e-Passports[Authenticating users over the Internet using e-Passports -- concluded on 2009/11/01]
Over the past two years, electronic passports (e-passports) have been introduced in most countries of the world. An e-passport embeds a chip with card holder details. While there are concerns about the privacy consequences of the introduction, caused by the contactless nature of communication and the sensitive nature of contained biometric data, these also presents a unique opportunity: it provides every citizen of the world with a strong authentication token within a global Public Key Infrastructure (PKI).
The technical standards which describe how to verify the authenticity of electronic passports are open and publicly available from the International Civil Aviation Organization (ICAO). Although likely not intended as such by ICAO, e-passports are ideal for authenticating users of Web services. The current proposal intends to build such an Identity 2.0 solution with open source software.
We propose to create a trustworthy identity solution that allows a user to use their e-passport for authentication at regular websites or webservices (e.g. for e-government like services). Such a solution may contain a browser plug-in that integrates the software developed in JMRTD with an open source identity selector (perhaps compatible with InfoCard).Additionally, the solution may require the establishment of a central server that acts as an identity provider (perhaps compatible with OpenID). A question that will need to be answered is to what degree end-users and service providers need to trust our identity provider (in case of end-users: trust with respect to dealing with privacy sensitive data).