Let me echo Brett's sentiments. None of Kantara's lists are to be used for promotion of oneself or one's company. Please refrain from doing that. Roger Sullivan President, Kantara Initiative -----Original Message----- From: Brett McDowell [mailto:email@brettmcdowell.com] Sent: Friday, January 29, 2010 11:04 AM To: Thomas Hardjono Cc: community@kantarainitiative.org Subject: Re: [Kantara - Community] Institutional Web of Trust That is certainly not its intent and if it becomes used in that way I fear we will see mass un-subscription which will undermine our ability to communicate with each other. So I would ask that all subscribers refrain from using this list for any form of advertising. Thank you, || Brett McDowell, Executive Director, Kantara Initiative On Fri, Jan 29, 2010 at 10:59 AM, Thomas Hardjono <standards@hardjono.net> wrote:

My apologies for asking this trivial question,

but is this Kantara mailing-list  allowed to be

used for "advertising" emails?

Regards.

/thomas/

__________________________________________

Thomas Hardjono

MIT Kerberos Consortium

Massachusetts Institute of Technology

77 Massachusetts Ave W92-152

Cambridge, MA 02139

email:  hardjono[at]mit.edu

web:    http://www.kerberos.org

mobile: +1 781-729-9559

desk:    +1 617-715-2451

__________________________________________

From: community-bounces@kantarainitiative.org [mailto:community-bounces@kantarainitiative.org] On Behalf Of Michael Duffy Sent: Friday, January 29, 2010 8:47 AM To: community@kantarainitiative.org Subject: [Kantara - Community] Institutional Web of Trust

We believe we have THE solution that will realize the vision of the Kantara Initiative:  Ensure secure, identity-based, online interactions while preventing misuse of personal information so that networks will become privacy protecting and more natively trustworthy environments.

We realize that is a bold statement.  We humbly ask the members of the Kantara Initiative to review our approach:

Digital credentials on NFC enabled smart phones will soon transform the world of identity management.

The Trust Nexus is a startup company located in Austin, TX.  We hold intellectual property rights that will enable us to build the infrastructure for secure identity in the digital age.  Whoever controls the infrastructure for secure identity will also play a leading role in the emerging world of m-Commerce.

The basic question is, how can trust be established in the digital age?  If you and I have never met and I come to your website or place of business, how can you be confident that I am who I say that I am?  The Trust Nexus answers this basic question regarding the establishment of trust.

A key component of our infrastructure will be an easy to use digital wallet where credentials can be securely provisioned and transactions occur smoothly. This digital wallet will be the cornerstone of NFC technologies on mobile devices and provide the interface for identity, marketing and financial services.  Every aspect of digital life that depends on identity and transactions will flow through the digital wallet.

The digital wallet on NFC enabled smart phones will be one of the most valuable assets in the digital age.  The digital wallet and supporting infrastructure will be based on industry standards that will enable the mobile network operators (MNOs) to meter services that flow through their networks and participate in new marketing/advertising models.

The identity infrastructure we have designed will eliminate the possibility of identity theft for all participants, protect consumers and financial institutions from fraudulent transactions, greatly reduce cyber-crime and solve many of the systemic problems of the current Public Key Infrastructure system, especially the problems of certificate revocation lists (CRLs) and on-line status checking.

Our solution is simple, practical and transparent to the consumer. Consumer acceptance will be rapid and widespread. Our solution secures identity, protects individual privacy and prevents the establishment of monolithic government control.  Under our system, the user is always in control of his/her credentials.

The essence of our approach is very different from the "Big Brother" approach recently announced by India.  Rather than creating a centralized directory of private information, we will create a central repository containing a collection of institutional decisions which will establish an Institutional Web of Trust.

Compared to a decentralized web of trust which creates a web of individuals with, "the expectation that anyone receiving [a list of signatures] will trust at least one or two of the signatures", we will create a system where trusted institutions legitimize individual identity. Additionally, the Institutional Web of Trust established by The Trust Nexus will have centralized controller processes that rely greatly on self-management and automation resulting in great efficiencies.

Digital wallets on NFC enabled smart phones will enable users to secure their private keys and control/present their digital credentials. Because a user's identity will be authenticated by the processes of The Trust Nexus (not a trust authority) there is no need for a trust authority to issue and vouch for public/private keys for individual users. It is only necessary that the public key be registered and the private key be secured. Users can self-issue their keys.

The Trust Nexus does not secure identity by, "making personal data harder to steal".   Rather, identity is secured by self-managing logical inconsistencies within the system, resolving identity conflicts and preventing fraudulent transactions.

As Bruce Schneier, author and security guru, pointed out, "Proposed [identity theft] fixes tend to concentrate on the first issue--making personal data harder to steal--whereas the real problem is the second [preventing fraudulent transactions]. If we're ever going to manage the risks and effects of electronic impersonation [identity theft], we must concentrate on preventing and detecting fraudulent transactions."  [Solving Identity Theft]

In essence, there are a limited number of institutions worldwide (measured in thousands) that truly matter when it comes to legitimizing identity. Digital wallets on smart phones will enable the efficient association of unique public/private keys to a specific legal identity (legal name and legal address).  If there is a non-unique association, an inconsistency arises in the system.  If the association is unique and verified by one or more legitimate institutions an individual's identity is secure (as long as the private key which he/she controls is secure).

In the process of adding a credential to a user's digital wallet, the provisioning institution (government agency, bank, university, etc.) will calculate a secure hash value (numerical representation) of the credential combined with information from the user's primary credential (legal identity).  This hash value will be encrypted with the user's private key and then encrypted again with the provisioning institution's private key; this encrypted hash value will then be stored in The Trust Nexus Repository representing an institutional validation of the user's identity.

This dual encryption establishes that the credential was associated with the user during the provisioning process rather than simply asserting the association by a reference from the repository.   Also,  There is no need to store any specific information (account number, balance, etc.) about user's account.  The user is in complete control of the information he/she presents and his/her privacy is maintained.

When a user presents a credential from his/her digital wallet a transaction ID will be sent from the authenticating system to the user's digital wallet, be encrypted with the user's private key and sent back to the authenticating system. The user can be authenticated by decrypting the transaction ID with the user's public key from The Trust Nexus Repository. The credential can be authenticated by calculating the hash value of the credential and then decrypting the hash value stored in The Trust Nexus Repository with the institution's public key and the user's public key.

In a variation of this process the provisioning institution does not store the encrypted hash value in The Trust Nexus Repository; rather, the provisioning institution itself maintains a repository and a reference to the repository is authenticated by an entry contained within The Trust Nexus Repository (through the institution's primary credential).  In this way an institution could federate the identity of it's users (or a subset of its users) simply by adding (or modifying) a credential to each of it's user's digital wallets and creating an institutional reference within The Trust Nexus Repository.

As part of the federation process, cooperating institutions will most likely create standard authorization levels for various services and provision these levels as part of a user's credential.  For example, a coalition of universities may have authorization levels for library services that will enable users to access any library within the coalition; government organizations may provision security levels within a user's credential that enable inter-agency access to resources; etc.

There is significant debate regarding the effectiveness of biometrics in identity management.  When a user is not present (authenticating over a network) there are fatal problems with biometric authentication.  Most significantly, "The main security problem with biometrics is the inability to create a new secret. If you allow your fingerprint to be digitized and sent across a network or scanned by a compromised scanner, it can be stolen. Then someone has a digital copy of your fingerprint."

Even if a method of biometric identification proved to be completely reliable, security issues would still remain.  There would be opportunities to steal someone's biometric signature and forge their identity credentials, especially if there was a massive store of private personal data; one successful attack could essentially render the entire system ineffective.

When a user is present bio-metric data can be an effective authenticator. It will be possible to store bio-metric data within a user's credential (not within a central repository) when the credential is created by the provisioning institution.  When a user presents the credential verifying the biometric data in the credential against the individual in real time will provide enhanced security along with  verifying the encrypted transaction code against the user's public key in The Trust Nexus Repository and verifying the encrypted hash code of the credential against The Trust Nexus Repository.

