[WG-UMA] How we would handle the Soccer Club sharing issue

Domenico Catalano domenico.catalano at oracle.com
Thu Mar 24 18:34:05 EDT 2011


Hi Kevin,

if I understand well the approach that you describe, in particular for the "National Consumer Credit Protection Bill" scenario, it is similar to the tClaims approach that we discussed some weeks ago.

http://kantarainitiative.org/confluence/download/attachments/19660903/UMA_Enterprise_tClaims_V3.pdf

Domenico


On Mar 24, 2011, at 9:52 PM, Kevin Cox wrote:

> After listening to the discussion this morning I wondered how the approach we have adopted would handle the Soccer Club sharing of data.  
> 
> A little background. Our company (Edentiti) supplies a verification of identity service that enables an individual to "prove" that a person with their credentials (name, address, date of birth) exists.  They do this by accessing their personal records in other people's databases particularly government databases.  These records are made available for other purposes through public websites.  For example, it is possible in Australia for registered organisations to get access to the Immigration Entry Data Base to see if a person has a valid visa to work in the country.  It is possible to check with the passport office to see if your passport is due for renewal and to make an application for a new one.
> 
> We establish whether a person who makes the various claims is the real person with this identity, not by proving it at the time, but by them leaving behind electronic markers that can be used to attach them to the record.  These are the common things like openids, passwords, voice prints, mobile phone numbers, electronic tokens etc.  This combined record becomes an electronic ID.  
> 
> We are in the process of convincing people that it makes sense for the people they deal with to have different sorts of IDs.  So an organisation might have an XXXXXID where XXXXX is the name of the organisation.  When a person comes to an organisation and they are using their XXXXXID then the organisation knows that they have certain sorts of permissions and those permissions can vary depending on the role they have within the organisation.  So if the person is a customer of bank they have certain privileges like only looking at their own records.  If they are a teller in the organisation they can view the bank accounts of a customer who has made a query.
> 
> How does that handle the Soccer Club problem?
> 
> People in the Soccer Club would be able to obtain a Soccer Club ID from a trusted ID supplier.  The person proves to the ID supplier that they are entitled to have a Soccer Club ID. This gives them certain privileges in the Soccer Club and when they come to the Soccer Club they use their Soccer Club ID and the Club - because the person uses a Soccer Club ID knows they can give them access. 
> 
> How does this idea work on a broader scale.
> 
> The Australian Government has passed legislation called the "National Consumer Credit Protection Bill 2009" which requires lenders to ensure that they have checked the capability of the lender to repay the loan.  As with many laws industry is given a period of grace to work out how to comply with the laws and to put in place procedures to show that they comply.  That period ends in mid year but the industry has not yet come up with a system that enables them to easily and electronically fulfil their obligations.  They are under some pressure to do something.
> 
> We are proposing a CreditCheckID approach where an individual obtains a CreditCheckID. They use it to get access to their credit obligations with credit providers and their income sources and so supply a lender with uptodate verified information on which the credit provider can make a decision.  The draft of the proposal is attached.
> 
> This fits into the UMA model by the person themselves being the authorisation manager because all communication goes via their trusted electronic id which they control.  This trusted electronic id has been set up by the person.
> 
> 
> Kevin
> 
> 
>  
> 
> -- 
> 0413961090
> Home +61 2 62410647
> Fax +61 2 6103 0144
> 
> http://www.linkedin.com/in/kevinrosscox
> 
> <CreditCheckID.doc>_______________________________________________
> WG-UMA mailing list
> WG-UMA at kantarainitiative.org
> http://kantarainitiative.org/mailman/listinfo/wg-uma

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://kantarainitiative.org/pipermail/wg-uma/attachments/20110324/08c23078/attachment-0001.html 


More information about the WG-UMA mailing list