defined by market
  7. 7. OpenSC • Open source software (middleware) for cryptographic smart cards • Developed by independent team of international volunteers • Provides standard interfaces for software developers and applications to access cryptographic capabilities of smart cards • Standards are published or defined by market • Cross platform (Windows, Mac OS X, Linux/Unix) • PKCS#11, CryptoAPI (minidriver), Tokend/CDSA
  8. 8. OpenSC • Open source software (middleware) for cryptographic smart cards • Developed by independent team of international volunteers • Provides standard interfaces for software developers and applications to access cryptographic capabilities of smart cards • Standards are published or defined by market • Cross platform (Windows, Mac OS X, Linux/Unix) • PKCS#11, CryptoAPI (minidriver), Tokend/CDSA • PKCS#15 (ISO7816-15, IAS-ECC, PIV, EstEID, ...) • Card personalization tools
  9. 9. OpenSC • Open source software (middleware) for cryptographic smart cards • Developed by independent team of international volunteers • Provides standard interfaces for software developers and applications to access cryptographic capabilities of smart cards • Standards are published or defined by market • Cross platform (Windows, Mac OS X, Linux/Unix) • PKCS#11, CryptoAPI (minidriver), Tokend/CDSA • PKCS#15 (ISO7816-15, IAS-ECC, PIV, EstEID, ...) • Card personalization tools • “OpenSC has become the defacto open source smartcard provider”
  10. 10. OpenSC enables applications!
  11. 11. OpenSC enables applications! • Firefox - HTTPS authentication • Thunderbird - S/MIME signatures and encryption • Google Chrome - HTTPS authentication • E-voting - vote signing and authentication • OpenSSH - authentication • Safari - HTTPS authentication • Mail.app - S/MIME signatures and encryption • Outlook - S/MIME signatures and encryption • Open(Libre)Office - digital signatures • Internet Explorer - HTTPS authentication • Adobe Acrobat - digital signatures • OpenVPN - authentication • Putty - authentication • WinSCP - authentication
  12. 12. Real life applications, right now.
  13. 13. OpenSC supports* • Estonian eID • Finnish eID • Spanish eID* • Belgian eID • Portuguese eID • Italian eID • IAS-ECC* • PIV/CAC • Latvian eID* * - work in progress or other but-s or limitations
  14. 14. Problems with eID software projects • Initiation & execution • Trust • Sustainability • Interoperability • Innovation
  15. 15. Regulators endorse execution, incl. open source.
  16. 16. Initiation & execution
  17. 17. Initiation & execution • Reduced platform availability
  18. 18. Initiation & execution • Reduced platform availability • Linux (read: non-Windows)
  19. 19. Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga.
  20. 20. Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga. • Licensing (OpenSC LGPL)
  21. 21. Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga. • Licensing (OpenSC LGPL) • Belgium
  22. 22. Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga. • Licensing (OpenSC LGPL) • Belgium • Spain
  23. 23. Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga. • Licensing (OpenSC LGPL) • Belgium • Spain • Portugal
  24. 24. Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga. • Licensing (OpenSC LGPL) • Belgium • Spain • Portugal • Latvia
  25. 25. Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga. • Licensing (OpenSC LGPL) • Belgium • Spain • Portugal • Latvia • Commercial vs public interest. Cost
  26. 26. Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga. • Licensing (OpenSC LGPL) • Belgium • Spain • Portugal • Latvia • Commercial vs public interest. Cost • Client software is complex and interweaved. Cost
  27. 27. Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga. • Licensing (OpenSC LGPL) • Belgium • Spain • Portugal • Latvia • Commercial vs public interest. Cost • Client software is complex and interweaved. Cost • Keeping up with software changes is challenging
  28. 28. Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga. • Licensing (OpenSC LGPL) • Belgium • Spain • Portugal • Latvia • Commercial vs public interest. Cost • Client software is complex and interweaved. Cost • Keeping up with software changes is challenging • 1st iteration tends to “fail”
  29. 29. Trust
  30. 30. Trust • STOP ABUSING THIS WORD!
  31. 31. Trust • STOP ABUSING THIS WORD! • Opaque systems call for tinfoil hats
  32. 32. Trust • STOP ABUSING THIS WORD! • Opaque systems call for tinfoil hats • “How do I know that the software does not sign a transaction for 10000€?”
