| We seek to help establish an internet identity
infrastructure or "ecosystem" that: (a) allows consumers to authorize
or
deny high-value, online transactions that are attempted using their identities,
and (b) allows service providers to authenticate the identity claimed by
someone engaging in high-value transactions. Examples of high-value transactions would include the establishment of a new credit account (such as a credit card or loan), access to existing financial accounts (including movement of money out of those accounts), ability to make payments from specific payment accounts (including credit card accounts), access to online health records of specific individuals, and access to "personal data stores" that contain sensitive personal information, or information that otherwise should be strongly protected against unauthorized access. Such an identity infrastructure, if designed and implemented appropriately, could significantly reduce identity theft and identity fraud on the internet, thereby protecting consumers as well as online businesses. We work with individual organizations and consortia to help evaluate and/or specify policies, "trust frameworks", strong authentication methods, and other criteria needed to implement and deploy an identity infrastructure in a way that allows consumers to opt-in to participate, protects consumer privacy, provides usable online credentials and strong authentication methods, and is economical to implement and deploy. |
A number of industry initiatives are related to this goal, many of which we participate in:
| Kantara Initiative's Consumer Identity Workgroup | The Kantara Initiative
was formed in June 2009 with the goal of ensuring “secure,
identity-based, online interactions while preventing misuse
of personal information so that networks will become privacy protecting and more natively trustworthy environments.” Kantara’s mission will be realized through various Work Groups and Discussion Groups. I'm Chair of the Consumer Identity Work Group, which was formed to help foster the development of a consumer-friendly, privacy-protecting, high assurance ‘identity layer’ for the internet that enables consumers to fully exploit the potential of the internet without fear of identity theft. The goals of the CIWG are contained in a proposed Project Plan. We also contributed a set of preliminary scenarios, use cases, and definitions for high assurance consumer identity. These can be viewed on the CIWG website here, or downloaded as a pdf here. |
| Kantara Initiative's Healthcare Identity Assurance Workgroup | The purpose of the Workgroup is to "design, implement and test reference applications for secure access to health information." We are a participant in these activities. |
| ANSI Identity Theft Prevention & Identity Management Standards Panel (IDSP) | "The ANSI Identity Theft Prevention and Identity Management Standards
Panel
(IDSP) is a cross-sector coordinating body whose objective is to
facilitate the
timely development, promulgation and use of voluntary consensus
standards and
guidelines that will equip and assist the private sector, government
and
consumers in minimizing the scope and scale of identity theft and
fraud."
We contributed to, and help author, several of IDSP's reports.
|
| Open Identity Exchange (OIX) | "Open
Identity Exchange is a non-profit organization dedicated to building
trust in the exchange of online identity credentials across public and
private sectors." |
| National Stratety for Trusted Identities in Cyberspace | "The National Strategy for Trusted Identities in Cyberspace, focuses on the
protection of the identity of each party to an online transaction and
the identity of the underlying infrastructure that supports it. This
Strategy seeks to improve cyberspace for everyone – individuals,
private sector, and governments – who conduct business online." A draft version of the Strategy was released on June 25, 2010 and is currently available for public review. |
| Liberty Alliance Identity Theft Special Interest Group | Although this group is now defunct, I was Chair for awhile. The purpose of the SIG was to "discuss identity-based crime as a whole, creating a forum for industry recommendations and action (eg. identity theft, identity fraud, etc)." |