While there are many types of biometric identifiers, one of the simplest and most usable is a photograph of the human face verified by a human being. Any credential in a user's digital wallet that includes a photograph (driver's license, passport, bank debit card, etc.) will be highly reliable when a user presents the credential in person.

Why would a major institution (bank, university, corporation, government agency, etc.) utilize The Trust Nexus Repository instead of its own internal system?  When there is no need for an external third party to rely on a user's credential an institution may very well utilize its own internal repository.  In this same case, smaller institutions, for reasons of convenience and cost, might still utilize The Trust Nexus Repository.

Whenever a third party (a party other than the provisioning institution) must relay on a user's credential, the key services The Trust Nexus Repository provides are assurance that the user is unique and trustworthy, assurance that the provisioning institution is unique and trustworthy and assurance that the credential is trustworthy.  Also, The Trust Nexus Repository creates a "data synergy effect" which establishes an Institutional Web of Trust (when multiple institutions validate a unique user's identity the identity becomes more secure and trustworthy).

If a unique user has digital credentials for a state driver's license, a passport, a bank debit card, a university ID, insurance cards, credit cards, etc., all independently validated by trustworthy institutions, that user's identity is secure and highly trustworthy.   Similar to credit ratings, both individuals and institutions will have "trust ratings" within The Trust Nexus Repository.  A centralized notification service will also be provided when credentials are lost or stolen.

The uniqueness test for legal identities within The Trust Nexus Repository helps to secure identity and prevent identity theft.  If there is a non-unique association, an inconsistency arises in the system.  Also, easy access for online status checking establishes the currency of a user's credentials in case the user's digital wallet is lost or stolen.  And most importantly, The Trust Nexus creates a "data synergy effect" which establishes an Institutional Web of Trust.

Additionally, our system provides the "Holy Grail" for single sign on. All computers will soon have an interface (USB plugin or internal card) that will enable NFC interactions with mobile devices. The digital wallet on a user's cell phone will be provisioned with credentials containing specified authorizations different systems and services. Rather than logging into a directory or utilizing a complex federated identity process, a user will log onto his/her cell phone with a PIN and a voice authentication signature. The user (or the authenticating system) will then select the appropriate credential for the specified system or service with no need to enter another user name or password (the user's private key will be used to encrypt a transaction ID). This approach also solves the "Keys to the Kingdom" problem where a single sign on to a directory service opens access to all the user's systems and services.

We are confident we have a transforming technology and a clear vision of the future.  No one has found a conceptual flaw in the system.   Existing providers of identity management services should not see The Trust Nexus as a competitor; rather, they should see us as an infrastructure provider (similar to the electric power grid that has hundreds of energy providers).

Best regards,

Michael Duffy CEO / CTO ~ The Trust Nexus http://www.thetrustnexus.com

_______________________________________________ Community mailing list Community@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/community

_______________________________________________ Community mailing list Community@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/community

Thanks Mike, It seems like you have a product and you're telling us about it. We don't allow these types of messages here. So you have a few choices of how to interact. 1 - Parse your email down to a very brief idea and some questions that the group could respond to. (This mode is more aligned with the true nature of the list.) Again - as it reads now it's a product advertisement which is *prohibited. * 2 - Browse our groups list from the homepage here http://kantarainitiative.org. You may find a group you could join and then share your idea there. 3 - Start your own Work or Discussion Group to discuss your identity based solutions ideas. If you're interested in this path please ping me directly so we can discuss and I can learn more about your goals. From there I could help you to determine if this is appropriate work material for Kantara or not. Cheers - Joni On Fri, Jan 29, 2010 at 10:04 AM, Michael Duffy <thetrustnexus@austin.rr.com

wrote:

My apologies.

A member of your group actually suggested we post to the community list.

Our goal was not to promote the company but to discuss the ideas related to an Institutional Web of Trust with the leading experts in the field of identity.

Is there another existing list that would better suit this purpose?

If not, perhaps Kantara could create such a list (e.g., ideas@kantarainitiative.org).

Mike

Roger Sullivan wrote:

Let me echo Brett's sentiments.

None of Kantara's lists are to be used for promotion of oneself or one's company.

Please refrain from doing that.

Roger Sullivan President, Kantara Initiative

-----Original Message----- From: Brett McDowell [mailto:email@brettmcdowell.com <email@brettmcdowell.com>] Sent: Friday, January 29, 2010 11:04 AM To: Thomas Hardjono Cc: community@kantarainitiative.org Subject: Re: [Kantara - Community] Institutional Web of Trust

That is certainly not its intent and if it becomes used in that way I fear we will see mass un-subscription which will undermine our ability to communicate with each other. So I would ask that all subscribers refrain from using this list for any form of advertising.

Thank you,

|| Brett McDowell, Executive Director, Kantara Initiative

On Fri, Jan 29, 2010 at 10:59 AM, Thomas Hardjono<standards@hardjono.net> <standards@hardjono.net> wrote:

My apologies for asking this trivial question,

but is this Kantara mailing-list allowed to be

used for "advertising" emails?

Regards.

/thomas/

__________________________________________

Thomas Hardjono

MIT Kerberos Consortium

Massachusetts Institute of Technology

77 Massachusetts Ave W92-152

Cambridge, MA 02139

email: hardjono[at]mit.edu

web: http://www.kerberos.org

mobile: +1 781-729-9559

desk: +1 617-715-2451

__________________________________________

From: community-bounces@kantarainitiative.org [mailto:community-bounces@kantarainitiative.org <community-bounces@kantarainitiative.org>] On Behalf Of Michael Duffy Sent: Friday, January 29, 2010 8:47 AM To: community@kantarainitiative.org Subject: [Kantara - Community] Institutional Web of Trust

We believe we have THE solution that will realize the vision of the Kantara Initiative: Ensure secure, identity-based, online interactions while preventing misuse of personal information so that networks will become privacy protecting and more natively trustworthy environments.

We realize that is a bold statement. We humbly ask the members of the Kantara Initiative to review our approach:

Digital credentials on NFC enabled smart phones will soon transform the world of identity management.

The Trust Nexus is a startup company located in Austin, TX. We hold intellectual property rights that will enable us to build the infrastructure for secure identity in the digital age. Whoever controls the infrastructure for secure identity will also play a leading role in the emerging world of m-Commerce.

The basic question is, how can trust be established in the digital age? If you and I have never met and I come to your website or place of business, how can you be confident that I am who I say that I am? The Trust Nexus answers this basic question regarding the establishment of trust.

A key component of our infrastructure will be an easy to use digital wallet where credentials can be securely provisioned and transactions occur smoothly. This digital wallet will be the cornerstone of NFC technologies on mobile devices and provide the interface for identity, marketing and financial services. Every aspect of digital life that depends on identity and transactions will flow through the digital wallet.

The digital wallet on NFC enabled smart phones will be one of the most valuable assets in the digital age. The digital wallet and supporting infrastructure will be based on industry standards that will enable the mobile network operators (MNOs) to meter services that flow through their networks and participate in new marketing/advertising models.

The identity infrastructure we have designed will eliminate the possibility of identity theft for all participants, protect consumers and financial institutions from fraudulent transactions, greatly reduce cyber-crime and solve many of the systemic problems of the current Public Key Infrastructure system, especially the problems of certificate revocation lists (CRLs) and on-line status checking.

Our solution is simple, practical and transparent to the consumer. Consumer acceptance will be rapid and widespread. Our solution secures identity, protects individual privacy and prevents the establishment of monolithic government control. Under our system, the user is always in control of his/her credentials.

The essence of our approach is very different from the "Big Brother" approach recently announced by India. Rather than creating a centralized directory of private information, we will create a central repository containing a collection of institutional decisions which will establish an Institutional Web of Trust.

Compared to a decentralized web of trust which creates a web of individuals with, "the expectation that anyone receiving [a list of signatures] will trust at least one or two of the signatures", we will create a system where trusted institutions legitimize individual identity. Additionally, the Institutional Web of Trust established by The Trust Nexus will have centralized controller processes that rely greatly on self-management and automation resulting in great efficiencies.

