Digital Identity: Who Wants to Know and Why What the Business of Identity Means to Privacy - PowerPoint PPT Presentation

1 / 20
About This Presentation
Title:

Digital Identity: Who Wants to Know and Why What the Business of Identity Means to Privacy

Description:

Because her credit card number had been used in several cities, she was told she ... and may include 'challenge/response' inquiries: 'what kind of car do you ... – PowerPoint PPT presentation

Number of Views:30
Avg rating:3.0/5.0
Slides: 21
Provided by: carolcoy
Category:

less

Transcript and Presenter's Notes

Title: Digital Identity: Who Wants to Know and Why What the Business of Identity Means to Privacy


1
Digital IdentityWho Wants to Know and
Why?What the Business of Identity Means to
Privacy
Carol Coye BensonManaging PartnerGlenbrook
PartnersTrusted Advisors in Financial Services
2
Why Digital Identity Should Matter to You
  • Digital identity is the attachment point for
    privacy rights in remote domains
  • New developments in digital identity may result
    in increased consumer privacy exposures
  • But - new capabilities in digital identity may
    provide powerful tools to control consumer data
    and mitigate privacy risks

3
Whats Pushing Change in Digital Identity
  • Economic Factors
  • Broad scale use of the Web as an information and
    task utility much of which needs to be
    identity enabled
  • Identity theft losses
  • Political Factors
  • National security
  • Consumer outrage at identity theft
  • Technical Factors
  • Shared authentication capabilities

4
Money Creates the Problem.
  • A problem abuse of consumer data
  • Driven by marketers wanting to make money
  • Managed with considerable success - by
    regulatory constraints put on enterprises,
    limiting their ability to use data
  • A worse problem identity theft
  • Driven by thieves wanting to steal money
  • No one has yet found an adequate solution

And money is also driving investment in digital
identity technologies that may help solve these
problems
5
(No Transcript)
6
The United States Today An Economic Structure
That Enables Identity Theft
Good Guy
Existing and Past Creditors
Credit Reporting Bureaus

Bank
CreditCard Co
Store
MortgageCompany
ProspectiveCreditor
AutoLoan
FinanceCompany
Store
Bad Guy
Store
Broker
Credit Card Co
7
Digital Identity What is It?
  • A data record associated with an individual which
    is used to give access to rights, information, or
    systems. The manifestation of digital identity
    is an identity credential
  • Every identity credential is characterized by
  • A credential technology
  • A credential issuer
  • A registration process
  • A credential holder
  • A relying party or service provider
  • A presentation and validation process
  • A management process

8
Digital Identity How it Works
Authentication
Registration
Registration is the process of verifying identity
and any profile data collected, and issuing a
credential
Authentication occurs when a credential holder
presents their credential to a relying party The
relying party usually takes steps to validate the
credential The relying party then makes access
to services or systems available to the
credential holder
9
Digital Credentials Arent That Different
The Physical World
The Digital World
Issued by theparty thatuses (relies on)them
ID/Passwords
Employer ID Bank ATM Card
PKI Certificate
Credit Card
Issued by third parties
Both physical and digital identity credentials
provide direct authentication
10
Inferred Authentication
  • Inferred authentication is used in the absence of
    a valid direct credential
  • Inferred authentication is a form of sleuthing to
    try to figure out if an identity claim I am
    Sally is valid.
  • Inferred authentication includes checking an
    individuals claim (name, address etc.) against
    one or more databases, analyzing data and may
    include challenge/response inquiries what
    kind of car do you drive?
  • Similar to credit risk management processes used
    by credit granting institutions
  • Use of inferred authentication is growing rapidly
  • There is a large and growing field of
    sophisticated solution providers

11
Where Inferred Authentication is Used
The Physical World
The Digital World
As the registration process prior to issuing a
digital credential
Issued by theparty thatuses (relies on)them
ID/Passwords
Employer ID Bank ATM Card
PKI Certificate
Credit Card
?
Issued by third parties
As an alternative to direct authentication in
digital or remote - environments
12
Inferred Authentication Works, But.
Analysis Scoring Logic
CustomerProprietary
  • Inferred authentication techniques are unwitting
    enablers of identity theft
  • One could argue that some inferred authentication
    techniques are themselves violations of consumer
    privacy

Source Data
Decision Logic
Public
Data
VendorProprietary
Consortia/Shared
13
Whats New Shared Authentication
  • Shared authentication will let direct credentials
    be more widely used in remote settings thereby
    avoiding the need for inferred authentication.
  • Shared authentication is a set of new
    technologies, standards, and business practices
    that allow a credential issuer to assert the
    identity and associated profile data of an
    existing credential holder to a third party

Authentication
Registration
Assertion
14
Shared Authentication
Credential Issuerand First Relying Party
Second Relying Party
? Normal Log-in
? Identity and Profile Data Assertion
? Consent process (at setup) do you want to be
automatically logged onto this Relying Party from
our site?
? Log-in through shared authentication
Credential Holder
15
Activity in Shared Authentication
  • Standards Quasi-Standards
  • The Liberty Alliance
  • OASIS/SAML
  • WS/Security
  • Shibboleth
  • Products Services
  • Verified by Visa
  • Microsoft Passport

16
Business Roles in Shared Authentication
  • As credential issuers conducting the original
    registration process for a credential
  • As relying parties using credentials to grant
    access to services
  • As vendors
  • Providers of enterprise software in identity
    management
  • Service providers of credential assertions to
    downstream relying parties
  • Providers of identity enabled applications
    particularly data stores
  • Providers of identity infrastructure and network
    services

17
How Will Credentials be Valued?
18
Issues in Implementing Shared Authentication
  • What price identity? how much will be paid
    for third party credentials
  • The buck stops where? - who is liable and
    for what
  • You did what? - managing data privacy in an
    identity enabled marketplace

19
What it Means to Privacy
  • The ability to link consumer digital identities
    and their associated profile data increases the
    risk of consumer exposure
  • New products are privacy aware and include
    consumer consent but increasing complexity may
    make it difficult for consumers to grasp what it
    is they are consenting to
  • Increased utility of existing direct digital
    credentials may make it possible to reduce the
    amount of inferred authentication being done
    behind the scenes
  • I can prove its me

20
Glenbrook Partnerswww.glenbrook.comGlenbrook
Partners is a consulting and research firm that
helps clients leverage the electronic delivery of
financial services, with particular focus on
payments, identity management, and
authentication.
  • Carol Coye Benson(1) 541 301 0139carol_at_glenbrook
    .com
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Digital Identity: Who Wants to Know and Why What the Business of Identity Means to Privacy" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!