[WG-Consumer-Identity] Kantara Consumer Identity WG Update
1 view
Skip to first unread message
Bob Pinheiro
Feb 7, 2011, 11:00:51 AM2/7/11
to wg-consume...@kantarainitiative.org
It's been several months since I last communicated with you as
participants in the Kantara Consumer Identity WG. In my last email,
I announced that an Interim
Report has been produced. If you haven't already, I would
urge you to take a look at this Report, since it describes what CIWG
is trying to do, as well as some of the important issues involved.
I recently updated the CIWG website to include some proposed requirements for an identity infrastructure / ecosystem that could make it better able to support high assurance consumer claims, as well as a brief outline of technologies that could support these requirements. I also provided two diagrams that illustrate how U-Prove technology might be used to support two potentially useful functions of an identity ecosystem:
The first is that trying to specify or define capabilities of an identity ecosystem to support high assurance consumer claims, without involvement and guidance from relying parties that will make use of such claims, may not yield the most useful results. These relying parties are the ultimate "consumers" of online digital identities, and are the entities most likely to work with consumers (their customers) to introduce them to stronger forms of digital identity. I don't believe there will be much of a push from consumers themselves for stronger digital credentials. It will be up to relying parties to make the case for the identity ecosystem, and to work with consumers to educate them and foster their adoption of stronger digital credentials. Currently (at least in the US), the push for the creation of an identity ecosystem is coming from the federal government, in the form of the Open Identity Solutions for Open Government initiative, as well as the National Strategy for Trusted Identities in Cyberspace (NSTIC). I believe that what's needed now is greater involvement and support from relying party organizations such as banks and other financial institutions, credit card and other payment services, healthcare organizations that will create and maintain online patient records, and other providers of high value services that could benefit from reduced rates of identity-related fraud or errors.
For those of you not in the US, I apologize if the focus of this WG has been very US-centric. Besides the fact that I myself am in the US, another reason is that it appears that the US lags behind Europe and Asia in terms of deploying high assurance digital identity technologies that could be used by consumers. However, I would welcome any comments you might have about this assertion, or other suggestions you have to make the WG more relevant to an international community.
The second impediment is lack of resources to accomplish the goals of the WG. There is no funding being provided to this WG from Kantara to help acheive its goals, and I have not been successful (so far) in raising any other outside funding. WG teleconference calls in the past have been very lightly attended ( 2 or 3 participants). Some of the other Kantara WGs have received funds to support their work, either from Kantara itself or from outside sources, so that they don't have to rely completely on volunteers to accomplish their goals. The ability of this WG to obtain such funding remains one of my goals as Chair.
Despite the lack of activity, there are a few things on the horizon (again in the US) that may spur greater interest in high assurance consumer identity. One of these is the aforementioned National Strategy for Trusted Identities in Cyberspace, which is expected to be issued in its final form shortly. This is supposed to be a public-private "partnership", and will hopefully provide some resources to the private sector to move forward with pilot projects and other work to achieve the vision of an identity ecosystem / infrastructure that will be accepted and used by relying parties as well as consumers. A second activity is the expected release of a new authentication "guidance" from the Federal Financial Institutions Examination Council (FFIEC). The previous guidance (in 2005) directed US banks to implement stronger forms of authentication for online banking. Due to increased levels of fraud in connection with online banking (especially for small businesses), a new guidance is expected shortly. This may also help set the stage for defining the capabilities of an identity ecosystem to support these needs. A third activity is that some states have formed a State Digital Identity Working Group to investigate the possibility of issuing digital IDs to their citizens (consumers) for various purposes.
A few new participants have joined the WG recently. In the past, teleconference calls were scheduled for Tuesdays at 12 Noon ET / 1600 UTC. Before attempting to schedule any future calls, I'd like to get some feedback from the WG on this email, including any comments or suggestions for moving forward, and for defining an agenda (and time) for future calls. Please direct your responses to the list, or to me directly.
