Actually, I find that a "web" is a tangled mesh in which to entrap and is a
term that infringes on other trademarks and is a symbol that doesn't inspire
trust at all - said the fly to the spider. I think repositories only hold
value if the storage and retrieval of information can be validated to be
trusted, secure, reliable, and honest in its representations. Since trust
is an intangible value, I find it to be an unobtainable goal in ecommerce
activities based on concepts that are not managed in accordance with good
policies or even their own statements. IMHO any system that is self-managed
is quite frankly a disaster and provides me as an informed consumer no level
of trust or assurances proclaimed by any system or solution said to be good
for goodness sakes. Self managed is equivalent to saying trust me because I
say so.
Also, the wallet idea has come and gone and a second showing will most
likely result in the same.I also don't understand why it is referred to as a
"centralized" repository and then it is explained to be a "group" of
repositories. Maybe it is just me, but isn't that a "distributed" model?
Also, how do you ensure the individual is always in control of their key? I
think that statement is simply not true, grandiose, and terrible misleading
- and not a basis of building any trust; as no system could ever ensure that
the action of all its individuals was consistent and the same. Therefore,
the International Web of Trust is seriously flawed by allowing such an
assumption to be the core value of its model.
I really think this whole message has been completely self-promoting and
quite a story about X.509 certificates but vaguely disguised as a wallet,
and I think the International Web of Trust is a trap of old concepts,
proclaiming protections that are perceived based on biased assessments, and
one of the most frightening concepts for ensuring trust and identities that
I have listened to in quite awhile.
This is exactly why such organizations as IETF, ANSI, ISO, AICPA, NIST and
Kantara are so much in need to prevent such flawed solutions as this "web of
trust" from being accepted by the electronic commerce community.
(My corporate cell phone number has been changed, if you could please update
your records that would be great.)
Sincerely,
Brian
Brian Dilley CISA / CIPP / CGEIT
President
http://www.evalid8.com/services/gsaschedule70.html GSA Advantage! - Use
our GSA Schedule 70 Today!
Office: (866) 465 - 6005
Fax: (443) 957 - 9005
Cell: (443) 955 - 9885
Web: http://www.evalid8.com/ http://www.evalid8.com
This electronic message contains information from eValid8R that may be
confidential, proprietary or otherwise protected from disclosure and is only
intended for the recipient. If you should have received this transmission
in error, we do make mistakes when selecting addressees, please notify the
email originator at mailto:info@evalid8.com info@evalid8.com and please
delete that email message from your mailbox. eValid8R wants to be safe on
the Internet, and we honor clients and people's privacy. To read our
Privacy Statement, click on this link,
http://www.evalid8.com/contactus/privacystatement.html
http://www.evalid8.com/contactus/privacystatement.html .
_____
From: community-bounces@kantarainitiative.org
[mailto:community-bounces@kantarainitiative.org] On Behalf Of Michael Duffy
Sent: Saturday, January 30, 2010 12:49 PM
To: Joni Brennan
Cc: community@kantarainitiative.org
Subject: Re: [Kantara - Community] Institutional Web of Trust
As requested, we have voided all company references and provided a brief
summary. Again, we apologize for the inappropriate post.
Here is an overview of the Institutional Web of Trust concept:
*************************************************************
Executive Summary: For the purpose of securing identity, rather than
creating a centralized directory or multiple directories of private
information, it will be far better to create a central repository containing
a collection of institutional decisions which will establish an
Institutional Web of Trust. In essence, there are a limited number of
institutions worldwide (measured in thousands) that truly matter when it
comes to legitimizing identity. Digital wallets on smart phones will enable
the efficient association of unique public/private keys to a specific legal
identity (legal name and legal address). If there is a non-unique
association, an inconsistency arises in the system. If the association is
unique and verified by one or more legitimate institutions an individual's
identity is secure (as long as the private key which he/she controls is
secure).
This system secures identity, protects individual privacy and prevents the
establishment of monolithic government control. Under this system, the user
is always in control of his/her credentials.
This system makes a simplified and efficient federation process possible.
An institution could federate the identity of it's users (or a subset of its
users) simply by adding (or modifying) a credential to each of it's user's
digital wallet and creating an institutional reference within The
Institutional Web of Trust Repository.
This system provides the "Holy Grail" for single sign on.
*************************************************************
Digital credentials on NFC enabled smart phones will soon transform the
world of identity management. Within three years there will be corporate
and government deployments where all members of the organization are issued
NFC enabled smart phones for the purpose of identity management.
The basic question is, how can trust be established in the digital age? If
you and I have never met and I come to your website or place of business,
how can you be confident that I am who I say that I am? The Institutional
Web of Trust will resolve this basic question regarding the establishment of
trust.
