19 October 2002. Thanks to M.

Date: Wed, 16 Oct 2002 21:19:35 +0100
From: Peter Tomlinson <pwt@iosis.co.uk>
To: ukcrypto@chiark.greenend.org.uk
Subject: IAS (Identification, etc) and e-Europe GIF

The e-Europe Smart Cards project has generated a 4 part document called the Global Interoperability Framework for Identification, Authentication and Digital Signature. Effectively, this is a high level specification for public sector issued smart cards with your personal digital certificate on it. Did I say ID card? No, I didn't.

I'm studying this as part of a document review job, and in part 3 section 4.1.2 (on p.15) have found:

"Identification is a public function: Any off card entity is entitled without restriction to call onto the identification function and obtain the identification data from the smart card."

It seems to me that, if I as a UK citizen (sic) am carrying this card, nobody except me is 'entitled' to obtain the identification data from card. I might grant permission for it to be read out... I might go to the Tower under some circumstances if I didn't reveal my identity... I wonder in how many European countries my identity is in fact a public piece of information? (Maybe the good side of being a subject of the Crown is that I can be anonymous when I want to be.)

To find these documents, go to


and, in the 'Latest News' column you will find a link to 'Work in Process'. This link brings you a Word doc with links to GIF parts 1 to 3 (not an ideal way to find them, I know). The Word doc also links you to an ftp site


where the documents are hopefully easy to download (but for Part 2 make sure you get V1.05).


Cryptome mirrors:

GIF_Part 1_V201.doc (1708 KB)

GIF_Part_2_V104.doc (487 KB)

GIF_Part_2_V1_05.doc (494 KB)

GIF_Part_3_V0096.doc (276 KB)