[KI-LC] Telecon Reminder - Wed, Sept 23 at 15:00 UTC

Iain Henderson iain.henderson at mydex.org
Wed Sep 23 12:31:06 PDT 2009

That is correct thanks, and yes we'd intend to cover the areas you  



On 23 Sep 2009, at 15:55, Bob Pinheiro wrote:

> I'd expect that what I'm proposing would be part of the large-scale  
> project that is being proposed for 2010, not the project for 2009,  
> which I understand to be mostly a literature review.  I thought that  
> the actual proposal for 2010 is going to be developed as part of  
> this preliminary 2009 work.  If my input is requested as part of  
> putting together a 2010 proposal, I'll be glad to provide it.
> Bob
> J. Trent Adams wrote:
>> Bob -
>> Are these areas of exploration you need to see addressed in the  
>> written
>> request for funding before you can support it?
>> If so, can you suggest a concrete statement that could be added to  
>> the
>> proposal?
>> Thanks,
>> Trent
>> Bob Pinheiro wrote:
>>> From the viewpoint of the Consumer Identity WG, I would like to see
>>> this work also explore what kinds of incentives would be necessary  
>>> in
>>> order for consumers to adopt stronger security measures (ie,  
>>> stronger
>>> authentication) for access to online financial accounts and other
>>> high-value online services, as well as for making online payments
>>> using credit card numbers and other payment services.
>>> As an example, how might consumers react to policy changes by online
>>> service providers designed to stimulate greater usage of more secure
>>> login procedures?  Many financial service providers and payment
>>> services require only weak authentication (eg, passwords / challenge
>>> questions) for making online payments or accessing financial
>>> accounts.  Use of credit card numbers for making online payments
>>> requires only knowledge of the cc number, security code, and
>>> expiration date.  What if these service providers said something to
>>> consumers like: "Look, you can continue to access your financial or
>>> payment account using only a password or challenge questions if you
>>> wish.  But be advised that if your information is compromised and
>>> unauthorized persons access your account, we may not be able to  
>>> cover
>>> any losses you incur.  In order to be fully protected, you must  
>>> adopt
>>> one of these more secure methods for accessing your account."
>>> These other methods may involve OpenID or Information Cards coupled
>>> with two factor authentication, or other more secure login  
>>> procedures
>>> than are currently in use.
>>> Insight into these issues would likely also benefit the ULX WG as  
>>> well.
>>> Bob
>>> ---------------------------
>>> Bob Pinheiro
>>> Chair, Consumer Identity WG
>>> 908-654-1939
>>> kantara at bobpinheiro.com
>>> www.bobpinheiro.com
>>> Iain Henderson wrote:
>>>> Trent, sorry but I now can't make the call today; so let me try and
>>>> address the remaining query over the proposed 2009 funding request
>>>> for scoping of a consumer market research project via e-mail.
>>>> The remaining query that i'm aware of is from Ken Salzberg, as  
>>>> per below.
>>>> /
>>>> /
>>>> /'In reading the proposal, there is one thing that stands out as a
>>>> potential issue for me./
>>>> /
>>>> /
>>>> /In the Exec Summary the following statement is made:
>>>> /
>>>> /"The ultimate aim is to produce a statistically valid body or
>>>> research available to
>>>> consortia partners that will enable product/ service design for  
>>>> those
>>>> wishing to deploy
>>>> and engage with user-centric/ user-driven identities."
>>>> /
>>>> /In the Kanatara benefit section it states:
>>>> /
>>>> /"This project seeks to build and enable genuine thought leadership
>>>> across technology,
>>>> business model, regulatory and user experience in the digital
>>>> identity realm."
>>>> The issue I have is that I question the use of Kantara funds to  
>>>> drive
>>>> development of member products and services, which does not seem
>>>> appropriate to me. This could certainly be a side benefit, but not
>>>> the direct purpose.
>>>> I agree that the thought leadership is a worthy goal, but is a bit
>>>> weak on its own.
>>>> What I would like to see is something that shows how this research
>>>> will help drive/market work being done in one or more WGs.'/
>>>> My perspective on that is as follows:
>>>> - the funding request only relates to $5k in seed corn investment  
>>>> to
>>>> kick start what will undoubtedly be a big and expensive research
>>>> study (it has to be to genuinely get at real consumer needs in a
>>>> statistically valid manner that can be modeled).
>>>> - the second and third phases require additional investment,  
>>>> expected
>>>> from organisations with large customer/ citizen bases who have an
>>>> incentive in better understanding customer needs (i.e. it helps  
>>>> them
>>>> build better products and services). They won't invest unless they
>>>> are getting something back that is relevant to them.
>>>> - combining the Kantara initiation and management of this study
>>>> enables both a body of knowledge to be built and made available for
>>>> the greater good, *and* also the development of better products and
>>>> services that are the only thing that will close the current gap.
>>>> Note i'd assume the terms of investment in stages 2 and 3 would be
>>>> that the investors get early access to the results, but the overall
>>>> body is published on an open basis.
>>>> Also, to be clear; this is not a proposal aimed at only UDVPI  
>>>> issues;
>>>> to date we have interest from the P3P, eGov and UMA groups. I don't
>>>> expect that interest to firm up until the scoping work more clearly
>>>> articulates the proposed research, but this is very definitely  
>>>> aimed
>>>> at being a Kantara wide study and not just for one work group.
>>>> Hope that helps.
>>>> Regards
>>>> Iain

Iain Henderson
iain.henderson at mydex.org

This email and any attachment contains information which is private  
and confidential and is intended for the addressee only. If you are  
not an addressee, you are not authorised to read, copy or use the e- 
mail or any attachment. If you have received this e-mail in error,  
please notify the sender by return e-mail and then destroy it.

More information about the LC mailing list