Hello,

In the Kantara Initiative context, the Trust Framework discussions take place across a fair subset of the Kantara Work and Discussion Groups.  But the best starting places would be... The Identity Assurance Work Group (IAWG) [1].  Privacy and Public Policy specific context discussions take place in the Privacy and Public Policy Work Group (P3WG) [2].  Relating to health care specific concerns one should see the Healthcare Identity Assurance Work Group (HIAWG) [3].  There are other groups that could, and should, be mentioned here but these 3 would make a good starting point. 

On each of the WG home pages you'll find links to review their mail archives and also to Join each group.  To become a Participant in any of these groups follow the link to 'Join', indicate agreement to the group's IPR policy and submit the form.

Start here:

[1] http://kantarainitiative.org/confluence/display/idassurance
[2] http://kantarainitiative.org/confluence/display/p3wg
[3] http://kantarainitiative.org/confluence/display/healthidassurance

- Joni

On Sat, Jan 30, 2010 at 6:43 AM, Hal Warren <hwarren@openidsociety.org> wrote:
In spite of the inappropriateness of Michael Duffy’s message, it raises an important question regarding the militation of trust.  The answer impacts all of our futures.

Trusted digital identity requires engineering and deserves careful consensus.  There is no current single solution that meets the need to jack-up the bandwidth of human-to-human communication.  This engineering problem needs to be solved by engineers.  The standard for measurement should be simple: that which increases the reliable throughput of human-to-human transactions wins.  It is all about the protocols and we need to be a bit “protocol agnostic” and solution focused.

The trust model presented by Michael falls far short.  Trust should be available from the location where it naturally occurs, be it my municipality to validate my residency, my professional affiliations, my educational institutions, my family affiliations, my religious affiliations, etc.  This requires a complex faceted framework through which such trusted claims can be transmitted and validated.

Where does the discussion on the architecture of the trust framework take place?  Who is there?

Hal

Hallie D. Warren, III
President
OpenID Society
2020 Pennsylvania Ave., NW #364
Washington, DC  20006
phone:  202-640-1953
email:  hwarren@OpenIDsociety.org



On Jan 29, 2010, at 2:13 PM, Joni Brennan wrote:

Thanks Mike,

It seems like you have a product and you're telling us about it.  We don't allow these types of messages here.  So you have a few choices of how to interact. 

1 - Parse your email down to a very brief idea and some questions that the group could respond to.   (This mode is more aligned with the true nature of the list.)  Again - as it reads now it's a product advertisement which is prohibited.

2 - Browse our groups list from the homepage here http://kantarainitiative.org.  You may find a group you could join and then share your idea there.

3 - Start your own Work or Discussion Group to discuss your identity based solutions ideas.  If you're interested in this path please ping me directly so we can discuss and I can learn more about your goals.  From there I could help you to determine if this is appropriate work material for Kantara or not. 

Cheers - Joni

On Fri, Jan 29, 2010 at 10:04 AM, Michael Duffy <thetrustnexus@austin.rr.com> wrote:
My apologies.

A member of your group actually suggested we post to the community list.

Our goal was not to promote the company but to discuss the ideas related to an Institutional Web of Trust with the leading experts in the field of identity.

Is there another existing list that would better suit this purpose?

If not, perhaps Kantara could create such a list (e.g., ideas@kantarainitiative.org).

Mike



Roger Sullivan wrote:
Let me echo Brett's sentiments.

None of Kantara's lists are to be used for promotion of oneself or one's company.

Please refrain from doing that.

Roger Sullivan
President, Kantara Initiative
 

-----Original Message-----
From: Brett McDowell [mailto:email@brettmcdowell.com] 
Sent: Friday, January 29, 2010 11:04 AM
To: Thomas Hardjono
Cc: community@kantarainitiative.org
Subject: Re: [Kantara - Community] Institutional Web of Trust

That is certainly not its intent and if it becomes used in that way I
fear we will see mass un-subscription which will undermine our ability
to communicate with each other.  So I would ask that all subscribers
refrain from using this list for any form of advertising.

