<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns:p="urn:schemas-microsoft-com:office:powerpoint" xmlns:a="urn:schemas-microsoft-com:office:access" xmlns:dt="uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" xmlns:s="uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882" xmlns:rs="urn:schemas-microsoft-com:rowset" xmlns:z="#RowsetSchema" xmlns:b="urn:schemas-microsoft-com:office:publisher" xmlns:ss="urn:schemas-microsoft-com:office:spreadsheet" xmlns:c="urn:schemas-microsoft-com:office:component:spreadsheet" xmlns:odc="urn:schemas-microsoft-com:office:odc" xmlns:oa="urn:schemas-microsoft-com:office:activation" xmlns:html="http://www.w3.org/TR/REC-html40" xmlns:q="http://schemas.xmlsoap.org/soap/envelope/" xmlns:rtc="http://microsoft.com/officenet/conferencing" xmlns:D="DAV:" xmlns:Repl="http://schemas.microsoft.com/repl/" xmlns:mt="http://schemas.microsoft.com/sharepoint/soap/meetings/" xmlns:x2="http://schemas.microsoft.com/office/excel/2003/xml" xmlns:ppda="http://www.passport.com/NameSpace.xsd" xmlns:ois="http://schemas.microsoft.com/sharepoint/soap/ois/" xmlns:dir="http://schemas.microsoft.com/sharepoint/soap/directory/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:dsp="http://schemas.microsoft.com/sharepoint/dsp" xmlns:udc="http://schemas.microsoft.com/data/udc" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:sub="http://schemas.microsoft.com/sharepoint/soap/2002/1/alerts/" xmlns:ec="http://www.w3.org/2001/04/xmlenc#" xmlns:sp="http://schemas.microsoft.com/sharepoint/" xmlns:sps="http://schemas.microsoft.com/sharepoint/soap/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:udcs="http://schemas.microsoft.com/data/udc/soap" xmlns:udcxf="http://schemas.microsoft.com/data/udc/xmlfile" xmlns:udcp2p="http://schemas.microsoft.com/data/udc/parttopart" xmlns:wf="http://schemas.microsoft.com/sharepoint/soap/workflow/" xmlns:dsss="http://schemas.microsoft.com/office/2006/digsig-setup" xmlns:dssi="http://schemas.microsoft.com/office/2006/digsig" xmlns:mdssi="http://schemas.openxmlformats.org/package/2006/digital-signature" xmlns:mver="http://schemas.openxmlformats.org/markup-compatibility/2006" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns:mrels="http://schemas.openxmlformats.org/package/2006/relationships" xmlns:spwp="http://microsoft.com/sharepoint/webpartpages" xmlns:ex12t="http://schemas.microsoft.com/exchange/services/2006/types" xmlns:ex12m="http://schemas.microsoft.com/exchange/services/2006/messages" xmlns:pptsl="http://schemas.microsoft.com/sharepoint/soap/SlideLibrary/" xmlns:spsl="http://microsoft.com/webservices/SharePointPortalServer/PublishedLinksService" xmlns:Z="urn:schemas-microsoft-com:" xmlns:st="&#1;" xmlns="http://www.w3.org/TR/REC-html40">

<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
 /* Font Definitions */
 @font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:Tahoma;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
        {font-family:Consolas;
        panose-1:2 11 6 9 2 2 4 3 2 4;}
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0cm;
        margin-bottom:.0001pt;
        font-size:10.0pt;
        font-family:"Arial","sans-serif";
        color:black;}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
pre
        {mso-style-priority:99;
        mso-style-link:"HTML Preformatted Char";
        margin:0cm;
        margin-bottom:.0001pt;
        font-size:10.0pt;
        font-family:"Courier New";
        color:black;}
span.EmailStyle17
        {mso-style-type:personal;
        font-family:"Arial","sans-serif";
        font-variant:normal !important;
        color:black;
        text-transform:none;
        position:relative;
        top:0pt;
        mso-text-raise:0pt;
        letter-spacing:0pt;
        text-shadow:none;
        font-weight:normal;
        font-style:normal;
        text-decoration:none none;
        vertical-align:baseline;}
span.HTMLPreformattedChar
        {mso-style-name:"HTML Preformatted Char";
        mso-style-priority:99;
        mso-style-link:"HTML Preformatted";
        font-family:Consolas;
        color:black;}
span.EmailStyle20
        {mso-style-type:personal-reply;
        font-family:"Arial","sans-serif";
        font-variant:normal !important;
        text-transform:none;
        position:relative;
        top:0pt;
        mso-text-raise:0pt;
        letter-spacing:0pt;
        text-shadow:none;
        font-weight:normal;
        font-style:normal;
        text-decoration:none none;
        vertical-align:baseline;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-size:10.0pt;}
@page Section1
        {size:612.0pt 792.0pt;
        margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.Section1
        {page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
 <o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
 <o:shapelayout v:ext="edit">
  <o:idmap v:ext="edit" data="1" />
 </o:shapelayout></xml><![endif]-->
</head>