Thanks
Bob
---------------------------
I recently updated the CIWG website to include some proposed requirements for an identity infrastructure / ecosystem that could make it better able to support high assurance consumer claims, as well as a brief outline of technologies that could support these requirements. I also provided two diagrams that illustrate how U-Prove technology might be used to support two potentially useful functions of an identity ecosystem:
- the ability to prevent identity providers and others from
tracking and correlating usage of a consumer’s high assurance
identity-related claims (for privacy purposes); and
- the ability to transmit claims to a relying party without needing an identity provider to be online (to prevent the identity provider from becoming a single point of failure that could prevent the service provider's / relying party's customers from being able to access their online resources).
The first is that trying to specify or define capabilities of an identity ecosystem to support high assurance consumer claims, without involvement and guidance from relying parties that will make use of such claims, may not yield the most useful results. These relying parties are the ultimate "consumers" of online digital identities, and are the entities most likely to work with consumers (their customers) to introduce them to stronger forms of digital identity. I don't believe there will be much of a push from consumers themselves for stronger digital credentials. It will be up to relying parties to make the case for the identity ecosystem, and to work with consumers to educate them and foster their adoption of stronger digital credentials. Currently (at least in the US), the push for the creation of an identity ecosystem is coming from the federal government, in the form of the Open Identity Solutions for Open Government initiative, as well as the National Strategy for Trusted Identities in Cyberspace (NSTIC). I believe that what's needed now is greater involvement and support from relying party organizations such as banks and other financial institutions, credit card and other payment services, healthcare organizations that will create and maintain online patient records, and other providers of high value services that could benefit from reduced rates of identity-related fraud or errors.
For those of you not in the US, I apologize if the focus of this WG has been very US-centric. Besides the fact that I myself am in the US, another reason is that it appears that the US lags behind Europe and Asia in terms of deploying high assurance digital identity technologies that could be used by consumers. However, I would welcome any comments you might have about this assertion, or other suggestions you have to make the WG more relevant to an international community.
The second impediment is lack of resources to accomplish the goals of the WG. There is no funding being provided to this WG from Kantara to help acheive its goals, and I have not been successful (so far) in raising any other outside funding. WG teleconference calls in the past have been very lightly attended ( 2 or 3 participants). Some of the other Kantara WGs have received funds to support their work, either from Kantara itself or from outside sources, so that they don't have to rely completely on volunteers to accomplish their goals. The ability of this WG to obtain such funding remains one of my goals as Chair.
Despite the lack of activity, there are a few things on the horizon (again in the US) that may spur greater interest in high assurance consumer identity. One of these is the aforementioned National Strategy for Trusted Identities in Cyberspace, which is expected to be issued in its final form shortly. This is supposed to be a public-private "partnership", and will hopefully provide some resources to the private sector to move forward with pilot projects and other work to achieve the vision of an identity ecosystem / infrastructure that will be accepted and used by relying parties as well as consumers. A second activity is the expected release of a new authentication "guidance" from the Federal Financial Institutions Examination Council (FFIEC). The previous guidance (in 2005) directed US banks to implement stronger forms of authentication for online banking. Due to increased levels of fraud in connection with online banking (especially for small businesses), a new guidance is expected shortly. This may also help set the stage for defining the capabilities of an identity ecosystem to support these needs. A third activity is that some states have formed a State Digital Identity Working Group to investigate the possibility of issuing digital IDs to their citizens (consumers) for various purposes.
A few new participants have joined the WG recently. In the past, teleconference calls were scheduled for Tuesdays at 12 Noon ET / 1600 UTC. Before attempting to schedule any future calls, I'd like to get some feedback from the WG on this email, including any comments or suggestions for moving forward, and for defining an agenda (and time) for future calls. Please direct your responses to the list, or to me directly.
Thanks
Bob
---------------------------
Bob Pinheiro Chair, Consumer Identity WG 908-654-1939 consu...@bobpinheiro.com www.bobpinheiro.com
Reply all
Reply to author
Forward
0 new messages