November22007

Jump to: navigation, search

Identity Theft Prevention Special Interest Group Nov. 2, 2007

NEXT MEETING: FRIDAY, Nov. 15, 9:30 am PT

Attendees:
Bob Pinheiro, Robert Pinheiro Consulting
Nick Coleman, IBM
Abhilasha Bhargav-Spantzel, Purdue University
Eric Nelson, Stop ID Theft
Kevin O’Neil
Steve Bramson, Credentica
Britta Glade, Liberty

Discussion about the Identity Assurance Framework. Details about identity proofing. Discussion about how identity levels are determined. Purpose/opportunity for relying identity providers. Discussion of IdPs and how they can be verified. T-Scheme, FIXs, eAuth, , etc. NOTE: this document has been voted for public review.

CSIS paper commissioned by PPEG. Challenge of creating a large-scale authentication network. Example of Finland—gives every citizen an ID card. How best achieve high assurance trust? Bank or motor vehicle dept, etc., issuing credentials. Need to still answer the business issues—who issues and how verify. Discussion about InCommon and what it’s capable of; how it’s deployed.

  • How do you determine liability?
  • How/why are people interested in being IdPs?
  • Do people charge fees to do identity verification?


Does trying to prevent identity theft present a great enough business case for someone to want to be an IdP? Probably not—but trying to avoid liability issues may. Identity theft issues seem to piggyback what’s being discussed here—working with relying parties.

Kevin: notion of a “data slave trade”—trying to introduce a concept to formalize a discussion around this.

  • Discussion about a new “do not call list”--IDTheft type parallels”Do not monitor me” list; *or* “call me first” list—combine best of the fraud alerts, with onous on the credit bureaus to call you first
  • How to give people greater control on how their information is used
  • Op-ed opportunity for this (NYT site suggestions for review)
  • Feedback on document requested/appreciated


Goal for the group—what should we be doing? Review of what other SIGs are doing. eHealth in particular seems analogous to us in that they are trying to bridge to other groups. Direction for the group—what are we doing and what do we want to accomplish? Thoughts from group: We’re in the middle of an ongoing evolution in identity with things colliding—political, technological, standards, etc—this can be the grounding for our conversations. In a position to be public, town-hall discussions on the subject matter. Continue to invite people to talk/discuss.

Discussion about ANSI IDTheft panel. Identity “traffickers” would argue that what they do makes it easier and better for people to obtain credit.

  • “loose” credit is probably behind a lot of the IDTheft problems. Yes, it’s in the best interest for the credit provider to do the background search, but doesn’t always happen (consider the current sub-prime mortgage issues we’re currently experiencing)
  • Existing fraud alerts puts the burden on the credit granter to have done their job—but it’s not always in their interest to do this thoroughly—credit bureaus, perhaps, have more self interest.


We need to focus on making information, if stolen, useless. Discussion about what encryption providers are doing. Anonymous credentials on the identifier.

  • Liberty is focused on privacy as it relates to identity. Specs reflect that.

How do we make the data “self trusting”?

What privacy “rights” do we have in the US Constitution? Discussion that Canada is way ahead of us here.

Retrieved from "http://wiki.projectliberty.org/index.php/November22007"
Personal tools