Who will accept ID cards?
Adrian Midgley
amidgley at gmail.com
Thu Jul 30 18:54:10 BST 2009
Andrew T wrote:
> 2009/7/30 Roland Perry <lists at internetpolicyagency.com>:
>> At the other end, there are specialist ID cards eg required for buying/using
>> a railway season ticket, a card that allows admittance to where you work
>> (including NHS staff), or is shown by the man reading the gas meter (which
>> generally requires that you can tell they work for the gas company rather
>> than what their names is).
>
> We're back at the original problem with an "identification card". As
> it stands, all the card does is link a physical person to a name.
> Without access to the central database, we can't:
> *Find out what the person should and shouldn't do (an authorisation problem)
If it is a State function, it might be centralised. If it is my
surgery, then the staff door might be given a list of ID card numbers,
and told to admit those. For that matter, the patient door might be
given a longer list.
That list need not go beyond the doorframe, in principle. Indeed, it
might be generated by reference to one of my staff's cards. Like
vampires, once invited in they would be able to enter at will, until the
ward was reset against them.
> *Find out who they are associated with (comes back to authorisation)
> *Where they live (which is frequently termed identification by banks
> and utilities)
> *Strongly authenticate them (because it's just a card with a photo and
> some text on it to the average person)
>
> Andrew
>
>
>
The card could, if it had to, be designed to hold information and make
assertions, possibly through a small speaker.
Now there is a crypto topic, isn't it?
More information about the ukcrypto
mailing list