Thank you,

|| Brett McDowell, Executive Director, Kantara Initiative

On Fri, Jan 29, 2010 at 10:59 AM, Thomas Hardjono
<standards@hardjono.net> wrote:
  
My apologies for asking this trivial question,

but is this Kantara mailing-list  allowed to be

used for "advertising" emails?



Regards.



/thomas/







__________________________________________

Thomas Hardjono

MIT Kerberos Consortium

Massachusetts Institute of Technology

77 Massachusetts Ave W92-152

Cambridge, MA 02139



email:  hardjono[at]mit.edu

web:    http://www.kerberos.org

mobile: +1 781-729-9559

desk:    +1 617-715-2451

__________________________________________







From: community-bounces@kantarainitiative.org
[mailto:community-bounces@kantarainitiative.org] On Behalf Of Michael Duffy
Sent: Friday, January 29, 2010 8:47 AM
To: community@kantarainitiative.org
Subject: [Kantara - Community] Institutional Web of Trust



We believe we have THE solution that will realize the vision of the Kantara
Initiative:  Ensure secure, identity-based, online interactions while
preventing misuse of personal information so that networks will become
privacy protecting and more natively trustworthy environments.

We realize that is a bold statement.  We humbly ask the members of the
Kantara Initiative to review our approach:

Digital credentials on NFC enabled smart phones will soon transform the
world of identity management.

The Trust Nexus is a startup company located in Austin, TX.  We hold
intellectual property rights that will enable us to build the infrastructure
for secure identity in the digital age.  Whoever controls the infrastructure
for secure identity will also play a leading role in the emerging world of
m-Commerce.

The basic question is, how can trust be established in the digital age?  If
you and I have never met and I come to your website or place of business,
how can you be confident that I am who I say that I am?  The Trust Nexus
answers this basic question regarding the establishment of trust.

A key component of our infrastructure will be an easy to use digital wallet
where credentials can be securely provisioned and transactions occur
smoothly. This digital wallet will be the cornerstone of NFC technologies on
mobile devices and provide the interface for identity, marketing and
financial services.  Every aspect of digital life that depends on identity
and transactions will flow through the digital wallet.

The digital wallet on NFC enabled smart phones will be one of the most
valuable assets in the digital age.  The digital wallet and supporting
infrastructure will be based on industry standards that will enable the
mobile network operators (MNOs) to meter services that flow through their
networks and participate in new marketing/advertising models.

The identity infrastructure we have designed will eliminate the possibility
of identity theft for all participants, protect consumers and financial
institutions from fraudulent transactions, greatly reduce cyber-crime and
solve many of the systemic problems of the current Public Key Infrastructure
system, especially the problems of certificate revocation lists (CRLs) and
on-line status checking.

Our solution is simple, practical and transparent to the consumer. Consumer
acceptance will be rapid and widespread. Our solution secures identity,
protects individual privacy and prevents the establishment of monolithic
government control.  Under our system, the user is always in control of
his/her credentials.

The essence of our approach is very different from the "Big Brother"
approach recently announced by India.  Rather than creating a centralized
directory of private information, we will create a central repository
containing a collection of institutional decisions which will establish an
Institutional Web of Trust.

Compared to a decentralized web of trust which creates a web of individuals
with, "the expectation that anyone receiving [a list of signatures] will
trust at least one or two of the signatures", we will create a system where
trusted institutions legitimize individual identity. Additionally, the
Institutional Web of Trust established by The Trust Nexus will have
centralized controller processes that rely greatly on self-management and
automation resulting in great efficiencies.

Digital wallets on NFC enabled smart phones will enable users to secure
their private keys and control/present their digital credentials. Because a
user's identity will be authenticated by the processes of The Trust Nexus
(not a trust authority) there is no need for a trust authority to issue and
vouch for public/private keys for individual users. It is only necessary
that the public key be registered and the private key be secured. Users can
self-issue their keys.

