InnoValor started!



A few days before christmas Wil Janssen, myself and BiZZdesign founded a new company: InnoValor. And today is our first working day! InnoValor stands for Value through Innovation. We provide research-based advice related to ICT. Our focus is on Identity, privacy & trust, Business Models, Agility and Innovation Management.

At the start a total of eight experienced advisors work at InnoValor, with Wil and myself as managing partners. All eight are former Novay employees, and most have a PhD. We are an independent part of BiZZdesign, which is a succesful spin-off of Novay (then still called Telematica Instituut).

For more information: see, follow us on twitter (@InnoValorNL) or read our blogs via RSS.

Innovalor motto voor LinkedIn



Mobile digital ID from Barcelona (idBCN) wins award


Barcelona City Council together with Firmaprofesional and TechIDEAS won the Novay Digital Identity Award 2013 with idBCN: a mobile digital identity solution for Barcelona. Mercedes Mestre Antolí (security official of the Barcelona City Council in charge of Digital Identity matters) and Xavier Tarres (CEO of Firmaprofesional) presented their submission at the  IDentit.Next (un)conference earlier this week and accepted the award. The award was a mask made by Dutch artist Frans Krom.

See below the pressrelease from Novay and IDentity.Next for details.



idBCN wins Novay Digital Identity Award

November 19, The Hague, The Catalan identity solution idBCN wins the 2013 Novay Digital Identity Award. The price for the best new concept or product was awarded today during the Identity.Next’13 conference in The Hague. idBCN is a mobile identity solution that allows citizens of the city of Barcelona to identify themselves in a user friendly and secure way to regional government and commercial service providers.

Read the rest of this entry »

Which level of assurance is needed for LSP and other patient portals?



More and more health providers offer patient portals. These portals can contribute more efficient and effective health care. In addition, because since they provide easy access to personal health records and personalized health information, they can contribute to more patient empowerment. But there is also a risk: the wrong person (i.e., an identity thief) may get access to this very personal information.

Novay participated in a working group that developed a guide for health providers to help them determine how secure the authentication solution for patient portals should be, i.e., which levels of assurance is needed. My colleague Mettina Veenstra and myself tried out this new guide on the Dutch national infrastructure for the exchange of personal health records. This infrastructure is in Dutch called Landelijk Schakelpunt (LSP), which I have no idea how to translated in English (it resembles what the EU epSOS project calls a National Contact Point). The LSP recently added the possibility for patients to see which health professionals used the LSP to access their health records. It does not provide access for patients to the actual health records. Nevertheless, if an identity thief can see that e.g. an oncologist accessed your medication record as stored by your local pharmacy, then it implies something you may not want to share. The blog post discusses this, including the relationship to the national identity solution in the Netherlands (DigiD which is STORK 2, and lack of STORK 3 solution in the Netherlands).

The full blog post is only in Dutch, see here and copied below for convenience. For non-Dutch speakers, this is what Google translate makes of it.

Read the rest of this entry »

Exploring innovations in trust mechanisms



Novay did a study for SURFnet on innovations in service provider authenticity and behaviour. This study was done by my colleague Martijn Oostdijk and myself, in collaboration with Roland van Rijswijk-Deij from SURFnet (and Radboud University). We basically explored what innovations there are to better assess trustworthiness of service providers. This can be trust in the server authenticity (is the service provider who he appears to be?) and the behaviour (will the service provider behave as expected?). Trustworthiness of users was out of scope for this study. The goal of the study was to assess the feasibility of deploying these innovative trust mechanisms and their potential impact for SURFnet and its community. We followed a wisdom-of-the-crowd like approach, involving experts from SURFnet, Novay and SIDN in determining what mechanisms are most relevant and most promising.

Read the rest of this entry »

An NFC app to make your offline identity mobile?


Blogpost by Maarten Wegdam and Martijn Oostdijk

We believe that there is a bright future for the combination of smartphone and digital identity, which we refer to as mobile-centric identity. The question is, of course, how and when, and probably also who (which organisations) will benefit from this.  To contribute to making mobile-centric identity happen, we are experimenting with how we can use a smartphone to get access to our ‘offline identity’, i.e., our passport / ID card. More specifically, we developed an Android app, called NFC Passport reader, that uses NFC to read the chip embedded in a passport / ID Card (aka ePassport). This app is now available from Google Play.

What did we do?

Read the rest of this entry »

The challenges for a Dutch eID



My colleague Wolfgang Ebbers is a blogger for iBestuur. iBestuur is an independent platform for i-government (the i stands for information). In his latest blogpost he discusses a recent letter from the minister of Internal Affairs on the minister’s vision on digitale government 2017. Wolfgang zooms in on the role of an eID solution in this vision, and interviews me on what I consider are important challenges for the Dutch eID framework that the Dutch government is working on. I basically try to make five points.  I start with that (i) it is good that there is now an eID framework vision that is broadly supported by different parts of the Dutch government, and that it also extends to consumer-2-business. Then I make the point that the unclarity/uncertainty on how this vision will be implemented causes initiatives for eID solutions to wait. Then I discuss some major challenges:  (iii)  the business model (who is paying, private sector vs government vs consumer, market entry), (iv) the privacy aspects, including the trade-off between privacy, costs, security and convenience and (v) redundancy in the framework (e.g., authentication means) including that it is difficult to create the desired level-playing field between government and private sector.

The complete blogpost can be found here (in Dutch). For your convenience, I also copied the text below:

Read the rest of this entry »

Verify the identity of an online gambler



Below a blog post in Dutch that gives my perspective on a proposal for new legislation in the Netherlands on online gamling. Specifically, I discuss how players have to be identified, and how (in)secure this is. Bottom-line is that the proposal does not allow anonymous gambling, and that websites offering online gambling have to verify the identity of gamblers by asking for copy of a passport (or equivalent) combined with a bank account that is than remains linked to that specific player. This is certainly not an ideal solution, but I guess a pragmatic one in absence of an existing, re-usable consumer-2-business eID solution in the Netherlands.

Hoe zeker weten wie er online gokt?

Recent is een wetvoorstel in consultatie gegaan voor een vergunningenstelsel voor online kansspelen. Een belangrijk doel van dit wetvoorstel is consumenten te beschermen tegen zichzelf, oftewel, gokverslaving tegen te gaan. Onderdeel hiervan is dat er een centraal register komt waar op basis van BSN spelers met verslavingsproblemen worden geregistreerd. Dit register zal zowel door online als ‘offline’ vergunningshouders gebruikt worden (bv Holland Casino). Ook worden kwetsbare groepen mensen uitgesloten (minderjarigen).

Read the rest of this entry »