A key component of the infrastructure will be an easy to use digital wallet
where credentials can be securely provisioned and transactions occur
smoothly. This digital wallet will be the cornerstone of NFC technologies on
mobile devices and provide the interface for identity, marketing and
financial services. Every aspect of digital life that depends on identity
and transactions will flow through the digital wallet.
This identity infrastructure will eliminate the possibility of identity
theft for all participants, protect consumers and financial institutions
from fraudulent transactions, greatly reduce cyber-crime and solve many of
the systemic problems of the current Public Key Infrastructure system,
especially the problems of certificate revocation lists (CRLs) and on-line
status checking.
The solution is simple, practical and transparent to the consumer. Consumer
acceptance will be rapid and widespread. The solution secures identity,
protects individual privacy and prevents the establishment of monolithic
government control. Under this system, the user is always in control of
his/her credentials.
The essence of the approach is very different from the "Big Brother"
approach recently announced by India. Rather than creating a centralized
directory of private information, there will be a central repository
containing a collection of institutional decisions which will establish an
Institutional Web of Trust.
Compared to a decentralized web of trust which creates a web of individuals
with, "the expectation that anyone receiving [a list of signatures] will
trust at least one or two of the signatures", we will create a system where
trusted institutions legitimize individual identity. Additionally, the
Institutional Web of Trust will have centralized controller processes that
rely greatly on self-management and automation resulting in great
efficiencies.
Digital wallets on NFC enabled smart phones will enable users to secure
their private keys and control/present their digital credentials. Because a
user's identity will be authenticated by the processes of The Institutional
Web of Trust (not a trust authority) there is no need for a trust authority
to issue and vouch for public/private keys for individual users. It is only
necessary that the public key be registered and the private key be secured.
Users can self-issue their keys.
The Institutional Web of Trust does not secure identity by, "making personal
data harder to steal". Rather, identity is secured by self-managing
logical inconsistencies within the system, resolving identity conflicts and
preventing fraudulent transactions.
As Bruce Schneier, author and security guru, pointed out, "Proposed
[identity theft] fixes tend to concentrate on the first issue--making
personal data harder to steal--whereas the real problem is the second
[preventing fraudulent transactions]. If we're ever going to manage the
risks and effects of electronic impersonation [identity theft], we must
concentrate on preventing and detecting fraudulent transactions." [Solving
Identity Theft]
In essence, there are a limited number of institutions worldwide (measured
in thousands) that truly matter when it comes to legitimizing identity.
Digital wallets on smart phones will enable the efficient association of
unique public/private keys to a specific legal identity (legal name and
legal address). If there is a non-unique association, an inconsistency
arises in the system. If the association is unique and verified by one or
more legitimate institutions an individual's identity is secure (as long as
the private key which he/she controls is secure).
In the process of adding a credential to a user's digital wallet, the
provisioning institution (government agency, bank, university, etc.) will
calculate a secure hash value (numerical representation) of the credential
combined with information from the user's primary credential (legal
identity). This hash value will be encrypted with the user's private key
and then encrypted again with the provisioning institution's private key;
this encrypted hash value will then be stored in The Institutional Web of
Trust Repository representing an institutional validation of the user's
identity.
This dual encryption establishes that the credential was associated with the
user during the provisioning process rather than simply asserting the
association by a reference from the repository. Also, There is no need to
store any specific information (account number, balance, etc.) about user's
account. The user is in complete control of the information he/she presents
and his/her privacy is maintained.
When a user presents a credential from his/her digital wallet a transaction
ID will be sent from the authenticating system to the user's digital wallet,
be encrypted with the user's private key and sent back to the authenticating
system. The user can be authenticated by decrypting the transaction ID with
the user's public key from The Institutional Web of Trust Repository. The
credential can be authenticated by calculating the hash value of the
credential and then decrypting the hash value stored in The Institutional
Web of Trust Repository with the institution's public key and the user's
public key.
In a variation of this process the provisioning institution does not store
the encrypted hash value in The Institutional Web of Trust Repository;
rather, the provisioning institution itself maintains a repository and a
reference to the repository is authenticated by an entry contained within
The Institutional Web of Trust Repository (through the institution's primary
credential). In this way an institution could federate the identity of it's
users (or a subset of its users) simply by adding (or modifying) a
credential to each of it's user's digital wallets and creating an
institutional reference within The Institutional Web of Trust Repository.
As part of the federation process, cooperating institutions will most likely
create standard authorization levels for various services and provision
these levels as part of a user's credential. For example, a coalition of
universities may have authorization levels for library services that will
enable users to access any library within the coalition; government
organizations may provision security levels within a user's credential that
enable inter-agency access to resources; etc.
