Working Paper No.4 (April 2016)
National Identity Schemes are highly complex socio-technical systems in which many competing requirements from diverse stakeholders must be balanced. From a technical systems perspective, we review the objectives of such schemes, along with the resulting requirements, particularly the strong need to ensure appropriate levels of privacy and security. These objectives and requirements are addressed within the context of the broad range of threats against the system. Considering available technologies and ideas, we explore the design choices that must therefore be made in designing such a scheme and illustrate these choices by discussing a number of existing identity schemes. The Estonian scheme is considered in a greater level of detail, evaluating it against the requirements and design choices of other nations as well as drawing on empirical data where possible to explore whether the issues of theoretical or hypothetical importance emerge as realistic concerns in a large deployed system.
Professor Andrew Martin is Professor of Systems Security (Department of Computer Science), Professor Ivan Martinovic is Associate Professor of Computer Science (Department of Computer Science)