In your opinion, how may blockchain technology impact the European payments landscape by 2025?

No significant impact
Impact in some niches or aspects of the payments activity (blockchain technology is adopted for specific purposes)
Emergence of innovative customer payment solutions based on blockchain (the technology spreads significantly like several other major ones)
Impact on the overall infrastructure underlying the payments mass market (the blockchain becomes the main pillar in a technological paradigm shift)
or show results

European Payments Council Blog and Discussion Board

Join the European Payments Council (EPC) discussion board to have your say on recent Single Euro Payments Area (SEPA) developments and highlight subjects that you would like to debate. The platform has been designed to ensure the communication of frequent and useful EPC information as well as engage the payments community and encourage the exchange of opinions. Please note that by accessing or contributing to the discussion board you agree to abide by the terms of the EPC Blogging Policy, so please read them carefully before doing so.

To receive notification when a new EPC blog goes live, subscribe using the RSS feed in the left-hand column of this webpage.

  
  

FutureID - Shaping the Future of Electronic Identity Viewed 3402 times

02-04-2015 By Bud P. Bruegger and Heiko Roßnagel

The content of this blog was first published in The Paypers Web Fraud Prevention, Online Security & Digital Identity Market Guide 2014/2015 (see ‘related links’ below). The European Payments Council wishes to thank the authors and The Paypers for the permission to publish this article as an EPC guest blog.

The FutureID project is partially funded by the European Commission within the 7th Framework Programme. Its consortium consists of 19 partners from 11 countries and is coordinated by Fraunhofer-Gesellschaft. The three-year research project started in November 2012. More information is available on the FutureID Website (see ‘related links’ below).

Objectives

The objective of the FutureID project is to build an identity management infrastructure for Europe in support of a single market of online services. This requires the availability and large-scale use of trusted and secure identities that replace current password credentials.

The problem

As learned, for example, from the experience of rolling out government electronic identities (eIDs) in Europe, the key factor to success is to reach a critical mass of user base and available services. This is often called a ‘chicken and egg problem’. Users are only interested in taking up a credential, if it provides access to a critical mass of services; service providers are only willing to invest in a credential if they bring a large enough base of potential users to justify the investment.

Today’s landscape of secure credentials in Europe shows a very high diversity. Also, credentials that combine both security and convenience of use are possibly yet to come (for example, from the Fast IDentity Online (FIDO) initiative). In this situation, it is highly unlikely that a single credential or identity management technology reaches the required critical mass by itself.

The solution

For this reason, the FutureID project attempts to build an open infrastructure able to potentially integrate all existing and future credentials. Reaching a critical mass across all user bases and all available services seems to be the most promising way to go. The base idea of the FutureID infrastructure is to build a bridge between user credentials on one side and services on the other.

The critical mass becomes much easier to reach if any credential can be consumed by any service; or reversely, any service can potentially reach out to the installed base of any credential. The only constraint to this approach comes from trust and security constraints set by the service provider.

Any technology of user credentials shall be potentially supported. This ranges from well-proven government issued eIDs to the cutting-edge and innovative privacy-enhancing attribute-based credentials (Privacy-ABCs). Some credentials may also be bound to existing Identity Providers (IdP) that employ one of the existing federation technologies.

Service providers can either be integrated ‘as is’, or by installing the FutureID native component for service providers. The reuse of existing elements ‘as is’ facilitates the introduction and contains the roll-out cost of the FutureID infrastructure.

To match credentials to services, the FutureID infrastructure must address three main issues:

  • provide interoperability,
  • enhance privacy where possible, and
  • provide as much as possible a common user experience across technologies.

The FutureID is not the only initiative that addresses the interoperability problem; the European STORK project and the various pilot projects of the National Strategy for Trusted Identities in Cyberspace (NSTIC), a White House initiative, all define infrastructures that use intermediary components to achieve interoperability. FutureID follows the very same approach.

What makes FutureID unique?

What is unique about FutureID, however, is that the number and topology of intermediary components is not fixed and static. FutureID rather adopts an ecosystem-approach by creating a free market for intermediating services.

This provides for the flexibility to: scale according to need, adapt to market needs, support special needs of market sectors including niche markets, adapt to established contractual relationships, and easily adapt to various possible business models that render the infrastructure sustainable.

Evidently, an open number of intermediaries, with new ones being able to join the ecosystem at any point of time, renders the whole situation much more dynamic. Instead of a static configuration that is common to other approaches, the decision of which intermediaries to involve and who has to perform which transformations has to be made dynamically. This is somewhat similar to ad-hoc networking where routing gets automatically configured based on available nodes. In this context, the dynamic configuration of the infrastructure means to compute the possible routes between credentials and services and choose the best suited one for the actual authentication process.

