Versions Compared

Old Version 7

changes.mady.by.user Former user

Saved on

compared with

New Version 8

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

(1) WG NAME (and any acronym or abbreviation of the name): The WG name, acronym and abbreviation must not include trademarks not owned by the Organization, or content that is infringing, harmful, or inappropriate.

Need a new name: Consumer Identity WG

(2) PURPOSE: Please provide a clear statement of purpose and justification why the proposed WG is necessary.

The purpose of the Consumer Identity WG is to foster the development of a user-centric "identity layer" for the internet that enables consumers to fully exploit the potential of the internet without fear of identity theft. The WG addresses this goal by proposing technical and policy solutions that address current threats to privacy and identity, and socializes these solutions with appropriate parties to help foster their implementation. Specifically, the WG crafts will create several whitepapers, and possibly other requirements , or technical specifications, and other work products to specify how emerging identity technologies, protocols, frameworks, laws and regulations, etc., can be leveraged to: (a) enable businesses to know, with high confidence, the identities of individual consumers with whom it engages in high-value online transactions, without jeopardizing the privacy of the consumer's Personally Identifiable Information (PII); and (b) enable individual consumers to prevent others from impersonating them in online transactions. By championing the use of these high assurance, privacy-protecting identity solutions, the WG seeks to help bring about an environment in which the identities of consumers engaged in high value, online transactions can be known with the same degree of confidence as the identities of parties engaging in various types of sensitive online business-to-business transactions.

...

More specifically, the WG will proposes to undertake the following activities (subject to available resources):

  • Using a number of sources (see Section 10) as background, together with new insights derived from participation and interaction with industry groups and other identity-related initiatives, the WG will produce one or more whitepaper(s) that defines the concept of an authentication network comprised of Identity Providers that verify consumer identities and issue "strong" identity credentials, Service Providers / Relying Parties who rely on identity services from these Identity Providers, and individual consumers whose identities have been verified by these Identity Providers, and who have been issued credentials by these Identity Providers. The whitepaper(s) will specifically address the needs of individual consumers to control the use of their online identities for obtaining services from these service providers, and as well as the needs of these service providers to rely on credentials issued by these Identity Providers for authentication of relevant identity claims.
  • Much identity theft occurs because identity claims made on the basis of personally identifiable information are unverified.  So unless all or most Service Providers / Relying Parties require rigorous identity verification prior to establishing new identity-related services, it may still be possible for the identity of someone who has been issued "strong" credentials to have his/her identity "stolen.The WG will produce a whitepaper that explores the feasibility of enabling a Relying Party to discover a trusted Identity Provider that can verify an identity claim made on the basis of PII, provided the claimed identity has been initially verified by that Identity Provider.
  • Information cards, in particular, may act as online "identity cards" that can help prevent identity fraud in two ways: managed information cards issued by trusted third party Identity Providers can provide verified identity claims on behalf of consumers, and self-issued information cards implementing cryptographic authentication protocols can be bound to existing online resources or accounts to provide strong, two factor authentication for accessing these existing resources or accounts. The WG will produce a whitepaper outlining how Information Cards, and in particular managed Information Cards, can help to prevent consumer identity theft.  The whitepaper may also address how the Liberty Identity Assurance Framework can be applied to establish trust between Relying Parties who consume identity claims contained in secure tokens generated by Identity Providers, and those Identity Providers who issue managed Information Cards and identity claims transmitted via secure tokens.

In addition, the WG will act as a source of expertise on consumer identity issues for other Kantara needs, and will strive to interact with (and participate in) relevant industry consortia.

(4) DRAFT TECHNICAL SPECIFICATIONS: List Working Titles of draft Technical Specifications to be produced _(if any), projected completion dates, and the Standards Setting Organization(s) to which they will be submitted upon approval by the Membership.

At this time, no Technical Specifications are planned.  Any draft technical specifications Technical Specifications issued by the WG will be based on the whitepapers and/or requirements outlined in Section 3.

(5) OTHER DRAFT RECOMMENDATIONS: Other Draft Recommendations and projected completion dates for submission for All Member Ballot.

See Section 3 for proposed Deliverables (which may or may not take the form of Draft Recommendations).

(6) LEADERSHIP: Proposed WG Chair and Editor(s) (if any) subject to confirmation by a vote of the WG Participants.

...

Organizations involved with online identity fraud, credit card companies and others involved with online payments, non-profit identity and privacy groups, vendors of authentication and identity services and technologies, government consumer groups (e.g., FTC), credit reporting agencies, think tanks involved with identity issues (ie, Center for Strategic and International Studies, Center for American Progress, National Research Council, Center for Applied Identity Management Research, etc.)

(8) DURATION: Objective criteria for determining when the work of the WG has been completed (or a statement that the WG is intended to be a standing WG to address work that is expected to be ongoing).

...

Other organizations that the WG may interact with include the Information Card Foundation, ANSI Identity Theft Standards Panel, Center for Strategic and International Studies, Center for American Progress, Internet Society, Center for Applied Identity Management Research.

(11) CONTRIBUTIONS (optional): A list of contributions that the proposers anticipate will be made to the WG.

(12) PROPOSERS: Names, email addresses, and any constituent affiliations of at least the minimum set of proposers required to support forming the WG.

  • Bob Pinheiro, Robert Pinheiro Consulting LLC
  • Pak Mark, Independent Business Investor
  • Ron Carpinella, Equifax
  • Alex Popowycz, Fidelity Investments