| Section |
|---|
| Column | ||
|---|---|---|
| ||
This Work Group operates under the Kantara Initiative IPR Policies - Option Creative Commons Attribution-Share Alike
JOIN THIS GROUP | SUBSCRIBE | MAILMAN ARCHIVE | GOOGLE ARCHIVE
Consumer Identity Work Group News & Updates
| Blog Posts | ||
|---|---|---|
|
The purpose of the Consumer Identity WG is to
...
help ensure that emerging Internet-based identity infrastructures are designed and implemented in a way that can help prevent consumer identity theft and other identity-related fraud. CIWG does this by proposing specific requirements, recommendations, guidelines, and policy positions that foster the implementation and adoption of high assurance identity-related claims (ie, sets of identifiers or other attributes) that can help prevent identity theft and other types of identity-related fraud affecting consumers and service providers. CIWG also seeks to understand the feasibility issues pertaining to large-scale deployments of these capabilities.
Subject to available resources, CIWG will create reports, whitepapers, and/or other documents that describe how emerging identity technologies, protocols, frameworks, laws and regulations, etc., can be leveraged to: (a) enable
...
a service provider to know, with high
...
assurance, the identities
...
, related attributes, or authorization status of individuals with whom it engages in high-value online transactions, without jeopardizing the privacy
...
interests of those consumers; and (b) enable individual consumers to prevent others from impersonating them in high-value, online transactions.
Read the Work Group charter.
An important enabler of this work is an "identity assurance framework", which specifies the rules and criteria by which trust is engendered between a Service Provider / Relying Party, an Identity Provider, and a consumer. We can define a number of "needs" that consumers and Service Providers have for high assurance identity services or capabilities. Our underlying assumption is that such needs exist because entities that provide identity-dependent services to consumers, called Service Providers, bind such services to specific consumer identities, or to other personal attributes of individual consumers that qualifies them for the service.
A Service Provider may have a need to establish, with a high degree of confidence, the identities of those consumers it forms relationships with, or at least other relevant personal characteristics or attributes of a particular consumer. Service Providers also have a need to keep unauthorized persons from accessing online accounts, records, and other resources that "belong" to consumers already known to the Service Provider. The consumer, on the other hand, has a need to ensure that others are not misusing his/her identity to establish these relationships, and that (unauthorized) others cannot access the consumer's existing accounts/records/resources. A consumer may also have a need to obtain services that are dependent on certain personal characteristics or attributes, without having to reveal his/her identity to the Service Provider.
These two sets of needs (the consumer's needs and the Service Provider's needs) often go hand-in-hand, as illustrated in the following Consumer Identity Needs matrix. This matrix also shows that an Identity Assurance Framework can form the basis of an "authentication network" or federation to ensure that the consumer's need to prevent the misuse of his/her identity by others, as well as the Service Provider's need to know who it is dealing with, can be met.
At the intersection of each corresponding pair of consumer/Service Provider needs (shown in beige) is a requirement for functionality enabled by an Identity Assurance Framework. Each of these three sets of required functionality is described in terms of a scenario (described in Scenarios, Use Cases, and Definitions, v0.3 ), and ensures that Service Providers can trust certain accredited Identity Providers to assert, with a high degree of confidence, the identities or authorization status of consumers seeking to obtain identity-dependent services.
In addition to the needs that consumers and Service Providers have for identity assurance, consumer don't necessarily want to be burdened with having to deal with numerous authentication devices or tokens to access all the accounts they have (the "token necklace" problem), and Service Providers don't want to deal with numerous and confusing options for determining which Identity Provider should be used to authenticate a particular consumer (the "NASCAR" problem). One possible solution, noted in the yellow areas of the matrix, is to make use of graphical representations of consumer's digital identities as contained in "selectors" or "active clients."
...
| width | 5% |
|---|
| Column | ||
|---|---|---|
| ||
Chair:Bob Pinheiro, Dial-In:
International Toll Dial-In:Austria +43 (0) 82040115470 |
...
| width | 100% |
|---|
...
As a first step towards this goal, the CIWG Interim Report, released in October 2010, addressed the problem of harmful identity theft and other types of identity-related fraud that affects consumers. The Interim Report highlights several issues that become important when considering how to design and implement an identity infrastructure to support high assurance identity-related claims in a way that consumers will find easy to use, that will maintain their privacy, and that will prevent others from