View
59
Download
0
Category
Preview:
Citation preview
Andrew NashSenior Director of Identity Services
Topics in Identity and Payments
Progress in Identity “Ownership”
Enterprise Centric1 2
Federated Partners
3
User Centric
Social Networks
Mashups Web 2.0
Tagging e-commerce
Finance
Participants
People Services
Identity Services
AttributeProviders
Credit Card EcosystemMultiple Value Flows
Merchant
Consumer Acct
IssuerAcquirer
CardNetwork
merchantdiscount
usagefees/awards
Switch fee/assessment
Switch fee/assessment
Interchangefee
Service Transactional Opportunity
identity service
ConsumerClaims
Fraud/RiskReduction
TargetedMarketing
ReducedFriction
IncreasedCheckout
Completion
cookieshistorical
data
checkout-time
identity
The Identity Trust Gradient
LowValue
HighValue
None
Extreme
Transaction “value”
Regulatory /Compliance /
Risk
Blogs
SocialNetworks
Shopping
Financial
Health
IntelligenceAgency
Shopping
Levels of Assurance Gaps
• Unlike NIST, risk based systems are not a one time identity proofing exercise
• Continual verification of identity “goodness”– Context, transaction history, behavior, …
• Enhancement to authentication– Triggers for step-up authentication
Brokerage Values
• Reduce # of identity sources service providers build business and legal relationships with
• Act as consumer advocate
• Create a simplified policy view across domains
• Simply integrate user attribute management
• Provide an integration point for multiple sources of information from attribute providers
• Amortize costs of higher value features including 2FA
Role of IDP?
ConsumerIDP
“I am very privacy conscious”
“All informationshould be free”
“Help keep me safe”
“Assurance Level 3”
“Moderate levels of
private information ”
“Anonymous
is ok”
ConsumerAgreements
RelyingParty
Contracts
InformationClassification
Attribute Providers
The Three Laws of Consumer ID Svcs
1. An ID Svc may not injure a consumer, or through inaction, allow a consumer to come to harm.
2. An ID Svc must obey orders given by consumers, except where such orders would conflict with the 1st Law.
3. An ID Svc must protect its own existence as long as such protection does not conflict with the 1st or 2nd Law.
Recommended