The Trust Nexus does not secure identity by, "making personal data harder to
steal".   Rather, identity is secured by self-managing logical
inconsistencies within the system, resolving identity conflicts and
preventing fraudulent transactions.

As Bruce Schneier, author and security guru, pointed out, "Proposed
[identity theft] fixes tend to concentrate on the first issue--making
personal data harder to steal--whereas the real problem is the second
[preventing fraudulent transactions]. If we're ever going to manage the
risks and effects of electronic impersonation [identity theft], we must
concentrate on preventing and detecting fraudulent transactions."  [Solving
Identity Theft]

In essence, there are a limited number of institutions worldwide (measured
in thousands) that truly matter when it comes to legitimizing identity.
Digital wallets on smart phones will enable the efficient association of
unique public/private keys to a specific legal identity (legal name and
legal address).  If there is a non-unique association, an inconsistency
arises in the system.  If the association is unique and verified by one or
more legitimate institutions an individual's identity is secure (as long as
the private key which he/she controls is secure).

In the process of adding a credential to a user's digital wallet, the
provisioning institution (government agency, bank, university, etc.) will
calculate a secure hash value (numerical representation) of the credential
combined with information from the user's primary credential (legal
identity).  This hash value will be encrypted with the user's private key
and then encrypted again with the provisioning institution's private key;
this encrypted hash value will then be stored in The Trust Nexus Repository
representing an institutional validation of the user's identity.

This dual encryption establishes that the credential was associated with the
user during the provisioning process rather than simply asserting the
association by a reference from the repository.   Also,  There is no need to
store any specific information (account number, balance, etc.) about user's
account.  The user is in complete control of the information he/she presents
and his/her privacy is maintained.

When a user presents a credential from his/her digital wallet a transaction
ID will be sent from the authenticating system to the user's digital wallet,
be encrypted with the user's private key and sent back to the authenticating
system. The user can be authenticated by decrypting the transaction ID with
the user's public key from The Trust Nexus Repository. The credential can be
authenticated by calculating the hash value of the credential and then
decrypting the hash value stored in The Trust Nexus Repository with the
institution's public key and the user's public key.

In a variation of this process the provisioning institution does not store
the encrypted hash value in The Trust Nexus Repository; rather, the
provisioning institution itself maintains a repository and a reference to
the repository is authenticated by an entry contained within The Trust Nexus
Repository (through the institution's primary credential).  In this way an
institution could federate the identity of it's users (or a subset of its
users) simply by adding (or modifying) a credential to each of it's user's
digital wallets and creating an institutional reference within The Trust
Nexus Repository.

As part of the federation process, cooperating institutions will most likely
create standard authorization levels for various services and provision
these levels as part of a user's credential.  For example, a coalition of
universities may have authorization levels for library services that will
enable users to access any library within the coalition; government
organizations may provision security levels within a user's credential that
enable inter-agency access to resources; etc.

There is significant debate regarding the effectiveness of biometrics in
identity management.  When a user is not present (authenticating over a
network) there are fatal problems with biometric authentication.  Most
significantly, "The main security problem with biometrics is the inability
to create a new secret. If you allow your fingerprint to be digitized and
sent across a network or scanned by a compromised scanner, it can be stolen.
Then someone has a digital copy of your fingerprint."

Even if a method of biometric identification proved to be completely
reliable, security issues would still remain.  There would be opportunities
to steal someone's biometric signature and forge their identity credentials,
especially if there was a massive store of private personal data; one
successful attack could essentially render the entire system ineffective.

When a user is present bio-metric data can be an effective authenticator.
It will be possible to store bio-metric data within a user's credential (not
within a central repository) when the credential is created by the
provisioning institution.  When a user presents the credential verifying the
biometric data in the credential against the individual in real time will
provide enhanced security along with  verifying the encrypted transaction
code against the user's public key in The Trust Nexus Repository and
verifying the encrypted hash code of the credential against The Trust Nexus
Repository.

