Hi Devdas,
Thx for nice questions. Read on...
On 9/11/06, Devdas Bhagat devdas@dvb.homelinux.org wrote:
On 28/08/06 19:03 +0000, Dinesh Shah wrote:
<snip> > At the same time, due to the lack of unique, verifiable an positive > identity citizens have to cope with acquiring and managing and > establishing his or her identity which leads to waste of valuable
What are the failure modes of establishing such a public identifier?
1. Non-issue of ID. 2. Duplicate/Multiple IDs. 3. Wrong ID.
What damage can result in case of failure (for one or more persons)?
1. Denial of certain rights. 2. Denial of certain public/private resources. 3. Legal/Panel actions against responsible person(s).
What happens when the identifier is compromised or corrupted?
1. Re-issue in case of lose/corruption.
2. Legal/panel action(s) through audit trail - compromised in cases of forgery etc.
Will the identifier also be used as an authenticator? Or as a factor in authentication?
Yes. But the authentication will be separate process depending on the requirements of the security levels. So identifier will be one of the factors in the authentication process.
Will making this information public reveal any private information?
We have to decide beforehand what should be consider public and private information.
For me Public/Safe info is
Date of Birth Place of Birth Given Name Names of Mother/Father Current and Past Employers Educational records - degrees and certifications Criminal Records
Private info is
Bank balance ;-) Ownership of movable/immovable properties Creditworthiness ;-) Income and expenditure records Medical records
If you have different opinion on the above please let me know.
What happens when the data store containing such information is compromised?
I am thinking of distributed records keeping. All public info will be maintain by a an authority (shall we name it Citizen Information Authority - CIA :-D).
The private info will be maintain by respective authorities like your bank account info will be maintained by your bank and they will be responsible for protecting your records.
At the same time those records can be requested by other authorities like Judiciary, Police, Income Tax etc through the CIA after providing appropriate and sufficient reason(s).
What factors would affect maintaining the integrity of such information?
If we go the centralised way, then there is higher probability of compromise and misuse of the information.
Managing such large central database will pose a big management and maintenance and security challenge.
Devdas Bhagat
I am not a number.
You will be if the CIS succeeds. ;-)
Thanks for asking smart questions. Clarifies many things. :-) With regards,