Description |
At first sight, privacy and strong identity seem inherently at odds. Indeed, if users are strongly identified during a transaction, then privacy is non-existent. Nevertheless, there exist mechanisms that can reconcile privacy and strong identity, either by trusting an online identity provider (IDP), or by using cryptographic mechanisms such as anonymous credentials.
The former approach, made popular by technologies such as SAML, OpenID Connect, and Facebook Connect, has the disadvantage that the IDP forms a single point of failure in terms of privacy and security, because it can impersonate and track its users online. The latter approach has the disadvantage that users have to rely on trusted hardware such as smartcards to protect credentials from compromise and from illegitimate sharing.
OLYMPUS will take a radically new approach offering the seamless user experience of online IDPs, but without their drawbacks. Namely, OLYMPUS will pioneer the concept of distributed oblivious identity management, where the role of the IDP is split over multiple authorities, so that no single authority can track or impersonate their users. By exploiting advanced techniques based on threshold cryptography, the OLYMPUS framework will let users maintain unlinkable identities with different service providers while using standard devices and a single password or biometric.
By leveraging existing eID solutions to create a strong link to physical identities, and by integrating into existing frameworks to ease adoption by service providers, OLYMPUS will establish a secure and interoperable European identity management framework. Its practical feasibility and relevance will be demonstrated in two pilots. The first combines the framework with soft identity proofs to build a mobile driver license application that can be used for offline purchases of restricted goods. The second use case will leverage pseudonymous identification in the financial world to simplify online credit application.
|