We had a meeting with our project supervisor Dr. Chandana Gamage today from 1.15pm to 3.45pm.
Main Points
- Privacy –
The privacy of the holder will be the key feature in our eID when comparing to other similar implementations. Thus we must ensure privacy protection is there in the very system level. - Unlinkability –
This is another feature which should be provided and would be another important aspect. [Example use case: at police check points they need not to keep recording every checked users details, but they can cross check the card ID or serial number with existing suspects list and provide a way to indicate whether to check that person further or not.] - Back tracking with proper legal concern –
On the other hand when unlinkability conflicts with the need for back tracking which might be a need for authorities to track back a person in past. But this track back logs should not be used by any person but it should be done with proper legal permission and with the concern of the user.
One solution Dr. Gamage suggested is like this. Encrypt every log save with Sign-Private-(secret—).
Dr. Chandana Gamage suggested that we should study about this issues and come up with possible solutions by next week. He also mentioned that it is better to have a very clear idea about what we are planing to do and then move into developing.
We will also need to make a prototype really ver soon, for the next evaluation.
Rough Architecture Design
We also discussed about a basic overall architecture and few possible use cases of the system.
Used to authenticate the holder to
- A person
- Online
- Offline
- A computer/application system
- Online
- Access a service from RP
- Relying Party (RP)
- Authentication request to eID-WS
- eID Web Service (eID-WS)
- Access user eID card connected to user PC
- Validate user
- Reply from eID-WS to RP (Yes/No) + Any further detail requested again with the concern of the eID holder
- Normal operation continues
Development Components
We have divided the project development into the following distinct components, but many of them have interdependency.
- eID Card
- Offline Application/API/Library
- Web Services
- Request handling – from relying party
- Request procesing
-
- Accessing eID card – with holder
- Using back end system and DB
- Reply request – to relying party
- Back end infrastrcture
- Key server
- Database
- Issuing authority application systems