The mission of the Visual eID project is to support development and deployment of standards that support visual representation of certificate based electronic identities (eID)

The Public Key Infrastructure (PKI) based on the X.509 certificate standard has been developed for the past 20 years. Still we have not yet managed to develop the standards to the point where an application can display the certificate to a human person in any meaningful way. Despite the fact that it is of great importance for human users to know what entity that has been authenticated through a certificate, applications provides very primitive UI tools for revealing the certified identity.

The main reason for this problem is that certificates does not contain enough information to allow meaningful display of information.

In the recent past, standards has been created to fill this void, such as RFC 3739 and RFC 3709, but for several reasons they are not sufficient.

Proposed solution

This project propose a generic solution by binding a certificate image file to a certificate signature, allowing this image to represent a complete visual representation of the certificate. The image file is referenced through a URI and a hash in the certificate, allowing the image file to be downloaded and authenticated by the certificate signature.

A number of image format can be used to provide a certificate image. Primary candidate images are PDF/A, SVG for scalable images and PNG for raster graphic images.

Published as RFC 6170

The standardization effort is now concluded and resulted in the publication of the IETF standard RFC 6170