[KI-LC] Telecon Reminder - Wed, Sept 23 at 15:00 UTC
kantara at bobpinheiro.com
Wed Sep 23 06:53:00 PDT 2009
From the viewpoint of the Consumer Identity WG, I would like to see
this work also explore what kinds of incentives would be necessary in
order for consumers to adopt stronger security measures (ie, stronger
authentication) for access to online financial accounts and other
high-value online services, as well as for making online payments using
credit card numbers and other payment services.
As an example, how might consumers react to policy changes by online
service providers designed to stimulate greater usage of more secure
login procedures? Many financial service providers and payment services
require only weak authentication (eg, passwords / challenge questions)
for making online payments or accessing financial accounts. Use of
credit card numbers for making online payments requires only knowledge
of the cc number, security code, and expiration date. What if these
service providers said something to consumers like: "Look, you can
continue to access your financial or payment account using only a
password or challenge questions if you wish. But be advised that if
your information is compromised and unauthorized persons access your
account, we may not be able to cover any losses you incur. In order to
be fully protected, you must adopt one of these more secure methods for
accessing your account."
These other methods may involve OpenID or Information Cards coupled with
two factor authentication, or other more secure login procedures than
are currently in use.
Insight into these issues would likely also benefit the ULX WG as well.
Chair, Consumer Identity WG
kantara at bobpinheiro.com
Iain Henderson wrote:
> Trent, sorry but I now can't make the call today; so let me try and
> address the remaining query over the proposed 2009 funding request for
> scoping of a consumer market research project via e-mail.
> The remaining query that i'm aware of is from Ken Salzberg, as per below.
> /'In reading the proposal, there is one thing that stands out as a
> potential issue for me./
> /In the Exec Summary the following statement is made:
> /"The ultimate aim is to produce a statistically valid body or
> research available to
> consortia partners that will enable product/ service design for those
> wishing to deploy
> and engage with user-centric/ user-driven identities."
> /In the Kanatara benefit section it states:
> /"This project seeks to build and enable genuine thought leadership
> across technology,
> business model, regulatory and user experience in the digital identity
> The issue I have is that I question the use of Kantara funds to drive
> development of member products and services, which does not seem
> appropriate to me. This could certainly be a side benefit, but not the
> direct purpose.
> I agree that the thought leadership is a worthy goal, but is a bit
> weak on its own.
> What I would like to see is something that shows how this research
> will help drive/market work being done in one or more WGs.'/
> My perspective on that is as follows:
> - the funding request only relates to $5k in seed corn investment to
> kick start what will undoubtedly be a big and expensive research study
> (it has to be to genuinely get at real consumer needs in a
> statistically valid manner that can be modeled).
> - the second and third phases require additional investment, expected
> from organisations with large customer/ citizen bases who have an
> incentive in better understanding customer needs (i.e. it helps them
> build better products and services). They won't invest unless they are
> getting something back that is relevant to them.
> - combining the Kantara initiation and management of this study
> enables both a body of knowledge to be built and made available for
> the greater good, *and* also the development of better products and
> services that are the only thing that will close the current gap. Note
> i'd assume the terms of investment in stages 2 and 3 would be that the
> investors get early access to the results, but the overall body is
> published on an open basis.
> Also, to be clear; this is not a proposal aimed at only UDVPI issues;
> to date we have interest from the P3P, eGov and UMA groups. I don't
> expect that interest to firm up until the scoping work more clearly
> articulates the proposed research, but this is very definitely aimed
> at being a Kantara wide study and not just for one work group.
> Hope that helps.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the LC