Visual eID

IETF agrees to develop Visual eID standard

The PKIX group of the Internet Engineering Task Force has decided to adopt the work item to develop a standard for visual representation of e-identification certificates.

The PKIX group accepted the draft proposed by the
Visual eID project as starting point for the standards work.
The current PKIX draft can be found
here.

Support the Visual eID work in PKIX

The current status of the Visual eID standardisation process is for IETF to accept this work as part of its agenda.

The Visual eID standard has been proposed to be added to the PKIX WG agenda and its acceptance is currently up for open discussion.
The draft standard under discussion is found at:

You can influence the decision in the IETF/PKIX and take part in the development discussion by posting your view at the PKIX mailing list. This list is open for anyone who wishes to attend.

To subscribe to the PKIX mailing list send an e-mail to:
In the body of the e-mail enter “subscribe”

To support this work being adopted as a PKIX work item, send a mail to the PKIX mailing list:

The following message can be used:
“I support adoption of draft-santesson-pkix-certimage-00 as PKIX work item”

Click here to generate a ready composed e-mail.

FIrst visual eID draft posted

The first IETF draft is posted:

The first draft is a result from an initial design process within the editorial team as well as discussions with partners and members of the CA Browser Forum.
This draft will initiate discussion in the PKIX WG whether to accept this as an adopted work item.

Scalable Image Formats

In the discussions concerning a visual image of an identity certificate, the image format of choice is a hot topic.

The issuer of the certificate knows what the image should look like but don’t know the type, size and resolution of the screen where it will be displayed. Therefore, what we need is a scalable image format that can render text and graphical elements.

Choosing one image format has however turned out to be a bit problematic.

Visual eID Problem Statement posted

Based on input and discussions around the Visual eID project, I have written a problem statement which will be a living document for the project.
This document attempts to capture on a few pages, the basic problems and scenarios as well as the main reasons why this work is needed.

This living document is available

Comments and inputs are highly appreciated.

Visual eID submitted to ISSE 2009

The visual eID standards effort has been submitted to the Information Security Solutions Europe conference in Hague, October 2009.
The submitted abstract below provide some basic rationales and orientation:

Since the EU directive on electronic signatures was published in 1999, national certification authorities have issued millions of certificates and qualified certificate. But have you actually seen one?

It is a paradox, considering that development of standards for electronic identification using Public Key Cryptography has been going on for a bit over 20 years by now, that we still have no generic solution or standard for how to display a certificate based identity to a human being.


Strong editorial team for visual eID standard

During IETF last week in San Francisco we managed to form a really strong editorial team for the new visual eID standard.

This standard will make it possible to bind a visual representation of a certificate to its signature. More information about this project is available on my
Visual eID information page.

The editorial team:

Stefan Santesson, 3xA Security is lead editor as initiator and driver of this standards effort.

Russ Housley, Vigil Security. Russ is chairman of the Internet Engineering Task Force and was also co-editor of the original standard RFC 3709 on which this standards effort is based.

Siddharth Bajaj, VeriSign. VeriSign as the world leading provider of public certificates for web servers has been actively promoting a better UI experience for certificate based identification and authorisation. Siddharth has been actively involved with these efforts for almost a decade.

Leonard Rosenthol, Adobe. This standards effort was made possible much thanks to the standardisation of PDF in 2008. Leonard is the standards architect behind the development of an ETSI standard for PDF based Advanced Electronic Signatures (PAdES).

The work to write this standard will start immediately and a first draft will be published soon, no later than end of April.

Visual eID project presented at PKIX, March 23

On Monday March 23, I will present the standards mission of the Visual eID project at the PKIX meeting at the IETF 74 in San Francisco.

The presentation is available here

I’m currently looking for partners and sponsors for this project and for this purpose I have created a project information page at

EU Commission action plan on Electronic Signatures and Electronic Identities

The EU commission has released an action plan for harmonisation of electronic signatures and electronic identification among European member states.
You can download the action plan here
COM (2008) 798final
A presentation on the action plan held at ETSI ESI in Barcelona, March 17 2009 is
here

Visual Electronic Identities

How can we provide applications with standard User Interface tools to display a meaningful representation of an electronic identity (eID)