Digital wallets on NFC enabled smart phones will enable users to secure their private keys and control/present their digital credentials. Because a user's identity will be authenticated by the processes of The Trust Nexus (not a trust authority) there is no need for a trust authority to issue and vouch for public/private keys for individual users. It is only necessary that the public key be registered and the private key be secured. Users can self-issue their keys.

The Trust Nexus does not secure identity by, "making personal data harder to steal". Rather, identity is secured by self-managing logical inconsistencies within the system, resolving identity conflicts and preventing fraudulent transactions.

As Bruce Schneier, author and security guru, pointed out, "Proposed [identity theft] fixes tend to concentrate on the first issue--making personal data harder to steal--whereas the real problem is the second [preventing fraudulent transactions]. If we're ever going to manage the risks and effects of electronic impersonation [identity theft], we must concentrate on preventing and detecting fraudulent transactions." [Solving Identity Theft]

In essence, there are a limited number of institutions worldwide (measured in thousands) that truly matter when it comes to legitimizing identity. Digital wallets on smart phones will enable the efficient association of unique public/private keys to a specific legal identity (legal name and legal address). If there is a non-unique association, an inconsistency arises in the system. If the association is unique and verified by one or more legitimate institutions an individual's identity is secure (as long as the private key which he/she controls is secure).

In the process of adding a credential to a user's digital wallet, the provisioning institution (government agency, bank, university, etc.) will calculate a secure hash value (numerical representation) of the credential combined with information from the user's primary credential (legal identity). This hash value will be encrypted with the user's private key and then encrypted again with the provisioning institution's private key; this encrypted hash value will then be stored in The Trust Nexus Repository representing an institutional validation of the user's identity.

This dual encryption establishes that the credential was associated with the user during the provisioning process rather than simply asserting the association by a reference from the repository. Also, There is no need to store any specific information (account number, balance, etc.) about user's account. The user is in complete control of the information he/she presents and his/her privacy is maintained.

When a user presents a credential from his/her digital wallet a transaction ID will be sent from the authenticating system to the user's digital wallet, be encrypted with the user's private key and sent back to the authenticating system. The user can be authenticated by decrypting the transaction ID with the user's public key from The Trust Nexus Repository. The credential can be authenticated by calculating the hash value of the credential and then decrypting the hash value stored in The Trust Nexus Repository with the institution's public key and the user's public key.

In a variation of this process the provisioning institution does not store the encrypted hash value in The Trust Nexus Repository; rather, the provisioning institution itself maintains a repository and a reference to the repository is authenticated by an entry contained within The Trust Nexus Repository (through the institution's primary credential). In this way an institution could federate the identity of it's users (or a subset of its users) simply by adding (or modifying) a credential to each of it's user's digital wallets and creating an institutional reference within The Trust Nexus Repository.

As part of the federation process, cooperating institutions will most likely create standard authorization levels for various services and provision these levels as part of a user's credential. For example, a coalition of universities may have authorization levels for library services that will enable users to access any library within the coalition; government organizations may provision security levels within a user's credential that enable inter-agency access to resources; etc.

There is significant debate regarding the effectiveness of biometrics in identity management. When a user is not present (authenticating over a network) there are fatal problems with biometric authentication. Most significantly, "The main security problem with biometrics is the inability to create a new secret. If you allow your fingerprint to be digitized and sent across a network or scanned by a compromised scanner, it can be stolen. Then someone has a digital copy of your fingerprint."

Even if a method of biometric identification proved to be completely reliable, security issues would still remain. There would be opportunities to steal someone's biometric signature and forge their identity credentials, especially if there was a massive store of private personal data; one successful attack could essentially render the entire system ineffective.

When a user is present bio-metric data can be an effective authenticator. It will be possible to store bio-metric data within a user's credential (not within a central repository) when the credential is created by the provisioning institution. When a user presents the credential verifying the biometric data in the credential against the individual in real time will provide enhanced security along with verifying the encrypted transaction code against the user's public key in The Trust Nexus Repository and verifying the encrypted hash code of the credential against The Trust Nexus Repository.

While there are many types of biometric identifiers, one of the simplest and most usable is a photograph of the human face verified by a human being. Any credential in a user's digital wallet that includes a photograph (driver's license, passport, bank debit card, etc.) will be highly reliable when a user presents the credential in person.

Why would a major institution (bank, university, corporation, government agency, etc.) utilize The Trust Nexus Repository instead of its own internal system? When there is no need for an external third party to rely on a user's credential an institution may very well utilize its own internal repository. In this same case, smaller institutions, for reasons of convenience and cost, might still utilize The Trust Nexus Repository.

Whenever a third party (a party other than the provisioning institution) must relay on a user's credential, the key services The Trust Nexus Repository provides are assurance that the user is unique and trustworthy, assurance that the provisioning institution is unique and trustworthy and assurance that the credential is trustworthy. Also, The Trust Nexus Repository creates a "data synergy effect" which establishes an Institutional Web of Trust (when multiple institutions validate a unique user's identity the identity becomes more secure and trustworthy).

If a unique user has digital credentials for a state driver's license, a passport, a bank debit card, a university ID, insurance cards, credit cards, etc., all independently validated by trustworthy institutions, that user's identity is secure and highly trustworthy. Similar to credit ratings, both individuals and institutions will have "trust ratings" within The Trust Nexus Repository. A centralized notification service will also be provided when credentials are lost or stolen.

The uniqueness test for legal identities within The Trust Nexus Repository helps to secure identity and prevent identity theft. If there is a non-unique association, an inconsistency arises in the system. Also, easy access for online status checking establishes the currency of a user's credentials in case the user's digital wallet is lost or stolen. And most importantly, The Trust Nexus creates a "data synergy effect" which establishes an Institutional Web of Trust.

Additionally, our system provides the "Holy Grail" for single sign on. All computers will soon have an interface (USB plugin or internal card) that will enable NFC interactions with mobile devices. The digital wallet on a user's cell phone will be provisioned with credentials containing specified authorizations different systems and services. Rather than logging into a directory or utilizing a complex federated identity process, a user will log onto his/her cell phone with a PIN and a voice authentication signature. The user (or the authenticating system) will then select the appropriate credential for the specified system or service with no need to enter another user name or password (the user's private key will be used to encrypt a transaction ID). This approach also solves the "Keys to the Kingdom" problem where a single sign on to a directory service opens access to all the user's systems and services.

We are confident we have a transforming technology and a clear vision of the future. No one has found a conceptual flaw in the system. Existing providers of identity management services should not see The Trust Nexus as a competitor; rather, they should see us as an infrastructure provider (similar to the electric power grid that has hundreds of energy providers).

