[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Revised Minutes for September 20th TC call
Revised minutes for the face-to-face meeting of the Electronic Identity Credential Trust Elevation Methods (Trust Elevation) Technical Committee September 20, 2012 1. Call to Order and Welcome. 2. Roll Call Attending (please notify me if you attended the meeting but are not on the list below)
60 percent of the voting members were present at the meeting. We did have quorum. 2. Agenda review and approvalWe used the following chat room for the call: http://webconf.soaphub.org/conf/room/trust-el chat room text is included at the end of the minutes. Abbie asked for additions.Don made a motion to add David Rennie of the UK Cabinet Office to the agenda, There being no objections, the agenda with the addition was approved. 3. Approve MinutesAbbie asked the TC approval to approve the minutes from the last meeting of August 23rd.He asked if there were any objections. There being no objections, the minutes were approved.4. Guest - David Rennie of the UK Cabinet OfficeDon introduced David. One of the key components of the UK IDAP program is the notion of citizen engagement at what we in the US would call LOA-1. One of the particular challenges of the program is ubiquitous citizen or user engagements. The program needs to cover as much of the population as they can. The other is to look for low cost agile ways to verify an identity and enable different cabinet departments to engage the citizen at higher levels of assurance. One goal is to further raise the TC’s awareness of the goals and requirements of the program.Another is for us to further inform UK colleagues on the status of our analysis.Mary has a broad an understanding as any of us. She might single out something to bring to the attention of your colleagues.David explained that the government’s initial goal is to enable everyone in the UK to have a digital identity. The notion is that in a digital age, every citizen should be able to assert a trustworthy digital identity on an equal basis. We have groups in UK that are excluded, especially from financial services. Participating can be too difficult and expensive for some. Gov can’t exclude certain segments of society. The objective is to enable all members of society to be able to easily assert digital identity. We are in the middle of the project. At the moment, we are procuring a market of services. We will have 4-10 identity providers that will be commissioned to create digital identities for citizens. One of the issues is establishing the standard. It is relatively easy to establish identity at low levels, but high is hard and more useful. The specific transaction we are starting with is universal benefits. It requires a relatively high LOA. One question is do we allow the person to start with a low level ID and improve the LOA by checking the data that the customer asserts against the back office? Or do we ask the private IdP to establish identity to a higher level? That potentially requires a F2F document check, but then they [citizens] can use that identity for many transactions. The project team is in a debate at the moment. Do we start low and get high volumes and get channel shift? We think in the future it will be easier to raise the level electronically, so we are looking at ways to do that. We are also looking at new Social Network verification methods. They are future. We need these to be operational in 2013.Abbie said this is a very good introduction.Don said to David it may be helpful to talk about your near term plan to resolve the trust el questions you outlined.David replied for our near term plan we have four LOA’s (0-3.) It is hard to make risk decisions based on credential level. So we have broken these out into 3 different scores: the citizen /government footprint, their financial footprint and their social footprint. [As an interim step] we allow levels 1.3 and 1.6 as part of the process, then come back to the [four] levels. Government data isn’t generally available electronically. Haven’s sorted social class yet. Originally, if we went back 5 or 6 years, we thought banks a natural place to be identity providers. We’ve been cajoling UK banks to play that role for a number of years. They have been reluctant due to liability issues. So we haven’t progressed very quickly. It has been helpful to drop PayPal into the discussion regularly. Banks are seeing the advantages of what we are doing. We are rethinking how payments are done. Credit cards were designed before the internet. You would design them differently now. Banks have regulatory obligations. A number are seeing opportunity to see if some of the data can be used as a service when conducting transactions. We are looking to progress a number of alpha projects that progress to production.Abbie said he can add a little bit about bank’s reluctance. Liability is an issue. A banking system was not designed to attest to another party. A lot of banks work as divisions. There isn’t a consistent view of the customer across all divisions. You don’t want to get two different addresses for one person. There is a lot of internal work that would need to be done before banks can do this. Don commented that one thing that may be of interest is, from a government point of view, what are the anticipated mechanisms for addressing liability?David replied we recognize that we may need to have legislations. That is being considered in the UK. The methodology we are adopting is buyer beware. Every RP needs to be