4. Analysis of PKI features

PKI features depend on the environment in which the PKI is used. The situation that one RP directly communicates with one certification authority, especially if this certification authority is controlled by the RP, is very different from the situation in which many hundreds of certification authorities are used by thousands of RPs in a multi-language, multi-cultural and multi-juridical environment. Cross-border and cross-sector environment is

a specific case of the second situation.

4.1 PKI in peer-to-peer environment

The peer-to-peer environment is the most frequent environment where PKI is used in real life. Typically, specific electronic service providers create their own certification authorities and issue their own certificates. That means we can find one RP, one certification authority and one set of users in a very simple relationship. The consequences are: (1) One set of personal information is needed by the RP, only one set is used; (2) The certification authority uses one verification procedure. This procedure is compatible with the needs of

the RP; (3) The user can understand the need for information collection and verification done by the certification authority for the specific RP. The relationship between the service offered by the RP and the certification procedure is understandable for the user;

(4) The user can understand and accept the need to collect and verify personal information before authentication is used; (5) Access right management (authorization) can be based directly on the personal information in the certificate; (6) Change management of the personal information in the certificate made by certificate revocation should

be acceptable both for the RP and the user. We know from the real world that this simple scenario is in use and can be successful.

4.2 PKI in cross-border and cross-sector environment

Cross-border and cross-sector e-government environment is very complex. It includes many RPs with very different needs and access right management based on different pieces of personal information. Tens of thousands of RPs exist in pan-European e-government environment. The spectrum of personal information needed for access right management in different sectors of government is very wide: from a tax system, social security, health system, education, culture, agriculture, industry and trade, environment, transport and security to military systems.

The topology and law systems related to certificate authorities vary considerably from country to country. We can find one central certification authority managed directly by the national government, as well as a variety of non-government private certification authorities or even hundreds of local certification authorities managed by local governments.

For PKI, this complex environment raises a number of additional issues. If we just take into account the sharing of certification authorities by many RPs, we can find the following consequences: (1) Every RP needs its own piece of personal information (the specific “partial identity”) in the certificate

Anonymous electronic identity in cross-border and cross-sector environment

(specific semantic and format); (2) The verification procedure done by the certification authority must meet the needs of every RP; (3) All pieces of information for every RP (all “partial identities”) have to be included in the certification

before the first authentication is made; (4) All pieces of personal information needed by all RPs (all “partial identities”) are stored at one place, published together and available for everybody; (5) Any change of information causes revocation of the certificate and disables use of authentication for all RPs. If we take into account the international environment in which the topology of certification authorities is not

a tree (a simple hierarchy) and other international issues, we can find the following additional consequences: (1) Multiple trust management of the RP with hundreds of certification authorities—citizens from different locations use different certification authorities; (2) Many different semantics and formats (interoperability) used by hundreds of certification authorities—the semantics and formats of the same piece of information are different; (3) Additional language and cultural differences in the EU; (4) Legislative framework variety in different EU countries; (5) Additional jurisdiction issues—multiple sectors in one country, the sector differences in different

countries, different government structure in different countries; (6) Publishing of integrated personal information of a huge number of citizens.

4.3 Trends

If we analyze trends, we can find that with the increasing number of RPs using the same certification authority: (1) The complexity of the certification process is growing; (2) The amount of personal information stored in the certificate is increasing and the level of privacy

decreasing; (3) The interval between certificate revocations caused by changes of verified personal information is shortening; (4) The risk of semantic and format incompatibility is growing; (5) Chances that the user will accept complex verification of many pieces of personal information are

decreasing; (6) The possibility that the certification process will be incompatible with the privacy protection law is increasing.

If we take into account the increasing number of certification authorities and countries, we can see that: (1) The quality of the verified information is decreasing (due to the worst certification policy, the worst

certification authority); (2) The risk related to the incompatibility of the cultural environment and law system is growing; (3) The complexity of language translation is growing; (4) The risk of identity theft and abuse of personal data from the certificates is growing. Thus we can ask: Can it work? Is this the right way? Is the repeatedly published personal information really

needed for authentication?

Anonymous electronic identity in cross-border and cross-sector environment