18 October 2017
Bishwajit Choudhary


Bishwajit Choudhary - Nets

5Posts 16,547Views 6Comments
Finextra community

Business Knowledge for IT

This community aims to provide links, resources, book suggestions, tips and insights to facilitate learning and development of IT professionals in financial services, and to develop a forum for IT professionals to exchange views on various related items.

I trust your passport, BUT ...

10 May 2012  |  3255 views  |  0

I recall a passionate debate in 2011 with some colleagues on if internationally trusted national passports (sometime in future) will be ever trusted by businesses to allow people access to their premises? Is such a scenario ever possible (as we move to digital passports and additional information on the chip)? More fundamentally, what does this internationally trusted passport lack that even a small office would rather issue a visitor or employee ID card for access to their premises, even as they trust your passport as first level of identity check.

Note that here I consider national-IDs and national-ID cards in same “league” as passports for simplicity.

Trust in digital identities is a complex issue and much more than identity-alone issue. Of far greater value than an individual’s identity is “information around identity” for example individual’s rights, roles, attributes, context information for e.g., where the ID was issued, by whom, validity period, certified living references etc. So if we issued an identity credential with all key additional information, would that become trustworthy or will the businesses still find new valid grounds to not allow such “extended passports or IDs” as replacement for employee ID cards?

The answer seems to be a straight – NO. Businesses will still not allow you to get through their premises, even with "extended" IDs/ passports with additional information.


That brings us to the other part of trusted credentials – “control”. When it comes to security of an organization (=security of critical information assets), most CISOs do not hesitate long to say how much emphasis they put on “control” (some call it more softly as “flexibility”). This is because each major business is unique in its definition of “security thresholds and practices” and implementation processes that follow. Risk management and tolerance differ greatly across many organizations and as a consequence organizations end up working at rather different trust levels. Internal business environment where employees work “is a world of its own” (in the context of trust levels). Standard ISO certifications help organizations get a “feel” for each other, but that does not remove the differences in security practices.

The difference is not on “what” or even why, but how.

So does it mean we will never get a truly universal ID, allowing seamless travel in electronic and physical spaces?

NO, sir.

Trust and security issues are organizations’ and governments’ responses to their needs on security, interoperability and future preparedness to harness new opportunities. Recall that governments actually do make decisions for and on behalf of citizens, as do organizations for their employees. As long as these two key stakeholders do not reconcile their security policies and practices, a universally acceptable and usable ID seems to be to me) a distant dream.

Does it cause us to worry? Actually not - as diversity of security solutions also allows for continuous improvement in technologies, capabilities and all this keeps electronic security space an exciting area!

TagsSecurityRisk & regulation

Comments: (0)

Comment on this story (membership required)

Latest posts from Bishwajit

Digital disrupters - How do they think and act

15 April 2015  |  2128 views  |  0 comments | recomends Recommends 0 TagsRetail bankingInnovation

Great user experience is key to trust, but not enough

10 April 2015  |  3177 views  |  1 comments | recomends Recommends 0 TagsRetail bankingInnovation

I trust your passport, BUT ...

10 May 2012  |  3255 views  |  0 comments | recomends Recommends 0 TagsSecurityRisk & regulationGroupBusiness Knowledge for IT

eSecurity Infrastructures: Reflections and Lessons

09 November 2011  |  4701 views  |  0 comments | recomends Recommends 0 TagsSecurityRetail bankingGroupInformation Security

Market Trust and Innovation

07 November 2011  |  3287 views  |  0 comments | recomends Recommends 0 GroupInnovation in Financial Services

Bishwajit's profile

job title Corporate Strategy
location Oslo
member since 2011
Summary profile See full profile »
Responsbile for tracking key market forces (technologies, convergence, regulation, new consumenrs,digital disruptions) in financial services and translating these insights into concrete investments an...

Bishwajit's expertise

Member since 2011
5 posts6 comments
What Bishwajit reads
Bishwajit's blog archive
2015 (2)2012 (1)2011 (2)

Who's commenting on Bishwajit's posts