Stephen Mason and Nicholas Bohm have an interesting article, "Identity and its verification", published in Computer Law & Security Review, Volume 26, Number 1, January 2010, 43 – 51. (Professor Stephen Mason has written a book on electronic signatures and runs a journal on similar topics. Nicholas Bohm is a security expert.)
It's available on Science Direct [PDF] and also on Stephen Mason's website [PDF].
Abstract:
The European Commission’s eJustice Strategy seems to contemplate that all lawyers will be issued with an ‘identity card’ card, perhaps intended to include a key for making digital signatures. The Council of Bars and Law Societies of Europe (CCBE) is proposing to introduce such a card. The purpose of this article is to clarify what ‘identity’ is and what is involved in verifying it, and to offer some general observations about identity cards. Although written with the eJustice proposals in mind, nevertheless the purpose of this article is to address the topic in its widest sense, which means it affects identity and its verification, whatever the circumstances.
Soundbite:
Those faced with the problem of how to verify a person’s identity would be well advised to ask themselves the question, ‘Identity with what?’ An enquirer equipped with the answer to this question is in a position to tackle, on a rational basis, the task of deciding what evidence will be useful for the purpose. Without the answer to the question, the verification of identity becomes a sadly familiar exercise in blind compliance with arbitrary rules.
Ontario has issued digital signatures to its lawyers who practise real estate law for many years. Have there been any issues with identification? The ‘identity’ in Ontario is between person asserting status as a lawyer and the Law Society’s list of lawyers in good standing.
What authentication is done in order to get a digital certificate from Teranet in Ontario?
What about other law societies that do something similar: what security, what authentication, what ‘identity’?
Certainly in Ontario the dig sigs (digital signatures) are used only with the certification authority (Teranet) being the relying party (the land register). Lawyers can’t use the digital credential in corresponding with other lawyers or with their clients.
Is that a proper limit to ensure the system is secure, or at least less vulnerable than a more open use? (Or is it designed to avoid liability of the certification authority who issues the credential?)
Lawyers and Notaries in B.C. have been using digital credentials from the Law Society of B.C.'s "Juricert" system for some time now. In most cases this means an PKI certificate that is used to sign PDF Land Title documents. The certificate can also be used to sign any PDF file. Embedded in the certificate is a link that anyone can use to validate the certificate.
The European proposal sounds very much like the model discused by the Federation of Law Societies in Canada about 10 years ago. At that time a "federated" identity scheme was proposed that was neutral as to the technology used by applications. If anyone would like a copy of a brief explanatory paper from that time, just email me.
Ron (rusher@bellalliance.ca)