2021-11-03 Meeting notes
Date
Attendees
Regrets
Goals
- Discuss draft of document outlining thoughts for FIRE WG future direction
Discussion items
Meeting convened at 1pm EDT
Time | Item | Who | Notes | |
---|---|---|---|---|
60 min | Discuss direction for FIRE-WG | draft under discussion Noreen draft for input FIREWG Nov 2.doc: https://1drv.ms/w/s!Amw09CA5GCgjiFm-rVAV1mdvTjUo
Design an interoperable, user centric, standards based mobile and distributed trust framework First, must develop for end-users a core educational and user-centered[NW1] program that will encourage adoption while understanding risk and the importance building trust, managing privacy and practicing good security Core attributes: Trust and Security used to manage risk Requires: Education, Understanding, learning about policies Tools to build Trust: Identity Validation and Authentication Identity proofing and biometrics Internet connectivity: smartphone, devices and apps Tools enable: Access controls for governments, corporations; Friends[NW2] [NW3] [NW4] , family, caregivers, guardians and you
Distributed Trust Platform and Registers: Relying Parties
Brainstorm platforms
What other technology might hold/validate identity?
[NW1]User-friendly typically means usable. I think we are suggesting “user-centered” which means focused on the benefits to users" [NW2]How so for friends? What control are we suggesting for friends? Or is it to identity someone as a friend using social media type attributes? [NW3]We might also need a group for work colleagues. I often use shared accounts for work and community organizations where we get tripped up by 2FA because I need to wait for someone to get a notification on their phone and send me a code. [NW4]Might put You, the user, first followed by the others in some prioritized order: legal relationships (spouse, family, guardian, caregiver, partner, etc) colleagues, friends. Meeting Notes/Discussion:
Expense:
User-centric platform:
How do we educate?
Research solutions/platforms to verifying identity
Agreement across team
Layers:
Catherine: Use of ID not predicated on continued use of the ID (expired mDL, hunting license, insurance, etc)
Tom: revocation issue
---------- Forwarded message --------- From: Former user (Deleted) Date: Tue, Nov 2, 2021 at 12:58 PM Subject: Re: FIRE WG meeting tomorrow at 1 PM ET The only issue with a Medicaid card is that people go on and off Medicaid as their financial or disability situation changes. Not sure if that would impact the digital identity use case Even if you are no longer getting Medicaid benefits does your e-card still work for ID proofing reasons? Kind of like having an expired DL. It may still work as a means of identity verification in some situations Sent from my iPhone On Nov 2, 2021, at 12:50 PM, Tom Jones wrote: I agree that the health care case is a good one. Perhaps for North America a mDL would be the means. The PEMC (privacy enhanced mobile cred) in Kantara is working on use cases as well. We could start with a use case that we could present to them. Another use case would be a state issued medicaid card. ..tom On Tue, Nov 2, 2021 at 9:42 AM Former user (Deleted) wrote: Hi all - sorry I've been out of pocket for sometime now. (I'm getting ready for a new change so my ability to participate in this and other projects has opened up!) I thought it was interesting that you mentioned the consumer experience and people not really being able to appreciate the power they have when they get the "keys to the car". But even with that analogy, we've all seen cars on the road and we grew up with them and we know what they can do for us... One of the best insights I've gained around digital wallet was watching a real-life, online transaction. The individual (a citizen of Finland) went to his local police department's online website and entered in a non-emergency report (similar to what many of us may have in our community with a 3-1-1 reporting site) He was reporting a pothole in front of his house. Instead of typing in all of his contact info he clicked on a link that looked similar to a "Sign in with Google" button - except that it was a sign in with e-ID. His identity had been previously proofed by his bank and now he could use the e-ID that his bank produced to identify himself on all sorts of sites. He could also link this e-ID to credit cards, checking account, etc. So he click on the "sign in with e-ID" button and now his smart phone phone notifies him that he needs to confirm his identity to the police station...he performs a facial ID confirmation using his smart phone and the website receives this confirmation and he's done with the identity transfer.
Next, he went online for a consumer shopping experience (a website similar to Staples) and purchased a set of file folders. This website also had the same "sign in with e-ID" button and in this use case not only did he sign in but he also used the e-ID to link to his credit card details. A notification was pushed to his mobile device, he performed a facial scan and the transaction was complete. All the same functionality plus an ability to pay. I think if we could render an experience similar to this type of use case and add in a healthcare situation - we could explain the power of the digital identity. Catherine Schulten
On Tuesday, November 2, 2021, 08:43:22 AM EDT, Jim Kragh wrote: <snip> I have asked Noreen to take the lead chair today since I will attempt to connect via cell phone. Will have about 30 + realtors from a company invading my home today to assess its value in addition to having a photo shoot from the air, ground, pool and inside; have been asked to vacate the property until mid afternoon. Have a good day, Jim On Tue, Nov 2, 2021 at 12:05 AM Former user (Deleted)wrote: Jim - <snip> I looked over the attachment and would like to add the following comments when considering user adoption. There are a significant amount of end users that either don't care, are very technology challenged, or are drowning in all the technology being thrown at them. The idea of a perimeter, policies, or functions is completely foreign and many could care less. Trust must be developed but in such a way that it is extremely to understand, simple to adopt, and functions seamlessly. I couldn't agree more with Noreen's comment of deemphasizing technology. Cheers. thanks - jeff Jeff Brennan On Monday, November 1, 2021, 07:23:44 PM PDT, Jim Kragh wrote: FIRE WG Zoom Meeting Link https://zoom.us/j/97049100495?pwd=TmRDM1FYR3krMnNXRnl6cTVndUEyZz09 Meeting ID: 970 4910 0495 Passcode: 351 971 FIRE WG - One tap mobile +13462487799,,97049100495#,,,,*351971# US (Houston) +16465588656,,97049100495#,,,,*351971# US (New York) Good Evening and sorry for the late notice and inconvenience for multiple reasons, understand appreciated.Yes, there is a meeting tomorrow and I think you will find it interesting and be a building block for a series of meetings to follow. Those involved in cyber technology have an understanding when we hear "the internet's perimeter is where trust must be developed". That sounds good but how do we light a fire in a user-centered population that will encourage them to want to adopt something they cant feel, touch or enter into their cell phone; where is the value? Noreen and I reviewed the comments from our last meeting ref Zero Trust, Digital Wallets and creating value and noted there is a major gap. It is like being 16 and getting keys to the car and you have little idea of its power or value. Consumers are at the starting gate of a digital economy regarding having a basic understanding of what the 'perimeter' is, its policies, functions and how it affects the user and others. There is a basic market need for user education. During one of our sessions, Noreen commented and then we discussed the idea of what a User-Centered Program might look like, de-emphasizing technology. Let's empower end users with knowledge, tell some fun-life stories, use graphics coupled with digital IDs, smart devices on how to build trust, privacy, security and the value (ownership) of one's identity and data. Let's discuss the draft outline (link attached) as an initial framework and we, as a WG can, if agreed upon, give it life from that point forward. May all have a restful evening, Jim | ||
Meeting adjourned at 2pm EDT |
Action items
- Former user (Deleted) will draft user stories and work with Noreen Whysel to make them into visualizations for PPT or wireframes
- All to review the document and make suggestions
- Former user (Deleted) will see if she can find the recording of the Finnish eID story