<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
Colin,<br>
<br>
In principal, the idea of an initiative focused on providing strong
authentication to help prevent identity fraud is good. However, if
this initiative is going to truly help
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<meta name="ProgId" content="Word.Document">
<meta name="Generator" content="Microsoft Word 11">
<meta name="Originator" content="Microsoft Word 11">
<link rel="File-List"
href="file:///C:%5CDOCUME%7E1%5CBob%5CLOCALS%7E1%5CTemp%5Cmsohtml1%5C01%5Cclip_filelist.xml">
<!--[if gte mso 9]><xml>
<w:WordDocument>
<w:View>Normal</w:View>
<w:Zoom>0</w:Zoom>
<w:PunctuationKerning/>
<w:ValidateAgainstSchemas/>
<w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
<w:IgnoreMixedContent>false</w:IgnoreMixedContent>
<w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
<w:Compatibility>
<w:BreakWrappedTables/>
<w:SnapToGridInCell/>
<w:WrapTextWithPunct/>
<w:UseAsianBreakRules/>
<w:DontGrowAutofit/>
</w:Compatibility>
<w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
</w:WordDocument>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:LatentStyles DefLockedState="false" LatentStyleCount="156">
</w:LatentStyles>
</xml><![endif]-->
<style>
<!--
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{mso-style-parent:"";
margin:0in;
margin-bottom:.0001pt;
mso-pagination:widow-orphan;
mso-hyphenate:none;
font-size:12.0pt;
font-family:"Times New Roman";
mso-fareast-font-family:"Times New Roman";
mso-fareast-language:AR-SA;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;
mso-header-margin:.5in;
mso-footer-margin:.5in;
mso-paper-source:0;}
div.Section1
{page:Section1;}
--</style><span style="font-size: 11pt; font-family: Arial;">cut costs
related to identity fraud, </span> I think it's going to have to
involve stakeholders from businesses in which identity fraud causes
the most severe losses. For instance, financial services. There is
plenty of financial fraud going on as a result of weak
authentication, including "account hijackings" in which fraudsters
break into online bank accounts and drain the money, identity theft
resulting from stolen personal information in which new credit
accounts are established, as well as bogus credit card charges
resulting from stolen cc numbers. Stronger authentication could
help prevent these, and possibly the UI initiative could help.<br>
<br>
However, I don't see anyone from the financial industry listed in
the UI working group. The UI working group is made up of
technologists, some of whom represent universities, which is not
really where the high value identity theft is. I think it's
critical to get some stakeholders from financial institutions
involved, and probably also healthcare organizations such as health
information exchanges (since medical identity theft is growing).
There are plenty of alternatives already available for doing strong
authentication, but they haven't really caught on, at least at the
consumer and small-business level. So I think UI needs to get the
right stakeholders on board at the beginning. <br>
<br>
Another point is that I don't think the initiative should be focused
solely on Yubikey, or on one-time passwords. I'm not sure that
does, but I'd like to see other strong auth technologies included,
such as PKI (that is, use of a personal certificate coupled with a
private key, residing on a portable device that would be easy for
consumers to use). This wouldn't necessarily have to involve SSL
and client-side certificates, but maybe could involve a SAML
assertion from an IdP once the user has authenticated to the IdP
using public/private key crypto interactions.<br>
<br>
I'm not sure what you mean by Kantara "taking this forward." Does
that mean Kantara would contribute financially to this? If the
NASPO experience is any indicator, that might be difficult.
Although I have to say, under the right circumstances I can see this
initiative as helping the Consumer Identity WG achieve its goals.
So if I can contribute to the ongoing discussions as a member of the
UI working group, count me in.<br>
<br>
Bob<br>
<br>
On 8/18/2010 12:19 AM, Colin Wallis wrote:
<blockquote
cite="mid:C510922C5135794BAEB7F079376398840895AEA466@WLGPRDEXCMBX01.dia.govt.nz"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<meta name="Generator" content="Microsoft Word 12 (filtered
medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Arial","sans-serif";
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Arial","sans-serif";
font-variant:normal !important;
color:black;
text-transform:none;
position:relative;
top:0pt;
mso-text-raise:0pt;
letter-spacing:0pt;
text-shadow:none;
font-weight:normal;
font-style:normal;
text-decoration:none none;
vertical-align:baseline;}
.MsoChpDefault
{mso-style-type:export-only;}
@page Section1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.Section1
{page:Section1;}
-->
</style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="Section1">
<p class="MsoNormal">Greetings all<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Armed with the Minutes of the last meeting,
I am now working through some actions.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Many of you are aware of this work to a
greater or lesser extent, and you'll see some familiar
names:-)<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Kantara is mentioned specifically.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">So this email is to ask you to review the
proposal outlined in this paper, and respond to the list with
your view on whether Kantara is interested to take this
forward (should UI approach Kantara of course).<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Thanks in advance for your input.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Cheers<o:p></o:p></p>
<p class="MsoNormal">Colin<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="color: gray;"><o:p> </o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
====<br>
CAUTION: This email message and any attachments contain
information that may be confidential and may be LEGALLY
PRIVILEGED. If you are not the intended recipient, any use,
disclosure or copying of this message or attachments is strictly
prohibited. If you have received this email message in error
please notify us immediately and erase all copies of the message
and attachments. Thank you.<br>
====
<pre wrap=""><fieldset class="mimeAttachmentHeader"></fieldset>
_______________________________________________
LC mailing list
<a class="moz-txt-link-abbreviated" href="mailto:LC@kantarainitiative.org">LC@kantarainitiative.org</a>
<a class="moz-txt-link-freetext" href="http://kantarainitiative.org/mailman/listinfo/lc">http://kantarainitiative.org/mailman/listinfo/lc</a>
</pre>
</blockquote>
<br>
<br>
</body>
</html>