IdentityTheftSIG
Contents |
[edit] Charter
Group: Cross organizational, vertically focused
DATE: APRIL 20, 2007
1. Description and Goals
The Identity Theft Prevention SIG exists for Discussion of identity-based crime as a whole, creating a forum for industry recommendations and action (eg. identity theft, identity fraud, etc). Specific goals include:
- Generation of best practice guidelines/suggestions/technical recommendations to feed into appropriate Liberty Alliance expert groups and other interested community bodies
- Generation of a taxonomy for defining ID Theft and application of Liberty (current and potential futures) to various elementsDefining opportunities in deploying appropriate technical and policy solutions to help mitigate identity theft
- Serving as a community body for discussion and upleveled awareness of solutions (existing and potential) for ID theft/fraud protection or mitigation
- Serving as experts on ID Theft with clearly articulated messages
- Providing education to businesses and the people they serve regarding ID theft (both members and non-members)
- Serving as a catalyst for responsible development, maintenance and implementation of identity infrastructure, from both a policy and a technical perspective
2. Scope
The Identity Theft Prevention SIG is chartered to:
- Provide subject matter expertise with respect to identity theft and methods that lead to identity theft
- Become a forum for identity theft-specific discussions of interest to the public community
- Where appropriate, take part in the identification and planning of identity theft industry events
3. Criteria for Success
- Sufficient participation from interested community experts, including Liberty members and non-members
- Strong information sharing on identity theft topics across the group
- Regular meetings (phone and/or physical) to facilitate group communication, experience sharing and guidance
4. Duration
The Identity Theft Prevention SIG is chartered by the Liberty Management Board. It may be amended from time to time.
Resource Requirements The SIG requires the following support from the Liberty organization:
- Mail lists established, with archives, on the public pages with a dedicated wiki
- Globally available conference call facilities, with a dedicated conference call number which all participants can access
- Ability to delegate tasks to appointed Program Management office including, but not limited to, management of the mail lists, registration/retirement of participants, and arranging of conference call facilities for external and internal use
Active member participants in the SIG are expected to:
- Actively participate and drive the e-mail discussions, teleconferences, and identity theft-related events.
- Collaborate and provide identity theft expertise to other Liberty entities as requested.
5. SIG meetings
The Identity Theft Prevention SIG will primarily communicate using the e-mailing lists and conference calls. A SIG open mailing list and wiki has been created.
6. Memberships
Membership in the Identity Theft Prevention SIG is open to the general public.
[edit] Meeting Minutes
[edit] Open Questions
1. Comparing RBAC with attribute based access control; which is more fruitful for current IdM systems?
2. What's a good/acceptable definition of identity theft?
3. How does the security analysis in the landscape document [1] relate to identity theft? (What are the gaps)
[edit] Papers
[edit] Identity Theft Technical Document
This document contains several references to possible technical solutions towards mitigating the threat of identity theft. Please feel free to add more links or provide comments!
2. How does Identity Theft Occur?
4. Desired Properties of a Federated Identity Management System
5. Technology Solutions and Tools for Identity Theft Prevention
- 5.1 Policy Languages
- 5.1.1 P3P
- 5.1.2 SAML Assertions:
- 5.1.3 XACML Authorization Policy
- 5.2 Cryptographic Tools
- 5.2.1 Secret Splitting
- 5.2.2 Zero Knowledge Proofs
- 5.2.3 Anonymous Credentials
- 5.3 Trust Management
- 5.3.1 Anti Phishing Tools
- 5.4 Database Security
6. Phases of Identity and Corresponding Identity Theft Protection Mechanisms
- 6.1 Registration Procedure
- 6.2 Mechanism for Identity Information Storage
- 6.3 Access Control on Usage
- 6.4 Authentication
- 6.4.1 Cryptographic
- 6.4.2 Biometric
- 6.4.3 Mobile channel
- 6.4.4 Secure Hardware.
- 6.5 Authorization
- 6.6 Audit and Accountability
- 6.6.1 Reverse Surveillance
- 6.6.2 Forensics
- 6.6.3 Accountability
- 6.6.4 Compliance
- 6.6.5 Notification
- 6.7 Usability
7. Conclusion and Best Practices
[edit] License
|
Content that violates any copyright will be deleted. You agree to license your contributions under the Creative Commons Public License Attribution 2.5. When quoting, reproducing or re-using the entire documents or parts thereof, attribution shall include the name of the paper and an link to the location of the paper (where possible). |
|
[edit] External References
[edit] Participants
Steve Bramson (514) 909-2022
Abhilasha Bhargav-Spantzel (home page)
Britta Glade
Paul Biciunas [=paul.biciunas]
Kevin O'Neil
David Weitzel
Bob Pinheiro (Chair)
Eric Nelson [2]
[edit] Email Information
Go here to subscribe and follow the instructions provided.
[edit] Conference Call Information
Conference calls are generally held on Wednesdays at 9:00 am PT / 12 Noon ET / 1600 UTC.
Call-in information is as follows:
US/Canada toll-free number: 866-469-3239
US toll number: 650-429-3300
Attendee Code: 00119954 #
List of corresponding International Dial In Numbers
The last call was on February 27, 2008.
The next call is scheduled for Wednesday, April 16, 2008.
