[WG-UMA] How we would handle the Soccer Club sharing issue

Kevin Cox kevin.cox at edentiti.com
Thu Mar 24 16:52:28 EDT 2011


After listening to the discussion this morning I wondered how the approach
we have adopted would handle the Soccer Club sharing of data.

A little background. Our company (Edentiti) supplies a verification of
identity service that enables an individual to "prove" that a person with
their credentials (name, address, date of birth) exists.  They do this by
accessing their personal records in other people's databases particularly
government databases.  These records are made available for other purposes
through public websites.  For example, it is possible in Australia for
registered organisations to get access to the Immigration Entry Data Base to
see if a person has a valid visa to work in the country.  It is possible to
check with the passport office to see if your passport is due for renewal
and to make an application for a new one.

We establish whether a person who makes the various claims is the real
person with this identity, not by proving it at the time, but by them
leaving behind electronic markers that can be used to attach them to the
record.  These are the common things like openids, passwords, voice prints,
mobile phone numbers, electronic tokens etc.  This combined record becomes
an electronic ID.

We are in the process of convincing people that it makes sense for the
people they deal with to have different sorts of IDs.  So an organisation
might have an XXXXXID where XXXXX is the name of the organisation.  When a
person comes to an organisation and they are using their XXXXXID then the
organisation knows that they have certain sorts of permissions and those
permissions can vary depending on the role they have within the
organisation.  So if the person is a customer of bank they have certain
privileges like only looking at their own records.  If they are a teller in
the organisation they can view the bank accounts of a customer who has made
a query.

How does that handle the Soccer Club problem?

People in the Soccer Club would be able to obtain a Soccer Club ID from a
trusted ID supplier.  The person proves to the ID supplier that they are
entitled to have a Soccer Club ID. This gives them certain privileges in the
Soccer Club and when they come to the Soccer Club they use their Soccer Club
ID and the Club - because the person uses a Soccer Club ID knows they can
give them access.

How does this idea work on a broader scale.

The Australian Government has passed legislation called the "National
Consumer Credit Protection Bill 2009" which requires lenders to ensure that
they have checked the capability of the lender to repay the loan.  As with
many laws industry is given a period of grace to work out how to comply with
the laws and to put in place procedures to show that they comply.  That
period ends in mid year but the industry has not yet come up with a system
that enables them to easily and electronically fulfil their obligations.
 They are under some pressure to do something.

We are proposing a CreditCheckID approach where an individual obtains a
CreditCheckID. They use it to get access to their credit obligations with
credit providers and their income sources and so supply a lender with
uptodate verified information on which the credit provider can make a
decision.  The draft of the proposal is attached.

This fits into the UMA model by the person themselves being the
authorisation manager because all communication goes via their trusted
electronic id which they control.  This trusted electronic id has been set
up by the person.


Kevin




-- 
0413961090
Home +61 2 62410647
Fax +61 2 6103 0144

http://www.linkedin.com/in/kevinrosscox
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://kantarainitiative.org/pipermail/wg-uma/attachments/20110325/20e1f79d/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: CreditCheckID.doc
Type: application/msword
Size: 31744 bytes
Desc: not available
Url : http://kantarainitiative.org/pipermail/wg-uma/attachments/20110325/20e1f79d/attachment-0001.doc 


More information about the WG-UMA mailing list