<body bgcolor=white lang=EN-NZ link=blue vlink=purple>

<div class=Section1>

<p class=MsoNormal>All good points Bob.<o:p></o:p></p>

<p class=MsoNormal><o:p>&nbsp;</o:p></p>

<p class=MsoNormal>In NZ Gov we are not fans of PKI with personal certificates
in consumer-land, but that doesn't take away anything from the thrust of your
point about strong auth alternatives, which I agree with.<o:p></o:p></p>

<p class=MsoNormal><o:p>&nbsp;</o:p></p>

<p class=MsoNormal>&lt;&lt;I'm not sure what you mean by Kantara &quot;taking
this forward.&quot;&nbsp; Does that mean Kantara would contribute financially
to this?&nbsp; If the NASPO experience is any indicator, that might be difficult.&nbsp;
Although I have to say, under the right circumstances I can see this initiative
as helping the Consumer Identity WG achieve its goals.&nbsp; So if I can
contribute to the ongoing discussions as a member of the UI working group,
count me in.&gt;&gt;<o:p></o:p></p>

<p class=MsoNormal><o:p>&nbsp;</o:p></p>

<p class=MsoNormal>Indeed that is the question, and KI's involvement could be somewhere
on a continuum of depth/commitment.<o:p></o:p></p>

<p class=MsoNormal><o:p>&nbsp;</o:p></p>

<p class=MsoNormal>At the lower end of that continuum might be support for
establishing a KI work group to take it forward.&nbsp; I guess that was my
feeling about where we might be open to an approach (should UI wish to approach
KI with that proposal) because, as you rightly point out, it would appear to
dove-tail quite nicely into projects we are already working on.<o:p></o:p></p>

<p class=MsoNormal><o:p>&nbsp;</o:p></p>

<p class=MsoNormal>Cheers<o:p></o:p></p>

<p class=MsoNormal>Colin<o:p></o:p></p>

<p class=MsoNormal><o:p>&nbsp;</o:p></p>

<div>

<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'>

<p class=MsoNormal><b><span lang=EN-US style='font-family:"Tahoma","sans-serif";
color:windowtext'>From:</span></b><span lang=EN-US style='font-family:"Tahoma","sans-serif";
color:windowtext'> lc-bounces@kantarainitiative.org
[mailto:lc-bounces@kantarainitiative.org] <b>On Behalf Of </b>Bob Pinheiro<br>
<b>Sent:</b> Friday, 20 August 2010 9:38 a.m.<br>
<b>To:</b> lc@kantarainitiative.org<br>
<b>Subject:</b> Re: [KI-LC] Action Item 6b - United Identities (UI) paper - are
we interested? - LC call 4th August<o:p></o:p></span></p>