While there are many types of biometric identifiers, one of the simplest and
most usable is a photograph of the human face verified by a human being.
Any credential in a user's digital wallet that includes a photograph
(driver's license, passport, bank debit card, etc.) will be highly reliable
when a user presents the credential in person.

Why would a major institution (bank, university, corporation, government
agency, etc.) utilize The Trust Nexus Repository instead of its own internal
system?  When there is no need for an external third party to rely on a
user's credential an institution may very well utilize its own internal
repository.  In this same case, smaller institutions, for reasons of
convenience and cost, might still utilize The Trust Nexus Repository.

Whenever a third party (a party other than the provisioning institution)
must relay on a user's credential, the key services The Trust Nexus
Repository provides are assurance that the user is unique and trustworthy,
assurance that the provisioning institution is unique and trustworthy and
assurance that the credential is trustworthy.  Also, The Trust Nexus
Repository creates a "data synergy effect" which establishes an
Institutional Web of Trust (when multiple institutions validate a unique
user's identity the identity becomes more secure and trustworthy).

If a unique user has digital credentials for a state driver's license, a
passport, a bank debit card, a university ID, insurance cards, credit cards,
etc., all independently validated by trustworthy institutions, that user's
identity is secure and highly trustworthy.   Similar to credit ratings, both
individuals and institutions will have "trust ratings" within The Trust
Nexus Repository.  A centralized notification service will also be provided
when credentials are lost or stolen.

The uniqueness test for legal identities within The Trust Nexus Repository
helps to secure identity and prevent identity theft.  If there is a
non-unique association, an inconsistency arises in the system.  Also, easy
access for online status checking establishes the currency of a user's
credentials in case the user's digital wallet is lost or stolen.  And most
importantly, The Trust Nexus creates a "data synergy effect" which
establishes an Institutional Web of Trust.

Additionally, our system provides the "Holy Grail" for single sign on. All
computers will soon have an interface (USB plugin or internal card) that
will enable NFC interactions with mobile devices. The digital wallet on a
user's cell phone will be provisioned with credentials containing specified
authorizations different systems and services. Rather than logging into a
directory or utilizing a complex federated identity process, a user will log
onto his/her cell phone with a PIN and a voice authentication signature. The
user (or the authenticating system) will then select the appropriate
credential for the specified system or service with no need to enter another
user name or password (the user's private key will be used to encrypt a
transaction ID). This approach also solves the "Keys to the Kingdom" problem
where a single sign on to a directory service opens access to all the user's
systems and services.

We are confident we have a transforming technology and a clear vision of the
future.  No one has found a conceptual flaw in the system.   Existing
providers of identity management services should not see The Trust Nexus as
a competitor; rather, they should see us as an infrastructure provider
(similar to the electric power grid that has hundreds of energy providers).

Best regards,

Michael Duffy
CEO / CTO ~ The Trust Nexus
http://www.thetrustnexus.com






_______________________________________________
Community mailing list
Community@kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/community


    
_______________________________________________
Community mailing list
Community@kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/community
_______________________________________________
Community mailing list
Community@kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/community

  

_______________________________________________
Community mailing list
Community@kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/community




--
Joni Brennan
IEEE-ISTO
Kantara Initiative
Program Director
voice:+1 732-226-4223
email: joni @ ieee-isto.org
gtalk: jonibrennan
skype: upon request

Join the conversation on the community@ list - http://kantarainitiative.org/mailman/listinfo/community


_______________________________________________
Community mailing list
Community@kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/community




--
Joni Brennan
IEEE-ISTO
Kantara Initiative
Program Director
voice:+1 732-226-4223
email: joni @ ieee-isto.org
gtalk: jonibrennan
skype: upon request

Join the conversation on the community@ list - http://kantarainitiative.org/mailman/listinfo/community