This Work Group operates under the Kantara Initiative IPR Policy - Creative Commons Attribution-Share Alike Option **
The purpose of the Consumer Identity WG is to foster the development of a consumer-friendly, privacy-protecting, high assurance "identity layer" for the internet that enables consumers to fully exploit the potential of the internet without fear of identity theft. The WG addresses this goal by proposing technical and policy solutions that address current threats to privacy and identity, and socializes these solutions with appropriate parties to help foster their implementation. Specifically, the WG will create several whitepapers, and possibly other requirements or recommendations, to describe how emerging identity technologies, protocols, frameworks, laws and regulations, etc., can be leveraged to: (a) enable businesses to know, with high confidence, the identities of individual consumers with whom it engages in high-value online transactions, without jeopardizing the privacy of the consumer's Personally Identifiable Information (PII); and (b) enable individual consumers to prevent others from impersonating them in high-value, online transactions. Read the Work Group charter.
An important enabler of this work is an "identity assurance framework", which specifies the rules and criteria by which trust is engendered between a Service Provider / Relying Party, an Identity Provider, and a consumer. We can define a number of "needs" that consumers and Service Providers have for high assurance identity services or capabilities. Our underlying assumption is that such needs exist because entities that provide identity-dependent services to consumers, called Service Providers, bind such services to specific consumer identities, or to other personal attributes of individual consumers that qualifies them for the service.
A Service Provider may have a need to establish, with a high degree of confidence, the identities of those consumers it forms relationships with, or at least other relevant personal characteristics or attributes of a particular consumer. Service Providers also have a need to keep unauthorized persons from accessing online accounts, records, and other resources that "belong" to consumers already known to the Service Provider. The consumer, on the other hand, has a need to ensure that others are not misusing his/her identity to establish these relationships, and that (unauthorized) others cannot access the consumer's existing accounts/records/resources. A consumer may also have a need to obtain services that are dependent on certain personal characteristics or attributes, without having to reveal his/her identity to the Service Provider.
These two sets of needs (the consumer's needs and the Service Provider's needs) often go hand-in-hand, as illustrated in the following Consumer Identity Needs matrix. This matrix also shows that an Identity Assurance Framework can form the basis of an "authentication network" or federation to ensure that the consumer's need to prevent the misuse of his/her identity by others, as well as the Service Provider's need to know who it is dealing with, can be met.
At the intersection of each corresponding pair of consumer/Service Provider needs (shown in beige) is a requirement for functionality enabled by an Identity Assurance Framework. Each of these three sets of required functionality is described in terms of a scenario (described in Scenarios, Use Cases, and Definitions, v0.3 ), and ensures that Service Providers can trust certain accredited Identity Providers to assert, with a high degree of confidence, the identities or authorization status of consumers seeking to obtain identity-dependent services.
In addition to the needs that consumers and Service Providers have for identity assurance, consumer don't necessarily want to be burdened with having to deal with numerous authentication devices or tokens to access all the accounts they have (the "token necklace" problem), and Service Providers don't want to deal with numerous and confusing options for determining which Identity Provider should be used to authenticate a particular consumer (the "NASCAR" problem). One possible solution, noted in the yellow areas of the matrix, is to make use of graphical representations of consumer's digital identities as contained in "selectors" or "active clients."
Robert Pinheiro Consulting
- Skype: +9900827044630912
- US Dial-In: +1-201-793-9022
- Room Code: 4630912
- International Toll
Austria+43 (0) 82040115470
Belgium+32 (0) 70357134
France+33 (0) 826109071
Ireland+353 (0) 818270968
Spain+34 (9) 02885791
Switzerland+41 (0) 848560397
United Kingdom+44 (0) 8454018081