  33. 33. Trust • STOP ABUSING THIS WORD! • Opaque systems call for tinfoil hats • “How do I know that the software does not sign a transaction for 10000€?” • Trust is essential for successful widespread adoption
  34. 34. Trust • STOP ABUSING THIS WORD! • Opaque systems call for tinfoil hats • “How do I know that the software does not sign a transaction for 10000€?” • Trust is essential for successful widespread adoption • Does not always mean “cryptographically assured”
  35. 35. Trust • STOP ABUSING THIS WORD! • Opaque systems call for tinfoil hats • “How do I know that the software does not sign a transaction for 10000€?” • Trust is essential for successful widespread adoption • Does not always mean “cryptographically assured” • Who will be the first to publish on-card application?
  36. 36. Trust • STOP ABUSING THIS WORD! • Opaque systems call for tinfoil hats • “How do I know that the software does not sign a transaction for 10000€?” • Trust is essential for successful widespread adoption • Does not always mean “cryptographically assured” • Who will be the first to publish on-card application? • Ergo I’m no cloud believer
  37. 37. Sustainability Interoperability
  38. 38. Sustainability
  39. 39. Sustainability • Silos
  40. 40. Sustainability • Silos • 27x same mistakes? Probably.
  41. 41. Sustainability • Silos • 27x same mistakes? Probably. • eID is infrastructure. “Estache” (“Seto”) the Estonian Apache?
  42. 42. Sustainability • Silos • 27x same mistakes? Probably. • eID is infrastructure. “Estache” (“Seto”) the Estonian Apache? • University computer class = 27x “Elbonian card software”?
  43. 43. Sustainability • Silos • 27x same mistakes? Probably. • eID is infrastructure. “Estache” (“Seto”) the Estonian Apache? • University computer class = 27x “Elbonian card software”? • (PKI smart cards) eID is no CSS or HTML5
  44. 44. Sustainability • Silos • 27x same mistakes? Probably. • eID is infrastructure. “Estache” (“Seto”) the Estonian Apache? • University computer class = 27x “Elbonian card software”? • (PKI smart cards) eID is no CSS or HTML5 • Niche market, requires specific skills
  45. 45. Sustainability • Silos • 27x same mistakes? Probably. • eID is infrastructure. “Estache” (“Seto”) the Estonian Apache? • University computer class = 27x “Elbonian card software”? • (PKI smart cards) eID is no CSS or HTML5 • Niche market, requires specific skills • Cost
  46. 46. Sustainability • Silos • 27x same mistakes? Probably. • eID is infrastructure. “Estache” (“Seto”) the Estonian Apache? • University computer class = 27x “Elbonian card software”? • (PKI smart cards) eID is no CSS or HTML5 • Niche market, requires specific skills • Cost • A plant only grows if you water it
  47. 47. Innovation
  48. 48. Innovation • Commodity vs niche product • Easily available, interchangeable
  49. 49. Innovation • Commodity vs niche product • Easily available, interchangeable • P2P vs platform • SAML vs OpenID
  50. 50. Innovation • Commodity vs niche product • Easily available, interchangeable • P2P vs platform • SAML vs OpenID • eID must be ubiquitous to succeed • Make awkward uses easy to implement
  51. 51. Innovation • Commodity vs niche product • Easily available, interchangeable • P2P vs platform • SAML vs OpenID • eID must be ubiquitous to succeed • Make awkward uses easy to implement • Does open source lead the innovation or jog behind the cool guys?
  52. 52. Innovation • Commodity vs niche product • Easily available, interchangeable • P2P vs platform • SAML vs OpenID • eID must be ubiquitous to succeed • Make awkward uses easy to implement • Does open source lead the innovation or jog behind the cool guys? • Import vs export
  53. 53. Innovation • Commodity vs niche product • Easily available, interchangeable • P2P vs platform • SAML vs OpenID • eID must be ubiquitous to succeed • Make awkward uses easy to implement • Does open source lead the innovation or jog behind the cool guys? • Import vs export • Fibonacci innovation?
  54. 54. How can OpenSC help? • Grassroots community of specialists from different countries • Share knowledge and experiences • No politics. “Show me the solution that works” • Joint lobby group to collaborate with other (open source) projects • Make Firefox (close to 1/3 of the market) to fix their bugs • A reference implementation • Provide a common framework and platform for collaboration, interoperability and innovation
  55. 55. Thank you! Questions? opensc-project.org @MartinPaljak.net

×