Best regards,

Michael Duffy CEO / CTO ~ The Trust Nexushttp://www.thetrustnexus.com

_______________________________________________ Community mailing listCommunity@kantarainitiative.orghttp://kantarainitiative.org/mailman/listinfo/community

_______________________________________________ Community mailing listCommunity@kantarainitiative.orghttp://kantarainitiative.org/mailman/listinfo/community _______________________________________________ Community mailing listCommunity@kantarainitiative.orghttp://kantarainitiative.org/mailman/listinfo/community

_______________________________________________ Community mailing list Community@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/community

-- Joni Brennan IEEE-ISTO Kantara Initiative Program Director voice:+1 732-226-4223 email: joni @ ieee-isto.org gtalk: jonibrennan skype: upon request Join the conversation on the community@ list - http://kantarainitiative.org/mailman/listinfo/community

Actually, I find that a "web" is a tangled mesh in which to entrap and is a term that infringes on other trademarks and is a symbol that doesn't inspire trust at all - said the fly to the spider. I think repositories only hold value if the storage and retrieval of information can be validated to be trusted, secure, reliable, and honest in its representations. Since trust is an intangible value, I find it to be an unobtainable goal in ecommerce activities based on concepts that are not managed in accordance with good policies or even their own statements. IMHO any system that is self-managed is quite frankly a disaster and provides me as an informed consumer no level of trust or assurances proclaimed by any system or solution said to be good for goodness sakes. Self managed is equivalent to saying trust me because I say so. Also, the wallet idea has come and gone and a second showing will most likely result in the same.I also don't understand why it is referred to as a "centralized" repository and then it is explained to be a "group" of repositories. Maybe it is just me, but isn't that a "distributed" model? Also, how do you ensure the individual is always in control of their key? I think that statement is simply not true, grandiose, and terrible misleading - and not a basis of building any trust; as no system could ever ensure that the action of all its individuals was consistent and the same. Therefore, the International Web of Trust is seriously flawed by allowing such an assumption to be the core value of its model. I really think this whole message has been completely self-promoting and quite a story about X.509 certificates but vaguely disguised as a wallet, and I think the International Web of Trust is a trap of old concepts, proclaiming protections that are perceived based on biased assessments, and one of the most frightening concepts for ensuring trust and identities that I have listened to in quite awhile. This is exactly why such organizations as IETF, ANSI, ISO, AICPA, NIST and Kantara are so much in need to prevent such flawed solutions as this "web of trust" from being accepted by the electronic commerce community. (My corporate cell phone number has been changed, if you could please update your records that would be great.) Sincerely, Brian Brian Dilley CISA / CIPP / CGEIT President <http://www.evalid8.com/services/gsaschedule70.html> GSA Advantage! - Use our GSA Schedule 70 Today! Office: (866) 465 - 6005 Fax: (443) 957 - 9005 Cell: (443) 955 - 9885 Web: <http://www.evalid8.com/> http://www.evalid8.com This electronic message contains information from eValid8R that may be confidential, proprietary or otherwise protected from disclosure and is only intended for the recipient. If you should have received this transmission in error, we do make mistakes when selecting addressees, please notify the email originator at <mailto:info@evalid8.com> info@evalid8.com and please delete that email message from your mailbox. eValid8R wants to be safe on the Internet, and we honor clients and people's privacy. To read our Privacy Statement, click on this link, <http://www.evalid8.com/contactus/privacystatement.html> http://www.evalid8.com/contactus/privacystatement.html . _____ From: community-bounces@kantarainitiative.org [mailto:community-bounces@kantarainitiative.org] On Behalf Of Michael Duffy Sent: Saturday, January 30, 2010 12:49 PM To: Joni Brennan Cc: community@kantarainitiative.org Subject: Re: [Kantara - Community] Institutional Web of Trust As requested, we have voided all company references and provided a brief summary. Again, we apologize for the inappropriate post. Here is an overview of the Institutional Web of Trust concept: ************************************************************* Executive Summary: For the purpose of securing identity, rather than creating a centralized directory or multiple directories of private information, it will be far better to create a central repository containing a collection of institutional decisions which will establish an Institutional Web of Trust. In essence, there are a limited number of institutions worldwide (measured in thousands) that truly matter when it comes to legitimizing identity. Digital wallets on smart phones will enable the efficient association of unique public/private keys to a specific legal identity (legal name and legal address). If there is a non-unique association, an inconsistency arises in the system. If the association is unique and verified by one or more legitimate institutions an individual's identity is secure (as long as the private key which he/she controls is secure). This system secures identity, protects individual privacy and prevents the establishment of monolithic government control. Under this system, the user is always in control of his/her credentials. This system makes a simplified and efficient federation process possible. An institution could federate the identity of it's users (or a subset of its users) simply by adding (or modifying) a credential to each of it's user's digital wallet and creating an institutional reference within The Institutional Web of Trust Repository. This system provides the "Holy Grail" for single sign on. ************************************************************* Digital credentials on NFC enabled smart phones will soon transform the world of identity management. Within three years there will be corporate and government deployments where all members of the organization are issued NFC enabled smart phones for the purpose of identity management. The basic question is, how can trust be established in the digital age? If you and I have never met and I come to your website or place of business, how can you be confident that I am who I say that I am? The Institutional Web of Trust will resolve this basic question regarding the establishment of trust. A key component of the infrastructure will be an easy to use digital wallet where credentials can be securely provisioned and transactions occur smoothly. This digital wallet will be the cornerstone of NFC technologies on mobile devices and provide the interface for identity, marketing and financial services. Every aspect of digital life that depends on identity and transactions will flow through the digital wallet. This identity infrastructure will eliminate the possibility of identity theft for all participants, protect consumers and financial institutions from fraudulent transactions, greatly reduce cyber-crime and solve many of the systemic problems of the current Public Key Infrastructure system, especially the problems of certificate revocation lists (CRLs) and on-line status checking. The solution is simple, practical and transparent to the consumer. Consumer acceptance will be rapid and widespread. The solution secures identity, protects individual privacy and prevents the establishment of monolithic government control. Under this system, the user is always in control of his/her credentials. The essence of the approach is very different from the "Big Brother" approach recently announced by India. Rather than creating a centralized directory of private information, there will be a central repository containing a collection of institutional decisions which will establish an Institutional Web of Trust. Compared to a decentralized web of trust which creates a web of individuals with, "the expectation that anyone receiving [a list of signatures] will trust at least one or two of the signatures", we will create a system where trusted institutions legitimize individual identity. Additionally, the Institutional Web of Trust will have centralized controller processes that rely greatly on self-management and automation resulting in great efficiencies. Digital wallets on NFC enabled smart phones will enable users to secure their private keys and control/present their digital credentials. Because a user's identity will be authenticated by the processes of The Institutional Web of Trust (not a trust authority) there is no need for a trust authority to issue and vouch for public/private keys for individual users. It is only necessary that the public key be registered and the private key be secured. Users can self-issue their keys. The Institutional Web of Trust does not secure identity by, "making personal data harder to steal". Rather, identity is secured by self-managing logical inconsistencies within the system, resolving identity conflicts and preventing fraudulent transactions. As Bruce Schneier, author and security guru, pointed out, "Proposed [identity theft] fixes tend to concentrate on the first issue--making personal data harder to steal--whereas the real problem is the second [preventing fraudulent transactions]. If we're ever going to manage the risks and effects of electronic impersonation [identity theft], we must concentrate on preventing and detecting fraudulent transactions." [Solving Identity Theft] In essence, there are a limited number of institutions worldwide (measured in thousands) that truly matter when it comes to legitimizing identity. Digital wallets on smart phones will enable the efficient association of unique public/private keys to a specific legal identity (legal name and legal address). If there is a non-unique association, an inconsistency arises in the system. If the association is unique and verified by one or more legitimate institutions an individual's identity is secure (as long as the private key which he/she controls is secure). In the process of adding a credential to a user's digital wallet, the provisioning institution (government agency, bank, university, etc.) will calculate a secure hash value (numerical representation) of the credential combined with information from the user's primary credential (legal identity). This hash value will be encrypted with the user's private key and then encrypted again with the provisioning institution's private key; this encrypted hash value will then be stored in The Institutional Web of Trust Repository representing an institutional validation of the user's identity. This dual encryption establishes that the credential was associated with the user during the provisioning process rather than simply asserting the association by a reference from the repository. Also, There is no need to store any specific information (account number, balance, etc.) about user's account. The user is in complete control of the information he/she presents and his/her privacy is maintained. When a user presents a credential from his/her digital wallet a transaction ID will be sent from the authenticating system to the user's digital wallet, be encrypted with the user's private key and sent back to the authenticating system. The user can be authenticated by decrypting the transaction ID with the user's public key from The Institutional Web of Trust Repository. The credential can be authenticated by calculating the hash value of the credential and then decrypting the hash value stored in The Institutional Web of Trust Repository with the institution's public key and the user's public key. In a variation of this process the provisioning institution does not store the encrypted hash value in The Institutional Web of Trust Repository; rather, the provisioning institution itself maintains a repository and a reference to the repository is authenticated by an entry contained within The Institutional Web of Trust Repository (through the institution's primary credential). In this way an institution could federate the identity of it's users (or a subset of its users) simply by adding (or modifying) a credential to each of it's user's digital wallets and creating an institutional reference within The Institutional Web of Trust Repository. As part of the federation process, cooperating institutions will most likely create standard authorization levels for various services and provision these levels as part of a user's credential. For example, a coalition of universities may have authorization levels for library services that will enable users to access any library within the coalition; government organizations may provision security levels within a user's credential that enable inter-agency access to resources; etc. There is significant debate regarding the effectiveness of biometrics in identity management. When a user is not present (authenticating over a network) there are fatal problems with biometric authentication. Most significantly, "The main security problem with biometrics is the inability to create a new secret. If you allow your fingerprint to be digitized and sent across a network or scanned by a compromised scanner, it can be stolen. Then someone has a digital copy of your fingerprint." Even if a method of biometric identification proved to be completely reliable, security issues would still remain. There would be opportunities to steal someone's biometric signature and forge their identity credentials, especially if there was a massive store of private personal data; one successful attack could essentially render the entire system ineffective. When a user is present bio-metric data can be an effective authenticator. It will be possible to store bio-metric data within a user's credential (not within a central repository) when the credential is created by the provisioning institution. When a user presents the credential, verifying the biometric data in the credential against the individual in real time will provide enhanced security along with verifying the encrypted transaction code against the user's public key and verifying the encrypted hash code of the credential against the value stored in The Institutional Web of Trust Repository. While there are many types of biometric identifiers, one of the simplest and most usable is a photograph of the human face verified by a human being. Any credential in a user's digital wallet that includes a photograph (driver's license, passport, bank debit card, etc.) will be highly reliable when a user presents the credential in person. Why would a major institution (bank, university, corporation, government agency, etc.) utilize The Institutional Web of Trust Repository instead of its own internal system? When there is no need for an external third party to rely on a user's credential an institution may very well utilize its own internal repository. In this same case, smaller institutions, for reasons of convenience and cost, might still utilize The Institutional Web of Trust Repository. Whenever a third party (a party other than the provisioning institution) must relay on a user's credential, the key services The Institutional Web of Trust Repository provides are assurance that the user is unique and trustworthy, assurance that the provisioning institution is unique and trustworthy and assurance that the credential is trustworthy. Also, The Institutional Web of Trust Repository creates a "data synergy effect" which establishes an Institutional Web of Trust (when multiple institutions validate a unique user's identity the identity becomes more secure and trustworthy). If a unique user has digital credentials for a state driver's license, a passport, a bank debit card, a university ID, insurance cards, credit cards, etc., all independently validated by trustworthy institutions, that user's identity is secure and highly trustworthy. Similar to credit ratings, both individuals and institutions will have "trust ratings" within The Institutional Web of Trust Repository. A centralized notification service will also be provided when credentials are lost or stolen. The uniqueness test for legal identities within The Institutional Web of Trust Repository helps to secure identity and prevent identity theft. If there is a non-unique association, an inconsistency arises in the system. Also, easy access for online status checking establishes the currency of a user's credentials in case the user's digital wallet is lost or stolen. Additionally, the system provides the "Holy Grail" for single sign on. All computers will soon have an interface (USB plugin or internal card) that will enable NFC interactions with mobile devices. The digital wallet on a user's cell phone will be provisioned with credentials containing specified authorizations for different systems and services. Rather than logging into a directory or utilizing a complex federated identity process, a user will log onto his/her cell phone with a PIN and/or a voice authentication signature. The user (or the authenticating system) will then select the appropriate credential for the specified system or service with no need to enter another user name or password (the user's private key will be used to encrypt a transaction ID). This approach also solves the "Keys to the Kingdom" problem where a single sign on to a directory service opens access to all the user's systems and services. Additionally, the system will enable a process of mutual authentication that will prevent phishing scams. The user's credential and the institution's credential could both contain a list of valid URLs which could be matched during the sign on process. Existing providers of identity management services should not see The Institutional Web of Trust as a competitor; rather, they should see it as an infrastructure service (similar to the electric power grid that has hundreds of energy providers). This identity infrastructure will be created with government resources and be managed to a great extent as a public trust. Best regards, Michael Duffy CEO / CTO ~ The Trust Nexus http://www.thetrustnexus.com Joni Brennan wrote: Thanks Mike, It seems like you have a product and you're telling us about it. We don't allow these types of messages here. So you have a few choices of how to interact. 