[WG-Consumer-Identity] FW: [ABA-IDM-TASK-FORCE] Notary Work Group Materials and May 26, 2010 Meeting Notice
Antoine Mason
Hey Bob,
I believe that IdM/credential infrastructure should have three phases:
Registration-Informing the Data Subject on Privacy Principles i.e. FIPPs and then collection of biographical info.
Enrollment: collection of attributes and/or biometric data and binding same to a credential- PKI, hard token etc
Delivery: issuance of the credential to the Data Subject.
A Notary could be used in any of the phases.
The above framework seems to rely on costly government issued IDs.
I strongly believe that an IdM infrastructure should be established on the basis of authentication and not identity which would necessitate proofing or proving a claimed identity. The poor and elderly who are the victims of ID Theft can’t easily afford fees to obtain government issued IDs.
Do you need a identity proofing ?:
At registration-maybe not since a new credential is to issued that will be loosely tied to the Data Subject alleged biographical data, but over time the credential will take on a digital ID and establish a robust data profile to be managed by a CA.
At Enrollment- again no, because one is collecting attributes such as male/female, over age 18 , Data Subjects belongs to trade bloc such as NAFTA or EEC etc. Once attributes are collected they are bound to the credential.
At Delivery- no, the Data Subject is presented before a Data Processor-Notary who verifies the credential activation via secure delivery. In fact e-Notary works well .
Possession of the token is evidence of authentication.
From: Federated Identity
Management Task Force Discussion [mailto:BL-...@MAIL.ABANET.ORG] On Behalf
Of Tim Reiniger
Sent: Thursday, May 20, 2010 4:53 PM
To: BL-...@MAIL.ABANET.ORG
Subject: [ABA-IDM-TASK-FORCE] Notary Work Group Materials and May 26,
2010 Meeting Notice
Hello Everyone:
As a reminder, the Notary Work Group will be meeting next Wednesday, May 26,
2010 from 4pm to 5pm EST.
The call-in details for the call will be as follows --
Call-in number: 800-503-2899
Passcode: 3275818
We will be discussing two written submissions (i.e. the Notary Public and
Trusted Enrollment Agent materials). Please carefully review the attached
materials prior to the call. Redline comments in advance are encouraged.
Reaction from industry relying parties on these in-person identity proofing
options is needed at this point. Please RSVP to trei...@gmail.com.
Our goal is to have written submissions ready for the Task Force chairs by the
end of May.
Regards,
Tim and Brett
Bob Pinheiro
I think you're raising an issue that has yet to be settled: should an identity infrastructure be based on a single trust framework in which the criteria for issuing high assurance credentials conforms to NIST 800-63 "Electronic Authentication Guideline", or can there be other trust frameworks with different criteria for things such as identity proofing? I think it's going in the direction of different trust frameworks for different "trust communities." That seems to be the path being taken by the Open Identity Exchange, and probably by Kantara as well. So for instance, financial services or healthcare might constitute different communities with different criteria for trust frameworks. It all boils down to what kind of information or "claim" a service provider / relying party needs to know about someone seeking a service, and what degree of assurance the SP/RP requires about the veracity of that claim.
But as for special groups such as the elderly and others, and how/whether they need to establish their identities in order to obtain high assurance credentials.....yes, the NIST approach for identity proofing is based on presentation of government-issued IDs, as you point out. But here's another possible approach, and one that perhaps might be adopted by different trust frameworks. The proofing process could start with a specification of attribute identifiers that the SP/RP needs to know with certain degrees of assurance. For instance, maybe the set of attributes is name, address, date of birth. The proofing process perhaps could be flexible enough to enable an identity provider to verify these attributes values for some person in more than one way, to accommodate persons who may not have a government-issued photo ID.
Bob
---------------------------
Bob Pinheiro Chair, Consumer Identity WG 908-654-1939 consu...@bobpinheiro.com www.bobpinheiro.com
_______________________________________________ WG-Consumer-Identity mailing list WG-Consume...@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/wg-consumer-identity
antoine mason
I'll be sitting in on webinar:
Event Date:
5/27/2010
Event Name:
Connecting Providers and Patients for Better Care with Microsoft
HealthVault Community Connect
Description:
12:00 Noon Eastern / 11:00 AM Central / 10:00 AM Mountain / 9:00 AM
Pacific</strong>
The new government meaningful use mandate will require hospitals to
better engage with patients and their families, as well as improve the
coordination of care. In this session we will discuss how Microsoft
HealthVault Community Connect can help hospitals meet such mandate by
providing the care team a place to connect and share health
information before and after treatment. Karen Green, Chief Information
Officer for Brooks Health System will discuss how her organization
plans to use HealthVault Community Connect to improve collaboration
with acute providers and community physicians, to better coordinate
high utilizers of healthcare services.