Cardspace and anonymous access for e-government scenarios (speaker: Philip Stradling)
The identity metasystem is starting to gain broad industry support in establishing an identity layer for the Internet. This has created interest from various e-government stakeholders who need to address the security and privacy needs of citizens and an increasing number of scenarios to support the transformation of service delivery. Many of these stakeholders are keen to explore how the identity metasystem can facilitate the re-use of existing identity assets and also support new requirements and threat countermeasures such as the requirements for pseudo and anonymous access. I hope to convey how the design principles and toolkits of the identity metasystem provide a significant step forward for anonymous access, and to provide a conduit for exploring next steps and new ideas.
ADAPID Framework: status and outlook (speaker: Krystof Verslype)
As part of the ADAPID project, a framework is being developed. This framework aims at facilitating the development of privacy-friendly applications using the current e-ID card. Different components, each with their own API, are identified. A prototype implementation of some of these component APIs is discussed. A comparison with other Identity Management Systems is made and based on the input from the application deliverables, an evaluation is made. this evaluation will serve as input for the next phase in the development of the framework.
Long-Term Secure Archiving (speaker: Carmela Troncoso)
One of the aspects of preservation of a digital object is the ability of proving its integrity and time of creation (or signing) in front of a justice court. In order to provide evidence of time and integrity, documents are digitally signed and time stamped. In the course of time, the value as evidence of these signatures or time-stamps can decrease or even get lost. To reduce the impact of this loses it is necessary (in addition of the digital signature techniques) that complete reference information is preserved in a trustworthy manner, beside the signature itself allowing the validation of the signature and time at any point in time. In this talk, we present a scheme that permits to proof the integrity over time and the time of creation of an archived record based in hash functions and time-stamping.
E-Health application (speaker: Hans Vangheluwe)
We show how common scenarios in the Belgian health and social security domain can be digitalized in a privacy-friendly way. In particular, the processes of drug prescription and delivery is examined. The aim is not only to protect the privacy of the patient as much as possible, but in fact the privacy of all parties involved. We show a validation in the form of a partial prototype implementation as well.
Privacy-Enhanced e-Petition system (speaker: Claudia Diaz)
In this talk, we will present a privacy-enhanced e-petition application that we have implemented in a demonstrator. First, we use the Belgian e-ID card to authenticate to a credential issuer that provides the user with an anonymous credential. This credential can then be used to anonymously and unlinkably sign electronic petitions, such that the identity of the signer is protected, and at the same time double signing is detectable.
Legal aspects of the Storage, E-health and E-Government Applications (speaker: Els Kindt)
The demonstrator of today is the business application of tomorrow. Research projects can and should think outside the (legal) box, though incorporating legal requirements from the design phase has it's rewards in terms of real-world implementation. Exactly this is the approach of the Adapid project. This presentation will focus on a few highlights of how the Storage, E-health and E-government applications avoid or diminish legal friction.
From ePassports to eID-Cards (speaker Dennis Kügler)
By 2009 all European Member States will have to introduce fingerprints in their ePassports. A cryptographically strong access control mechanism known as "Extended Access Control" has already been developed. As indicated by the name the focus of Extended Access Control is to prevent unauthorized access to stored sensitive data, but it also provides several other privacy-protecting features. The first part of the talk will give an overview on those features that are already provided by Extended Access Control. The second part will give a preview on additional mechanisms that are just being developed in the context of Extended Access Control mainly for use in ID-cards and corresponding applications like privacy-protected online authentication.