...
Online identity fraud results from the misuse of personally identifying information such as names, Social Security Numbers, and birthdates, as well as misuse of shared secrets such as passwords, credit card information, answers to "challenge questions", mother's maiden name, etc. Misuse of this PII enables fraudsters to impersonate individual consumers online because identity-related claims are often based on nothing more than knowledge of this information. Identity fraud has an obvious negative impact on consumers, who may experience damaged credit scores, drained bank accounts, fraudulent credit card charges and other bills resulting from unauthorized purchases, falsified medical histories, privacy breaches of sensitive medical records and information, etc. The negative impact on businesses that provide identity-related products or services includes damage to their operations, reputations, and bottom line, as well as loss of consumer trust that is difficult and costly to regain. As well, identity fraud creates distrust and fear between businesses and consumers that imperils achieving the full range of economic benefits promised by the internet itself.
The purpose of the Consumer Identity WG is to foster the development of a consumer-friendly, privacy-protecting, high assurance "identity layer" for the internet that enables consumers to fully exploit the potential of the internet without fear of identity theft. The WG addresses this goal by proposing technical and policy solutions that address current threats to privacy and identity, and socializes these solutions with appropriate parties to help foster their implementation.
...
Specifically, the WG will create several whitepapers, and possibly other requirements, recommendations, or technical specifications, to describe how emerging identity technologies, protocols, frameworks, laws and regulations, etc., can be leveraged to: (a) enable businesses to know, with high confidence, the identities (or authorization status) of individual consumers with whom it engages in high-value online transactions, without jeopardizing the privacy of the consumer's personally identifiable information (PII); and (b) enable individual consumers to prevent others from impersonating them in high-value, online transactions.
...
(5) OTHER DRAFT RECOMMENDATIONS: Other Draft Recommendations and projected completion dates for submission for All Member Ballot.
The Consumer Identity WG proposes to will undertake the following activities (subject to availability of resources):
a) Using a number of sources (see Section 10) as background, together with new insights derived from participation and interaction with industry groups and other identity-related initiatives, the WG will produce at least one or more whitepaper (s) that defines the concept of an authentication network comprised of Identity Providers that verify consumer identities and issue "strong" identity credentials to the consumers whose identities it has verified, Service Providers / Relying Parties who trust and rely on identity services from these Identity Providers, and individual consumers whose identities have been verified by these Identity Providers, and who have been issued credentials by these Identity Providersin posssession of these credentials. The whitepaper(s) will specifically address the needs of individual consumers to control the use of their online identities for obtaining identity-dependent services from online Service Providers, as well as the needs of these Service Providers to establish trusted relationships with Identity Providers who can are then able to authenticate identity-related claims made by legitimate consumers , or fraudsters seeking to obtain identity-related services under a different identity.known to these Identity Providers.
b) Information Cards, in particular, may hold special promise as a basis for online consumer identity solutions because of their intuitive visual user interface as electronic "identity cards." Information Cards can help prevent identity fraud in at least two ways: managed Information Cards issued by trusted third party Identity Providers can provide verified identity claims on behalf of consumers, and self-issued Information Cards implementing cryptographic authentication protocols can be bound to existing online resources or accounts to provide authentication of returning authorized users. The WG will produce a whitepaper outlining how Information Cards, and in particular managed Information Cards, can provide high assurance identity solutions for consumers that can help prevent identity theft. The whitepaper may propose or evaluate ways in which an "identity assurance framework" can be applied to establish trust between Relying Parties who consume identity claims contained in secure electronic tokens generated by Identity Providers, and those the Identity Providers who issue managed Information Cards and as well as the identity claims transmitted via secure tokens. It The whitepaper may also address the problem of incorporating consumer-friendly, multifactor authentication schemes into the Information Card paradigm, replacing passwords only as the only mechanism by which consumers authenticate to their Selectors (ie, online "wallets" holding Information Cards) and/or Identity Providers.
c) Much identity theft occurs because identity claims made by individuals on the basis of providing personally identifiable information are often unverified. Unless all or most Service Providers / Relying Parties require rigorous identity verification prior to establishing high-value, identity-related services, it may still be possible for the identity of someone who has been issued "strong" credentials to have his/her identity "stolen." The WG will produce a whitepaper that explores the feasibility of enabling a Relying Party to discover trusted Identity Providers that can verify an identity claim made on the basis of PII, provided that the PII corresponds to some individual consumer whose identity has been previously verified by a trusted Identity Provider.
The timeframes for completion of these activities is highly dependent on available resources. We generally expect to complete at least one whitepaper described in (a) above within 4 months - 8 months of approval of this charter. Completion of whitepapers described in (b) and (c) will follow at a later time.
Upon completion of the whitepapers described above, the WG may choose to issue additional Recommendations for the deployment or use of the consumer identity solutions discussed in the whitepapers.
...
Bob Pinheiro, Robert Pinheiro Consulting LLC, consumerid (at) bobpinheiro (dot) com
(7) AUDIENCE: Anticipated audience or users of the work.
...