1 - Parse your email down to a very brief idea and some questions that the group could respond to. (This mode is more aligned with the true nature of the list.) Again - as it reads now it's a product advertisement which is prohibited. 2 - Browse our groups list from the homepage here http://kantarainitiative.org. You may find a group you could join and then share your idea there. 3 - Start your own Work or Discussion Group to discuss your identity based solutions ideas. If you're interested in this path please ping me directly so we can discuss and I can learn more about your goals. >From there I could help you to determine if this is appropriate work material for Kantara or not. Cheers - Joni On Fri, Jan 29, 2010 at 10:04 AM, Michael Duffy <thetrustnexus@austin.rr.com> wrote: My apologies. A member of your group actually suggested we post to the community list. Our goal was not to promote the company but to discuss the ideas related to an Institutional Web of Trust with the leading experts in the field of identity. Is there another existing list that would better suit this purpose? If not, perhaps Kantara could create such a list (e.g., ideas@kantarainitiative.org). Mike Roger Sullivan wrote: Let me echo Brett's sentiments. None of Kantara's lists are to be used for promotion of oneself or one's company. Please refrain from doing that. Roger Sullivan President, Kantara Initiative -----Original Message----- From: Brett McDowell [mailto:email@brettmcdowell.com] Sent: Friday, January 29, 2010 11:04 AM To: Thomas Hardjono Cc: community@kantarainitiative.org Subject: Re: [Kantara - Community] Institutional Web of Trust That is certainly not its intent and if it becomes used in that way I fear we will see mass un-subscription which will undermine our ability to communicate with each other. So I would ask that all subscribers refrain from using this list for any form of advertising. Thank you, || Brett McDowell, Executive Director, Kantara Initiative On Fri, Jan 29, 2010 at 10:59 AM, Thomas Hardjono <mailto:standards@hardjono.net> <standards@hardjono.net> wrote: My apologies for asking this trivial question, but is this Kantara mailing-list allowed to be used for "advertising" emails? Regards. /thomas/ __________________________________________ Thomas Hardjono MIT Kerberos Consortium Massachusetts Institute of Technology 77 Massachusetts Ave W92-152 Cambridge, MA 02139 email: hardjono[at]mit.edu web: http://www.kerberos.org mobile: +1 781-729-9559 desk: +1 617-715-2451 __________________________________________ From: community-bounces@kantarainitiative.org [mailto:community-bounces@kantarainitiative.org] On Behalf Of Michael Duffy Sent: Friday, January 29, 2010 8:47 AM To: community@kantarainitiative.org Subject: [Kantara - Community] Institutional Web of Trust We believe we have THE solution that will realize the vision of the Kantara Initiative: Ensure secure, identity-based, online interactions while preventing misuse of personal information so that networks will become privacy protecting and more natively trustworthy environments. We realize that is a bold statement. We humbly ask the members of the Kantara Initiative to review our approach: Digital credentials on NFC enabled smart phones will soon transform the world of identity management. The Trust Nexus is a startup company located in Austin, TX. We hold intellectual property rights that will enable us to build the infrastructure for secure identity in the digital age. Whoever controls the infrastructure for secure identity will also play a leading role in the emerging world of m-Commerce. The basic question is, how can trust be established in the digital age? If you and I have never met and I come to your website or place of business, how can you be confident that I am who I say that I am? The Trust Nexus answers this basic question regarding the establishment of trust. A key component of our infrastructure will be an easy to use digital wallet where credentials can be securely provisioned and transactions occur smoothly. This digital wallet will be the cornerstone of NFC technologies on mobile devices and provide the interface for identity, marketing and financial services. Every aspect of digital life that depends on identity and transactions will flow through the digital wallet. The digital wallet on NFC enabled smart phones will be one of the most valuable assets in the digital age. The digital wallet and supporting infrastructure will be based on industry standards that will enable the mobile network operators (MNOs) to meter services that flow through their networks and participate in new marketing/advertising models. The identity infrastructure we have designed will eliminate the possibility of identity theft for all participants, protect consumers and financial institutions from fraudulent transactions, greatly reduce cyber-crime and solve many of the systemic problems of the current Public Key Infrastructure system, especially the problems of certificate revocation lists (CRLs) and on-line status checking. Our solution is simple, practical and transparent to the consumer. Consumer acceptance will be rapid and widespread. Our solution secures identity, protects individual privacy and prevents the establishment of monolithic government control. Under our system, the user is always in control of his/her credentials. The essence of our approach is very different from the "Big Brother" approach recently announced by India. Rather than creating a centralized directory of private information, we will create a central repository containing a collection of institutional decisions which will establish an Institutional Web of Trust. Compared to a decentralized web of trust which creates a web of individuals with, "the expectation that anyone receiving [a list of signatures] will trust at least one or two of the signatures", we will create a system where trusted institutions legitimize individual identity. Additionally, the Institutional Web of Trust established by The Trust Nexus will have centralized controller processes that rely greatly on self-management and automation resulting in great efficiencies. Digital wallets on NFC enabled smart phones will enable users to secure their private keys and control/present their digital credentials. Because a user's identity will be authenticated by the processes of The Trust Nexus (not a trust authority) there is no need for a trust authority to issue and vouch for public/private keys for individual users. It is only necessary that the public key be registered and the private key be secured. Users can self-issue their keys. The Trust Nexus does not secure identity by, "making personal data harder to steal". Rather, identity is secured by self-managing logical inconsistencies within the system, resolving identity conflicts and preventing fraudulent transactions. As Bruce Schneier, author and security guru, pointed out, "Proposed [identity theft] fixes tend to concentrate on the first issue--making personal data harder to steal--whereas the real problem is the second [preventing fraudulent transactions]. If we're ever going to manage the risks and effects of electronic impersonation [identity theft], we must concentrate on preventing and detecting fraudulent transactions." [Solving Identity Theft] In essence, there are a limited number of institutions worldwide (measured in thousands) that truly matter when it comes to legitimizing identity. Digital wallets on smart phones will enable the efficient association of unique public/private keys to a specific legal identity (legal name and legal address). If there is a non-unique association, an inconsistency arises in the system. If the association is unique and verified by one or more legitimate institutions an individual's identity is secure (as long as the private key which he/she controls is secure). In the process of adding a credential to a user's digital wallet, the provisioning institution (government agency, bank, university, etc.) will calculate a secure hash value (numerical representation) of the credential combined with information from the user's primary credential (legal identity). This hash value will be encrypted with the user's private key and then encrypted again with the provisioning institution's private key; this encrypted hash value will then be stored in The Trust Nexus Repository representing an institutional validation of the user's identity. This dual encryption establishes that the credential was associated with the user during the provisioning process rather than simply asserting the association by a reference from the repository. Also, There is no need to store any specific information (account number, balance, etc.) about user's account. The user is in complete control of the information he/she presents and his/her privacy is maintained. When a user presents a credential from his/her digital wallet a transaction ID will be sent from the authenticating system to the user's digital wallet, be encrypted with the user's private key and sent back to the authenticating system. The user can be authenticated by decrypting the transaction ID with the user's public key from The Trust Nexus Repository. The credential can be authenticated by calculating the hash value of the credential and then decrypting the hash value stored in The Trust Nexus Repository with the institution's public key and the user's public key. In a variation of this process the provisioning institution does not store the encrypted hash value in The Trust Nexus Repository; rather, the provisioning institution itself maintains a repository and a reference to the repository is authenticated by an entry contained within The Trust Nexus Repository (through the institution's primary credential). In this way an institution could federate the identity of it's users (or a subset of its users) simply by adding (or modifying) a credential to each of it's user's digital wallets and creating an institutional reference within The Trust Nexus Repository. As part of the federation process, cooperating institutions will most likely create standard authorization levels for various services and provision these levels as part of a user's credential. For example, a coalition of universities may have authorization levels for library services that will enable users to access any library within the coalition; government organizations may provision security levels within a user's credential that enable inter-agency access to resources; etc. There is significant debate regarding the effectiveness of biometrics in identity management. When a user is not present (authenticating over a network) there are fatal problems with biometric authentication. Most significantly, "The main security problem with biometrics is the inability to create a new secret. If you allow your fingerprint to be digitized and sent across a network or scanned by a compromised scanner, it can be stolen. Then someone has a digital copy of your fingerprint." Even if a method of biometric identification proved to be completely reliable, security issues would still remain. There would be opportunities to steal someone's biometric signature and forge their identity credentials, especially if there was a massive store of private personal data; one successful attack could essentially render the entire system ineffective. When a user is present bio-metric data can be an effective authenticator. It will be possible to store bio-metric data within a user's credential (not within a central repository) when the credential is created by the provisioning institution. When a user presents the credential verifying the biometric data in the credential against the individual in real time will provide enhanced security along with verifying the encrypted transaction code against the user's public key in The Trust Nexus Repository and verifying the encrypted hash code of the credential against The Trust Nexus Repository. While there are many types of biometric identifiers, one of the simplest and most usable is a photograph of the human face verified by a human being. Any credential in a user's digital wallet that includes a photograph (driver's license, passport, bank debit card, etc.) will be highly reliable when a user presents the credential in person. Why would a major institution (bank, university, corporation, government agency, etc.) utilize The Trust Nexus Repository instead of its own internal system? When there is no need for an external third party to rely on a user's credential an institution may very well utilize its own internal repository. In this same case, smaller institutions, for reasons of convenience and cost, might still utilize The Trust Nexus Repository. Whenever a third party (a party other than the provisioning institution) must relay on a user's credential, the key services The Trust Nexus Repository provides are assurance that the user is unique and trustworthy, assurance that the provisioning institution is unique and trustworthy and assurance that the credential is trustworthy. Also, The Trust Nexus Repository creates a "data synergy effect" which establishes an Institutional Web of Trust (when multiple institutions validate a unique user's identity the identity becomes more secure and trustworthy). If a unique user has digital credentials for a state driver's license, a passport, a bank debit card, a university ID, insurance cards, credit cards, etc., all independently validated by trustworthy institutions, that user's identity is secure and highly trustworthy. Similar to credit ratings, both individuals and institutions will have "trust ratings" within The Trust Nexus Repository. A centralized notification service will also be provided when credentials are lost or stolen. The uniqueness test for legal identities within The Trust Nexus Repository helps to secure identity and prevent identity theft. If there is a non-unique association, an inconsistency arises in the system. Also, easy access for online status checking establishes the currency of a user's credentials in case the user's digital wallet is lost or stolen. And most importantly, The Trust Nexus creates a "data synergy effect" which establishes an Institutional Web of Trust. Additionally, our system provides the "Holy Grail" for single sign on. All computers will soon have an interface (USB plugin or internal card) that will enable NFC interactions with mobile devices. The digital wallet on a user's cell phone will be provisioned with credentials containing specified authorizations different systems and services. Rather than logging into a directory or utilizing a complex federated identity process, a user will log onto his/her cell phone with a PIN and a voice authentication signature. The user (or the authenticating system) will then select the appropriate credential for the specified system or service with no need to enter another user name or password (the user's private key will be used to encrypt a transaction ID). This approach also solves the "Keys to the Kingdom" problem where a single sign on to a directory service opens access to all the user's systems and services. We are confident we have a transforming technology and a clear vision of the future. No one has found a conceptual flaw in the system. Existing providers of identity management services should not see The Trust Nexus as a competitor; rather, they should see us as an infrastructure provider (similar to the electric power grid that has hundreds of energy providers). Best regards, Michael Duffy CEO / CTO ~ The Trust Nexus http://www.thetrustnexus.com _______________________________________________ Community mailing list Community@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/community _______________________________________________ Community mailing list Community@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/community _______________________________________________ Community mailing list Community@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/community _______________________________________________ Community mailing list Community@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/community -- Joni Brennan IEEE-ISTO Kantara Initiative Program Director voice:+1 732-226-4223 email: joni @ ieee-isto.org gtalk: jonibrennan skype: upon request Join the conversation on the community@ list - http://kantarainitiative.org/mailman/listinfo/community

