Page Comparison

This Work Group operates under the Kantara Initiative IPR Policies - Option Creative Commons Attribution-Share Alike

CHARTER | JOIN THIS GROUP | SUBSCRIBE | MAILMAN ARCHIVE | GOOGLE ARCHIVE

Consumer Identity Work Group News & Updates

Introduction

The purpose of the Consumer Identity WG is to foster the development of a consumer-friendly, privacy-protecting, high assurance "identity layer" for the internet that enables consumers to fully exploit the potential of the internet without fear of identity theft. The WG addresses this goal by proposing technical and policy solutions that address current threats to privacy and identity, and socializes these solutions with appropriate parties to help foster their implementation. Specifically, the WG will create several whitepapers, and possibly other requirements or recommendations,  to help ensure that emerging Internet-based identity infrastructures are designed and implemented in a way that can help prevent consumer identity theft and other identity-related fraud.  CIWG does this by proposing specific requirements, recommendations, guidelines, and policy positions that foster the implementation and adoption of high assurance identity-related claims (ie, sets of identifiers or other attributes) that can help prevent identity theft and other types of identity-related fraud affecting consumers and service providers.   CIWG also seeks to understand the feasibility issues pertaining to large-scale deployments of these capabilities.

Subject to available resources, CIWG will create reports, whitepapers, and/or other documents that describe how emerging identity technologies, protocols, frameworks, laws and regulations, etc., can be leveraged to: (a) enable businesses a service provider to know, with high confidenceassurance, the identities of individual consumers , related attributes, or authorization status of individuals with whom it engages in high-value online transactions, without jeopardizing the privacy of the consumer's Personally Identifiable Information (PII)interests of those consumers; and (b) enable individual consumers to prevent others from impersonating them in high-value, online transactions. Read the Work Group charter.

An important enabler of this work is an "identity assurance framework", which specifies the rules and criteria by which trust is engendered between a Service Provider / Relying Party, an Identity Provider, and a consumer.  We can define a number of "needs" that consumers and Service Providers have for high assurance identity services or capabilities.  Our underlying assumption is that such needs exist because entities that provide identity-dependent services to consumers, called Service Providers, bind such services to specific consumer identities, or to other personal attributes of individual consumers that qualifies them for the service. 

A Service Provider may have a need to establish, with a high degree of confidence, the identities of those consumers it forms relationships with, or at least other relevant personal characteristics or attributes of a particular consumer.  Service Providers also have a need to keep unauthorized persons from accessing online accounts, records, and other resources that "belong" to consumers already known to the Service Provider.  The consumer, on the other hand, has a need to ensure that others are not misusing his/her identity to establish these relationships, and that (unauthorized) others cannot access the consumer's existing accounts/records/resources.  A consumer may also have a need to obtain services that are dependent on certain personal characteristics or attributes, without having to reveal his/her identity to the Service Provider.

These two sets of needs (the consumer's needs and the Service Provider's needs) often go hand-in-hand, as illustrated in the following Consumer Identity Needs matrix.  This matrix also shows that an Identity Assurance Framework can form the basis of an "authentication network" or federation to ensure that the consumer's need to prevent the misuse of his/her identity by others, as well as the Service Provider's need to know who it is dealing with, can be met.

Image Removed

At the intersection of each corresponding pair of consumer/Service Provider needs (shown in beige) is a requirement for functionality enabled by an Identity Assurance Framework.  Each of these three sets of required functionality is described in terms of a scenario (described in Scenarios, Use Cases, and Definitions, v0.3 ), and ensures that Service Providers can trust certain accredited Identity Providers to assert, with a high degree of confidence, the identities or authorization status of consumers seeking to obtain identity-dependent services.

In addition to the needs that consumers and Service Providers have for identity assurance, consumer don't necessarily want to be burdened with having to deal with numerous authentication devices or tokens to access all the accounts they have (the "token necklace" problem), and Service Providers don't want to deal with numerous and confusing options for determining which Identity Provider should be used to authenticate a particular consumer (the "NASCAR" problem).  One possible solution, noted in the yellow areas of the matrix, is to make use of graphical representations of consumer's digital identities as contained in "selectors"  or "active clients."

Some Requirements to Support High Assurance Consumer Claims

As a first step towards this goal, the CIWG Interim Report, released in October 2010, addressed the problem of harmful identity theft and other types of identity-related fraud that affects consumers.  The Interim Report highlights several issues that become important when considering how to design and implement an identity infrastructure to support high assurance identity-related claims in a way that consumers will find easy to use, that will maintain their privacy, and that will prevent others from “stealing” their identities in order to conduct activities that can be harmful to the consumer.

In response to the issues raised in the Interim Report, we propose several high-level requirements for an identity infrastructure.   These are:

• expand the definition of “high assurance” to include claims other than those consisting strictly of personal identifiers;
• provide consumers with an optional visual representation of these claims to increase usability and ease of claims management;
• eliminate potential service interruptions resulting from unavailability of the identity provider by establishing a way to transmit high assurance claims to a service provider / relying party without requiring that the relying party interact with the identity provider each time;
• provide better consumer privacy protections to prevent identity providers and others from tracking and correlating usage of a consumer’s high assurance identity-related claims;
• provide strong authentication technologies that are usable by consumers;
• deploy the identity infrastructure in a way that satisfies consumer needs for ease of use and portability of credentials;
• establish or support policies to discourage service providers / relying parties from demanding high assurance identity-related claims for access to low value services. 

Supporting Technologies

Although an identity infrastructure could satisfy these requirements in more than one way, an identity infrastructure that incorporates the following technologies could serve as a strawman for further discussion and evaluation.

• “Open identity” technologies that support high assurance claims, such as Information Cards or beefed-up OpenIDs (or some analogous credential).
• U-Prove technology that supports both on-demand tokens as well as long-lived tokens.  On-demand tokens are used to transmit claims from an identity provider to a relying party (via an active client) in real-time, while long-lived tokens are generated ahead of time and then used when needed to transmit claims without requiring interaction with an identity provider.  The use of long-lived tokens would allow service providers to process consumer claims even when a trusted identity provider is unavailable.
• A selector or active client that acts as an online repository or “wallet” to store Information Cards or OpenIDs, as well as to store and manage U-Prove tokens.   The selector / active client would also provide consumers with a visual representation of identity-related claims.
• Strong authentication technologies such as public/private keys, one-time passwords, and possibly others that enables identity providers to have high assurance that the claims they issue are in response to a request from the consumer to whom the claim pertains.
• Smartcards and PC-based Trusted Platform Modules for the deployment of selectors / active clients and other authentication technologies, as well as for the private keys that allow consumers to make use of U-Prove tokens to transmit trusted claims to relying parties.  Smartcards implemented in smartphones, USB dongles, or other mobile devices may be more usable from a consumer standpoint for online transactions than smartcards implemented as physical cards that require a card reader in order to be used.

Subject to availability of resources, it is CIWG’s goal to further refine the above requirements, as well as to provide more specific or detailed recommendations for various technology alternatives.

High Assurance Consumer Claims with U-Prove Tokens

The following two diagrams illustrate how consumer identity-related claims can be used with either on-demand or long-lived U-Prove tokens.   It is assumed that trust between service providers / relying parties and the identity providers that issue verified claims is based upon the adoption by these parties of an appropriate trust framework.

Image Added

Image Added