</div>

</div>

<p class=MsoNormal><o:p>&nbsp;</o:p></p>

<p class=MsoNormal>Colin,<br>
<br>
In principal, the idea of an initiative focused on providing strong
authentication to help prevent identity fraud is good.&nbsp; However, if this
initiative is going to truly help I think it's going to have to involve
stakeholders from businesses in which identity fraud causes the most severe
losses.&nbsp; For instance, financial services.&nbsp; There is plenty of
financial fraud going on as a result of weak authentication, including
&quot;account hijackings&quot; in which fraudsters break into online bank
accounts and drain the money, identity theft resulting from stolen personal
information in which new credit accounts are established, as well as bogus
credit card charges resulting from stolen cc numbers.&nbsp; Stronger authentication
could help prevent these, and possibly the UI initiative could help.<br>
<br>
However, I don't see anyone from the financial industry listed in the UI
working group.&nbsp; The UI working group is made up of technologists, some of
whom represent universities, which is not really where the high value identity
theft is.&nbsp; I think it's critical to get some stakeholders from financial
institutions involved, and probably also healthcare organizations such as
health information exchanges (since medical identity theft is
growing).&nbsp;&nbsp; There are plenty of alternatives already available for
doing strong authentication, but they haven't really caught on, at least at the
consumer and small-business level.&nbsp; So I think UI needs to get the right
stakeholders on board at the beginning.&nbsp; <br>
<br>
Another point is that I don't think the initiative should be focused solely on
Yubikey, or on one-time passwords.&nbsp; I'm not sure that does, but I'd like
to see other strong auth technologies included, such as PKI (that is, use of a
personal certificate coupled with a private key, residing on a portable device
that would be easy for consumers to use).&nbsp; This wouldn't necessarily have
to involve SSL and client-side certificates, but maybe could involve a SAML
assertion from an IdP once the user has authenticated to the IdP using
public/private key crypto interactions.<br>
<br>
I'm not sure what you mean by Kantara &quot;taking this forward.&quot;&nbsp;
Does that mean Kantara would contribute financially to this?&nbsp; If the NASPO
experience is any indicator, that might be difficult.&nbsp; Although I have to
say, under the right circumstances I can see this initiative as helping the
Consumer Identity WG achieve its goals.&nbsp; So if I can contribute to the
ongoing discussions as a member of the UI working group, count me in.<br>
<br>
Bob<br>
<br>
On 8/18/2010 12:19 AM, Colin Wallis wrote: <o:p></o:p></p>

<p class=MsoNormal>Greetings all<o:p></o:p></p>

<p class=MsoNormal>&nbsp;<o:p></o:p></p>

<p class=MsoNormal>Armed with the Minutes of the last meeting, I am now working
through some actions.<o:p></o:p></p>

<p class=MsoNormal>&nbsp;<o:p></o:p></p>

<p class=MsoNormal>Many of you are aware of this work to a greater or lesser
extent, and you'll see some familiar names:-)<o:p></o:p></p>

<p class=MsoNormal>&nbsp;<o:p></o:p></p>

<p class=MsoNormal>Kantara is mentioned specifically.<o:p></o:p></p>

<p class=MsoNormal>&nbsp;<o:p></o:p></p>

<p class=MsoNormal>So this email is to ask you to review the proposal outlined
in this paper, and respond to the list with your view on whether Kantara is
interested to take this forward (should UI approach Kantara of course).<o:p></o:p></p>

<p class=MsoNormal>&nbsp;<o:p></o:p></p>

<p class=MsoNormal>Thanks in advance for your input.<o:p></o:p></p>

<p class=MsoNormal>&nbsp;<o:p></o:p></p>

<p class=MsoNormal>Cheers<o:p></o:p></p>

<p class=MsoNormal>Colin<o:p></o:p></p>

<p class=MsoNormal>&nbsp;<o:p></o:p></p>

<p class=MsoNormal><span style='color:gray'>&nbsp;</span><o:p></o:p></p>

<p class=MsoNormal>&nbsp;<o:p></o:p></p>

<p class=MsoNormal><span style='font-size:12.0pt;font-family:"Times New Roman","serif"'>====<br>
CAUTION:&nbsp; This email message and any attachments contain information that
may be confidential and may be LEGALLY PRIVILEGED. If you are not the intended
recipient, any use, disclosure or copying of this message or attachments is
strictly prohibited. If you have received this email message in error please
notify us immediately and erase all copies of the message and attachments.
Thank you.<br>
==== <o:p></o:p></span></p>

<pre><o:p>&nbsp;</o:p></pre><pre>_______________________________________________<o:p></o:p></pre><pre>LC mailing list<o:p></o:p></pre><pre><a
href="mailto:LC@kantarainitiative.org">LC@kantarainitiative.org</a><o:p></o:p></pre><pre><a
href="http://kantarainitiative.org/mailman/listinfo/lc">http://kantarainitiative.org/mailman/listinfo/lc</a><o:p></o:p></pre>

<p class=MsoNormal><span style='font-size:12.0pt;font-family:"Times New Roman","serif"'><br>
&nbsp; <o:p></o:p></span></p>

</div>


====<BR>CAUTION:&nbsp; This email message and any attachments contain 
information that may be confidential and may be LEGALLY PRIVILEGED. If you are 
not the intended recipient, any use, disclosure or copying of this message or 
attachments is strictly prohibited. If you have received this email message in 
error please notify us immediately and erase all copies of the message and 
attachments. Thank you.<BR>====
</body>

</html>