Just to be clear, the *Institutional Web of Trust* may not be a product. Our vision is that the identity infrastructure and services would be one corporation and the financial/marketing infrastructure and services would be another. The identity infrastructure will be created with government resources and be managed to a great extent as a *public trust*. Even though we have pending patents on this infrastructure and processes, the anti-trust considerations will be significant. We will have a monopoly on identity authentication and we expect significant government oversight of that monopoly. Existing providers of identity management services should not see the *Institutional Web of Trust* as a competitor; rather, they should see the system as an infrastructure provider (similar to the electric power grid that has hundreds of energy providers). There will be hundreds if not thousands of different corporate identity systems and services based on this infrastructure. Our goal is to form a *cooperative ecosystem* around this technology. Along with government agencies, the primary players in this ecosystem will be the mobile network operators (who will be able to meter services through their networks and take part in new marketing/advertising models) and the banks/financial institutions (who will gain by greatly reducing fraudulent financial transactions). We think we have a technology that fits the *vision of the Kantara Initiative*: "Ensure secure, identity-based, online interactions while preventing misuse of personal information so that networks will become privacy protecting and more natively trustworthy environments." Beyond this vision we hope the Kantara community will see that the creation of an effective worldwide identity infrastructure will result in a much better world. Stated as a fundamental principle of economics: *Identity is the foundation of financial rights.* "In battling poverty in the developing world with affordable financial services, there is nothing quite as democratizing as the ubiquitous cellphone. Few proponents of economic growth would quibble with the belief that banking is integral to the foundation that society is built on, but a full one billion of the globe's five billion cellphone owners have no access to financial services. That makes mobile banking the perfect way to bring the unbanked and underbanked into society's fold..." [Waiting for the Call ~ http://www.americanbanker.com/usb_issues/118_7/-357010-1.html] Additionally, the *Institutional Web of Trust* will greatly influence political events by reintroducing classical Greek democracy to the world. Unlike current on-line polls that can be "spammed" multiple times by a single user or a group of users, on-line polls conducted under the *Institutional Web of Trust* will be validated for user uniqueness. Users could volunteer to provide their demographic profiles to the on-line pollsters enabling political scientists to extricate meaningful conclusions from their polls. Ultimately, secure on-line voting will become a reality that will lead to an ever-increasing number of local, national and world plebiscites. When I sit down and talk with people about the potential of this technology, once they realize the simplicity and pragmatic nature of the system, they come to realize the system is conceptual valid. The question then becomes how can this system be effectively implemented. We have a three to five year plan to build out a prototype and fully test the system. We hope the members of the Kantara community will follow our progress and provide guiding insights along the way. Best regards, Michael Duffy CEO / CTO ~ The Trust Nexus http://www.thetrustnexus.com Owen Thomas wrote:

