| We seek to help establish an internet identity
infrastructure / ecosystem that: (a) allows members of the general public ("consumers") to authorize
or
deny high-value, online transactions that are attempted using their identities,
and (b) allows service providers to authenticate the identity or authorization status claimed by
someone engaging in high-value transactions. Examples of high-value transactions would include the establishment of a new credit account (such as a credit card or loan), access to existing financial accounts (including movement of money out of those accounts), ability to make payments from specific payment accounts (including credit card accounts), access to online health records of specific individuals, and access to "personal data stores" that contain sensitive personal information, or information that otherwise should be strongly protected against unauthorized access. Such an identity infrastructure, if designed and implemented appropriately, could significantly reduce identity theft and identity fraud on the internet by reducing the ability of fraudsters to impersonate consumers as well as online businesses. We work with individual organizations and consortia to help evaluate and/or specify policies, trust frameworks, strong authentication technologies, and other criteria needed to implement and deploy an identity infrastructure in a way that allows consumers to opt-in to participate, and that protects consumer privacy, provides usable online credentials and strong authentication methods, and is economical to implement and deploy. |
A number of industry initiatives are related to this goal, many of which we participate in:
| Kantara Initiative's Consumer Identity Workgroup |
The Kantara Initiative
was formed in June 2009 with the goal of ensuring “secure,
identity-based, online interactions while preventing misuse
of personal information so that networks will become privacy protecting and more natively trustworthy environments.” Kantara’s mission will be realized through various Work Groups and Discussion Groups.
I'm Chair of the Consumer Identity Work Group, which was formed to help foster the development of a consumer-friendly, privacy-protecting, high assurance ‘identity layer’ for the internet that enables consumers to fully exploit the potential of the internet without fear of identity theft. An overview of the group's work can be found in the CIWG Interim Report. |
| ANSI Identity Theft Prevention & Identity Management Standards Panel (IDSP) | The ANSI Identity Theft Prevention and Identity Management Standards
Panel
(IDSP) is a cross-sector coordinating body whose objective is to
facilitate the
timely development, promulgation and use of voluntary consensus
standards and
guidelines that will equip and assist the private sector, government
and
consumers in minimizing the scope and scale of identity theft and
fraud.
We have contributed to several IDSP reports:
|
| North American Security Products Organization (NASPO) |
NASPO has formed a
standards development committee supporting the creation of
an American National Standard to define minimum standards for
proof and verification of personal identity. The work of this committee is available here. |
| National Stratety for Trusted Identities in Cyberspace | The National Strategy for Trusted Identities in Cyberspace (NSTIC) seeks to create an "identity infrastructure" that will enable idividuals and organizations to
utilize secure, efficient, easy-to-use, and interoperable identity solutions to
access online services in a manner that promotes confidence, privacy, choice,
and innovation.
NSTIC was signed by President Barack Obama and released on April 15, 2011. It can be obtained here. |
| Kantara Initiative's Healthcare Identity Assurance Workgroup | The purpose of the Workgroup is to "design, implement and test reference applications for secure access to health information." We are a participant in these activities. |
| Open Identity Exchange (OIX) | Open Identity Exchange is a non-profit organization dedicated to building trust in the exchange of online identity credentials across public and private sectors. |
How High Assurance Authentication Works Why High Assurance Authentication is Necessary to Fight Identity Fraud Examples of Identity Fraud Prevention Using High Assurance Authentication How Can Adoption of the National Strategy for Trusted Identities in Cyberspace (NSTIC) Help Prevent Identity Fraud?