Another unique feature of FutureID is that this dynamic configuration of the infrastructure is completely under the control of a user component. While a similar approach was taken by Microsoft’s identity selector, this goes beyond just the selection of a credential and possibly an identity provider. Infrastructure configuration may well involve more than one intermediary and controls transformations performed by intermediaries.

User-enforced privacy

Users can now enforce data minimisation by using intermediaries capable of filtering and deriving pseudonymous identifiers. Similarly, they can avoid being profiled by applying the do not track pattern that distributes information over several intermediaries. Users simply have to select a privacy policy and all the rest is managed by an intelligent user component. This approach brings unprecedented awareness of the level of privacy offered by a given transaction and allows adapting to different perceptions of privacy and trust.

Bud P. Bruegger, Ph.D, is the Technical Coordinator and Chief Architect of FutureID. He looks back on a long experience in identity management, including active participation in the Italian e-ID pilot project and pioneering e-ID interoperability in the Porvoo Group. Dr. Heiko Roßnagel is coordinating the European Commission-funded project FutureID. His research interests are in the areas of security, privacy and identity management with a focus on technology development and adoption. Fraunhofer-Gesellschaft provides both, the overall and the technical coordination of FutureID. Fraunhofer-Gesellschaft is Europe's largest application-oriented research organisation. The authors are part of the Fraunhofer Institute for Industrial Engineering IAO where Dr. Roßnagel heads the identity management group. Fraunhofer IAO takes a holistic view well beyond just technology.

The views expressed in this blog are solely those of the authors and should not be attributed to the European Payments Council.

Related links:




Comments

If you would like to comment on this blog entry or propose a subject for discussion, please identify yourself with your first and last name. Please note that your name will appear next to your comment. Email addresses will not be published.

To receive notification when a new comment is added to this specific discussion, please subscribe to get updates by email (using the "Subscribe" link below) or RSS (using the "RSS Feed" at the top left of the page). (These links are not available on the mobile version of the EPC Website, to subscribe by email or RSS, please visit the standard version of the EPC Website).



Previous entries

04.05.16The view of Swedish instant payment players on the SCT Inst scheme

14.04.16Flexibility and transparency are key to the SCT Inst scheme

07.04.16Public consultations on the SCT and SDD rulebooks: the main change requests explained

24.03.16GLEIF proposes using the Legal Entity Identifier for passporting under Article 28 (5) of PSD2

07.03.16Strengthening the fight against terrorist financing: the Commission’s thoughts that will guide the forthcoming legislative proposal

07.01.16The SEPA Cards Standardisation Volume is now equipped to face up to the challenge of remote payments

03.12.15The EPC is in the front line for achieving the ERPB’s objectives that stemmed from its November meeting

27.11.15The EPC Publishes its Proposal for the Design of an Instant Credit Transfer Scheme: a Major Step in the Development of Pan-European Instant Payments in Euro

19.11.15The SEPA Cards Framework bows out after ten years of good and faithful service

20.10.15In January 2016, the EPC is Hosting a Workshop on Person-to-Person Mobile Payments: a Great Opportunity for Stakeholders to Contribute to Pan-European Interoperability

07.08.15Summer Reading: Results of Latest EPC Poll Reveal That Instant Payments are Most Likely to Trigger the Next Wave of Innovation

10.07.15Update on outcomes following the Euro Retail Payments Board’s third meeting: Instant Payments in Euro, Person-to-Person Mobile Payments, Technical Standards Related to Payment Cards and E-invoicing Payment Issues

18.06.15PSD2: Almost final – a state of play

01.06.15Friendly Reminder: Suggestions for Changes to SEPA Credit Transfer and SEPA Direct Debit Rulebooks Are Invited by 31 December 2015

08.05.15Fresh Perspectives and New Technologies Shaping Innovation in Payments: a Closer Look at the U.S., Australia and Europe

17.04.15EPC Calls for Candidates Seeking Appointment to the EPC Scheme End-User Forum or the EPC Scheme Technical Forum. Applications are Invited by 8 May 2015

10.03.15EPC and Cards Stakeholders Group Release Version 7.05 of the SEPA Cards Standardisation Volume for Public Consultation – All Interested Parties are Invited to Provide Feedback by 5 June 2015

26.02.15SEPA Compliance in the Euro Area: Get Ready for February 2016. Act Now

10.02.15European Payments Council 2.0: the EPC Has Adapted its Structure to Further Enhance Governance and Stakeholder Involvement

26.01.15EPC Publishes the SEPA Direct Debit (SDD) Core Rulebook Version 9.0 and SDD Business to Business Rulebook Version 7.0 to Take Effect in November 2016