Okay, I'm going to add my piece now. I'm going to plug Clique Space, but this thread has been about a product anyway, so why not...

While all of this Web of Trust and Wallet stuff is really interesting (and, sincerely, it is), something I believe has been missing in anyone's definition of identity is the individual. I would think that the only way trust is going to be had by anyone is if those "anyones" are left to be individuals, and no organisation represents itself as an overlord. No one (be they professional or lay) will accept a definition of an individual who is not as sacred in a virtual world of electronic collaboration as the individual is in a physical sense.

So, I've come up with Clique Space. Indeed, Clique Space provides an environment that might be administered by an organisation, but the administration of this environment is only performed for the purposes of maintaining continuity of its operation. Furthermore, a Clique Space may not be considered a singular entity: Clique Spaces may be run independently of each other, or may eve be federated so they can share information.

The sole purpose of Clique Space is to model real-time and near real-time activity of individuals over any combination of devices one might be using with any other combination of devices being used by any other individuals. One has to Connect to a Clique Space and Activate an Affiliation within the Clique Space to use one's one or more devices (called Client Devices) within the Clique Space within which one has obtained a connection.

I envisage a public Clique Space would be set up to provide a general use area. One of the main items of its charter would be that, except for necessary caching to ensure stability of the Clique Space and continuity of its device activity stream, no device activity from any individual would be persisted.

That's enough from me in this message. You might like to read a research proposal paper I put together; a version which, I observe, has been published by one of the many recipients of a copy: http://tinyurl.com/ydcmrw6

Enjoy, and I welcome comment on Clique Space.

Thanks,

Owen.

-- www.cliquespace.net <http://www.cliquespace.net> Clique Space(TM) Facebook Group: http://www.facebook.com/group.php?gid=81335296379 Owen's Garden of Thought: http://owenpaulthomas.blogspot.com/ ------------------------------------------------------------------------

_______________________________________________ Community mailing list Community@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/community

Hello Robin. May I pick you up there on what you say about "spanning borders", and apply Clique Space to it. The notion of Clique spanning and Clique Space federations model many collaborative endeavours of the physical world in a virtual context. A Clique Space federations enable Cliques to "span" Clique Spaces. If you like, you could imagine a Clique as a pseudopod moving over and between federated Clique Spaces. Clique spanning is made possible through Clique Space federations, and realised when one or more of a Clique's participants are connected to more than one Clique Space. There are, I believe, some versatile phenomena that occur through the notion of Clique spanning that have no physical analogue. However, the notion of federation and spanning in Clique Spaces is intended to address many questions relating to inter-organisational and inter-governmental cooperation. Federations also address issues of trust in a Clique Space model. I, for instance, am Australian. Now, if the Australian government were to administer its own Clique Space, and federate it to a "public" Clique Space where anyone in the world can Connect, I could assert to everyone on the public Clique Space that I am an Australian citizen. My connection to the Australian Clique Space might also have tighter authentication requirements than on the public Clique Space, so you may be more inclined to trust devices associated to me when they're accompanied with Australian Clique Space membership. Owen. 2010/2/1 Robin Wilton <futureidentity@fastmail.fm>

That's an interesting concept, and a position which may or may not fit well within the existing Kantara vision...

One potential issue is that the approach you describe may not translate well, either to implementations outside the US (for instance, where you describe the infrastructure being "created with government resources"), or to implementations which need to span borders in order to function (operationall or commercially).

In some ways, your description of a single, worldwide infrastructure meeting the full spectrum of political, social, commercial and financial aims reminds me of some of the early discussions of "Circles of Trust". Those discussions turned out, in the fullness of time, to be useful in understanding the fundamental concepts and building blocks of federated systems, but not the basis of a single architectural blueprint for all use-cases.

Yrs., Robin

On Sun, 31 Jan 2010 13:47 -0600, "Michael Duffy" < thetrustnexus@austin.rr.com> wrote:

Just to be clear, the *Institutional Web of Trust* may not be a product.

Our vision is that the identity infrastructure and services would be one corporation and the financial/marketing infrastructure and services would be another. The identity infrastructure will be created with government resources and be managed to a great extent as a *public trust*. Even though we have pending patents on this infrastructure and processes, the anti-trust considerations will be significant. We will have a monopoly on identity authentication and we expect significant government oversight of that monopoly.