able to assess the information it receives. We need a contractual model with IdPs so that if they say we have a LOA-2 [credential], we have confidence with that. The RP should cover is own risks, shouldn’t transfer that back to the IdP. This requirement changes how the ecosystem works. If the RP is only getting stuff from one IdP, there is a limit to what you can do (without an LOA-4 credential.) If the RP can get information on the user from multiple sources, the RP can elevate trust and have their own risk engine confirm it from multiple sources (that are not LOA-4). The ecosystem needs to have better means of attribute aggregation and have brokers that can enable that. David said that is the argument I had yesterday with Mike P. We currently allow collecting attributes from different sources. We don’t have attribute providers at the moment. User may not have sophistication to use therm. If we can only establish a person at a low level, the attribute providers are less willing to share attributes. So need to start with a high level of assurance. So have hurdle of trust to get over. Abbie said we don’t need to do that. You can’t legislate trust. You can perform a transaction because of multiple relationships or because they pay on time. The tight coupling to one IdP is restrictive.David said he would like to discuss it further. Abbie will connect him with online consumer business team. They have branches in UK and Europe.David asked if there was a document on the theory.Abbie replied that he can’t release it.Don asked Mary to comment and talk about where the TC was in its deliverables.Mary replied that there wasn’t enough time for her to ask David all the questions she had. We have completed our survey of methods of trust elevation (phase one), and now in phase two we are analyzing the methods we identified. In phase three we will look at how we can combine two methods to elevate trust and achieve specific LOA’s. So David’s and the TC’s work are well aligned. It make sense for us to coordinate as he has a real world example and there id very direct application. With respect to his question about starting with identity proofing at a high level or starting with lower level credentials, She wouldn’t frame the question as either, or. David thanked the TC. He asked to be pointed to background reading. Matt is leading his work on standards. They plan to migrate this work to OIX. He would like to get his team involved in this committee and will follow-up off line with these people. 5. Editors update on Second Deliverable (Analysis phase)Mary confirmed that the next face-to-face (F2F) meeting is set for October 9 in Washington DC. The event will be from 8:30 AM to 5:00 PM. (The official start is 9:00, doors open at 7:30).The location is CA’s new office at 607 14th street (between F and G streets.) Thanks again to CA for hosting. Mary thanked CA again for offering to host.The purpose of the event is to review the phase two method analyses and also to begin discussion of how to structure phase 3. Mary suggested that even if we don’t completely finish with phase 2 during the meeting, it is important to spend some of the session discussing how best to begin Phase 3.Mary continued that as part of the preparation for the F2F meeting, several persons had signed up for drafting method analyses and presenting them on the TC calls leading up to the F2F. She asked Dale to review her KBA analysis (which has been posted to the TC website.)Dale approached KBA from two different aspects. One is static and one is dynamic. There are two method examples for KBA. One is the widely used method for recovering passwords. User information is collected at registration. Every time she logs into her bank from a new computer in Canada, she is asked a static KBA question. The other application she has used at Verizon is as part of the identity proofing process. At Verizon they use dynamic KBA. Users need to answer dynamic questions correctly in a limited time frame as the proofing process is being performed. One can use multiple services, data aggregators, government and industry relationship data, multiple 3rd party databases to check for accuracy and also relationship data and data procured at enrollment time. She then went on to discuss how this method improves trust. There are two factors. Within NIST, in the US, KBA is only equivalent to LOA-2 as a standalone. Even combining it only gets you to LOA-2. The use of dynamic KBA, can you answer correctly in specified time, has the potential to elevate trust. If you can put some limitations around it you can elevate trust. The next threat I looked at is eavesdropping. It can be mitigated with dynamic KBA… Dale continued through her document, and discussed implementation requirements. There are issues of provenance. Questions can reveal confidential information. There are also practical issues outlined in her document.Dale asked if there were any questions.Don said the silence was applause.Mary thanked Dale.6. Attendance Update We achieved quorum. 7. Adjournment Mary asked for a motion to adjourn. Gershon moved to adjourn. Don seconded the motion. Mary thanked Don. If anyone has further interest in the UK government project, Don can point you to the appropriate places. The meeting was adjourned. >>>>>>>>>>>>>>>>>>>> Gershon Janssen: Dailing in in a few minutes... anonymous morphed into Shaheen Don Thibeau Open Identity Exchange : Perhaps Mr. Rennie can share an update on the UK IDAP Program |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]