There is significant debate regarding the effectiveness of biometrics in
identity management. When a user is not present (authenticating over a
network) there are fatal problems with biometric authentication. Most
significantly, "The main security problem with biometrics is the inability
to create a new secret. If you allow your fingerprint to be digitized and
sent across a network or scanned by a compromised scanner, it can be stolen.
Then someone has a digital copy of your fingerprint."
Even if a method of biometric identification proved to be completely
reliable, security issues would still remain. There would be opportunities
to steal someone's biometric signature and forge their identity credentials,
especially if there was a massive store of private personal data; one
successful attack could essentially render the entire system ineffective.
When a user is present bio-metric data can be an effective authenticator.
It will be possible to store bio-metric data within a user's credential (not
within a central repository) when the credential is created by the
provisioning institution. When a user presents the credential, verifying
the biometric data in the credential against the individual in real time
will provide enhanced security along with verifying the encrypted
transaction code against the user's public key and verifying the encrypted
hash code of the credential against the value stored in The Institutional
Web of Trust Repository.
While there are many types of biometric identifiers, one of the simplest and
most usable is a photograph of the human face verified by a human being.
Any credential in a user's digital wallet that includes a photograph
(driver's license, passport, bank debit card, etc.) will be highly reliable
when a user presents the credential in person.
Why would a major institution (bank, university, corporation, government
agency, etc.) utilize The Institutional Web of Trust Repository instead of
its own internal system? When there is no need for an external third party
to rely on a user's credential an institution may very well utilize its own
internal repository. In this same case, smaller institutions, for reasons
of convenience and cost, might still utilize The Institutional Web of Trust
Repository.
Whenever a third party (a party other than the provisioning institution)
must relay on a user's credential, the key services The Institutional Web of
Trust Repository provides are assurance that the user is unique and
trustworthy, assurance that the provisioning institution is unique and
trustworthy and assurance that the credential is trustworthy. Also, The
Institutional Web of Trust Repository creates a "data synergy effect" which
establishes an Institutional Web of Trust (when multiple institutions
validate a unique user's identity the identity becomes more secure and
trustworthy).
If a unique user has digital credentials for a state driver's license, a
passport, a bank debit card, a university ID, insurance cards, credit cards,
etc., all independently validated by trustworthy institutions, that user's
identity is secure and highly trustworthy. Similar to credit ratings, both
individuals and institutions will have "trust ratings" within The
Institutional Web of Trust Repository. A centralized notification service
will also be provided when credentials are lost or stolen.
The uniqueness test for legal identities within The Institutional Web of
Trust Repository helps to secure identity and prevent identity theft. If
there is a non-unique association, an inconsistency arises in the system.
Also, easy access for online status checking establishes the currency of a
user's credentials in case the user's digital wallet is lost or stolen.
Additionally, the system provides the "Holy Grail" for single sign on. All
computers will soon have an interface (USB plugin or internal card) that
will enable NFC interactions with mobile devices. The digital wallet on a
user's cell phone will be provisioned with credentials containing specified
authorizations for different systems and services. Rather than logging into
a directory or utilizing a complex federated identity process, a user will
log onto his/her cell phone with a PIN and/or a voice authentication
signature. The user (or the authenticating system) will then select the
appropriate credential for the specified system or service with no need to
enter another user name or password (the user's private key will be used to
encrypt a transaction ID). This approach also solves the "Keys to the
Kingdom" problem where a single sign on to a directory service opens access
to all the user's systems and services.
Additionally, the system will enable a process of mutual authentication that
will prevent phishing scams. The user's credential and the institution's
credential could both contain a list of valid URLs which could be matched
during the sign on process.
Existing providers of identity management services should not see The
Institutional Web of Trust as a competitor; rather, they should see it as an
infrastructure service (similar to the electric power grid that has hundreds
of energy providers).
This identity infrastructure will be created with government resources and
be managed to a great extent as a public trust.
Best regards,
Michael Duffy
CEO / CTO ~ The Trust Nexus
http://www.thetrustnexus.com
Joni Brennan wrote:
Thanks Mike,
It seems like you have a product and you're telling us about it. We don't
allow these types of messages here. So you have a few choices of how to
interact.
1 - Parse your email down to a very brief idea and some questions that the
group could respond to. (This mode is more aligned with the true nature of
the list.) Again - as it reads now it's a product advertisement which is
prohibited.
2 - Browse our groups list from the homepage here
http://kantarainitiative.org. You may find a group you could join and then
share your idea there.
3 - Start your own Work or Discussion Group to discuss your identity based
solutions ideas. If you're interested in this path please ping me directly
so we can discuss and I can learn more about your goals. >From there I
could help you to determine if this is appropriate work material for Kantara
or not.
Cheers - Joni
On Fri, Jan 29, 2010 at 10:04 AM, Michael Duffy