Robin Wilton

Director, Future Identity Director of Privacy and Public Policy, Liberty Alliance

www.futureidentity.eu +44 (0)705 005 2931 ==================================================================== Structured consulting on digital identity, privacy and public policy ==================================================================== Future Identity is a limited company number 6777002, registered in England & Wales

-- www.cliquespace.net Clique Space(TM) Facebook Group: http://www.facebook.com/group.php?gid=81335296379 Owen's Garden of Thought: http://owenpaulthomas.blogspot.com/

Robin, Thank you for the thoughtful response. I hope that anyone who has a question about the *Institutional Web of Trust* will ask it. We may not have all the answers at this time; however, I think we are headed in the right direction and good questions will help refine that direction. In the U.S., the EEC and other first world nations we envision a scenario where the *Institutional Web of Trust* will be an infrastructure service similar to the energy grid that is built and maintained by a combination of government and private resources. In second and third world nations the *Institutional Web of Trust* will most likely be built and maintained by a combination of mobile network operators and financial institutions; they have the most to gain. In regards to implementations outside the U.S. or implementations that span borders, we expect that there will be regional implementations of the *Institutional Web of Trust* that will be patterned on the service areas of the mobile network providers. Many of these regional mobile network operators are moving aggressively into the areas of mobile banking, mobile money transfers and other areas of mCommerce. One shining example is Zain (http://www.zain.com), "a leading wireless services provider with a commercial presence in 23 countries across the Middle East and Africa". Zain's Zap mobile commerce service is an award winning service that is bringing advanced technology services to millions (http://www.zain.com/muse/obj/lang.default/portal.view/content/Media%20centre...). In regards to federation, I am not sure that at this time we have, "a single architectural blueprint for all use-cases." However, I do think we have a good architectural blueprint for a simplified federation process. This architecture does not require complex provisioning or contractual agreements between ID providers; there are no "Circles of Trust". Under the *Institutional Web of Trust* an institution could federate the identity of it's users (or a subset of its users) simply by adding (or modifying) a credential to each of it's user's digital wallets and creating an institutional reference within the *Institutional Web of Trust Repository*. If you trust the institutional reference, you can trust the credential presented by the user. As part of the federation process, cooperating institutions will most likely create standard authorization levels for various services and provision these levels as part of a user's credential. For example, a coalition of universities may have authorization levels for library services that will enable users to access any library within the coalition; government organizations may provision security levels within a user's credential that enable inter-agency access to resources; etc. Mike Robin Wilton wrote:

That's an interesting concept, and a position which may or may not fit well within the existing Kantara vision...

One potential issue is that the approach you describe may not translate well, either to implementations outside the US (for instance, where you describe the infrastructure being "created with government resources"), or to implementations which need to span borders in order to function (operationall or commercially).

In some ways, your description of a single, worldwide infrastructure meeting the full spectrum of political, social, commercial and financial aims reminds me of some of the early discussions of "Circles of Trust". Those discussions turned out, in the fullness of time, to be useful in understanding the fundamental concepts and building blocks of federated systems, but not the basis of a single architectural blueprint for all use-cases.

Yrs., Robin

On Sun, 31 Jan 2010 13:47 -0600, "Michael Duffy" <thetrustnexus@austin.rr.com> wrote:

...

Just to be clear, the *Institutional Web of Trust* may not be a product.

Our vision is that the identity infrastructure and services would be one corporation and the financial/marketing infrastructure and services would be another. The identity infrastructure will be created with government resources and be managed to a great extent as a *public trust*. Even though we have pending patents on this infrastructure and processes, the anti-trust considerations will be significant. We will have a monopoly on identity authentication and we expect significant government oversight of that monopoly. Robin Wilton

Director, Future Identity Director of Privacy and Public Policy, Liberty Alliance

www.futureidentity.eu +44 (0)705 005 2931 ==================================================================== Structured consulting on digital identity, privacy and public policy ==================================================================== Future Identity is a limited company number 6777002, registered in England & Wales

Robin, We do not expect the mobile network operators to own or operate the identity infrastructure. We will enable the MNOs to participate in new mComerce services and new advertising models. We can prevent the MNOs from being disenfranchised in the emerging world of mCommerce. We have had initial discussions with two of the leading MNOs in the U.S. We will present a paper at the Mobile Money Summit, 24-27 May in Rio de Janeiro, Brazil (we will forward that paper to the Kantara community). A key component of our infrastructure will be an easy to use digital wallet where credentials can be securely provisioned and transactions occur smoothly. This digital wallet will be the cornerstone of NFC technologies on mobile devices and provide the interface for identity, marketing and financial services. Every aspect of digital life that depends on identity and transactions will flow through the digital wallet. Our proposal to the MNOs is that we will help create the standards for the digital wallet on mobile devices. These standards will establish the MNOs as the de facto arbitrators of identity. Imagine a world where the MNOs control secure identity and can meter all types of services that flow through their networks. It is a world in which the MNOs play a dominant role in world commerce. We know the MNOs have a high incentive to participate in this process. Commodization is a real threat to the MNOs. If they simply provide bandwidth instead of services their profit outlook is bleak. Slashdot, one of the leading online technical communities, had a recent post regarding the possibility that Google and others will turn the mobile network operators (MNOs) into cheap data providers by driving the MNOs to commoditization: "Becoming a pure bandwidth provider is every cellco's nightmare". http://mobile.slashdot.org/story/09/12/19/2230246/Making-Sense-of-the-Cellph... The Boston Globe echoed this sentiment: "In Google's ideal world... the phone companies would become mere data pipelines, and power and profits would shift to makers of phone software and services, like Google". http://www.boston.com/business/technology/articles/2010/01/14/cellphone_aims... This will be a three to five year project to build the prototype, do implementation tests and prove the technology. You are absolutely right that this evolution a slow process. This may or may not be an accurate observation (please correct me if I am wrong), but it seems that the members of the Kantara community are primarily focused on corporate identity systems and they have missed the broad range impact of mobile devices on consumer identity. Mike Robin Wilton wrote:

I've got to admire your optimism, Michael...

Over the last 15 years, I've watched the telcos and financial institutions be put forward (by third parties, I hasten to add) as the prime candidates to own and operate

- the "utility" PKI; - the "utility" IDPs;

Trouble is, neither type of organisation seems to share the enthusiasm of those putting them forward for the role.

In those cases, the obstacles seemed to be:

1 - liability 2 - the good old e-commerce concept of "friction"...

It could just be that we're seeing an evolution here, and that the time for this model has arrived... but evolution is a slow process.

R

On Jan 30, 2010, at 7:26 PM, Brian Dilley wrote:

Actually, I find that a “web” is a tangled mesh in which to entrap and is a term that infringes on other trademarks and is a symbol that doesn’t inspire trust at all – said the fly to the spider. I think repositories only hold value if the storage and retrieval of information can be validated to be trusted, secure, reliable, and honest in its representations. Since trust is an intangible value, I find it to be an unobtainable goal in ecommerce activities based on concepts that are not managed in accordance with good policies or even their own statements. IMHO any system that is self-managed is quite frankly a disaster and provides me as an informed consumer no level of trust or assurances proclaimed by any system or solution said to be good for goodness sakes. Self managed is equivalent to saying trust me because I say so.

This paragraph also highlights why the ICF/OpenIDF work with the US government and it's insistence that it be called the "trust exchange" - I and others have continuously been saying that this name is not appropriate and it should be called the something more like what it is "policy repository"

.......

This is exactly why such organizations as IETF, ANSI, ISO, AICPA, NIST and Kantara

AND communities/gatherings like Identity Commons and the Internet Identity Workshop that have been pioneers in framing and moving forward the "user-centric" frame/world view (in relationship to the other models of identity). Coming up with NUMBER 10 happening in May in Mountain view between May 18 and 20th. Extra early bird registration ends tomorrow - http://www.interentidentityworkshop.com

are so much in need to prevent such flawed solutions as this “web of trust” from being accepted by the electronic commerce community.

Regards, -Kaliya Kaliya - Identity Woman Internet Identity Workshop unconference designer & facilitator Founder She's Geeky www.twitter.com/identitywoman www.internetidentityworkshop.com www.identitywoman.net www.unconference.net www.shesgeeky.org kaliya@mac.com 510 472-9069 skype: identitywoman gTalk: identityWoman@gmail AIM: kaliya@mac.com Yahoo!: earthwaters