Digital ID and Authentication as a Platform
description
Transcript of Digital ID and Authentication as a Platform
Digital ID and Authentication as a Platform
Peter Watkins
Canonical Use CasesDigital ID and Authentication
Ecosystem
• The beer store• The medical lab results• The bank account
Canonical Use CasesDigital ID and Authentication
Ecosystem
• The beer store• The medical lab results
• The bank account
Step 0
Step 1
Touch “New Customer”
Step 2
Be advised about what info they need, why, what they will do with it etc..
Step 3
Passcodeand/or Card Tap etc.Authentication
Step 4
Authentication and authorization agent shows you the request and asks you to proceed…
Step 5
Full activation may take 24-48hrs;meanwhile…
Step Done!
ConsiderationsKey Actors
• Applicant (user)• Bank app from the app store• Government entity trusted for name, dob,
address• Agent (for the user) that ran on the phone
ConsiderationsNot Shown
• Technical architecture, technical specifications, protocols• Phone registration / agent activation• Credential used during phone registration• Credential issuance / activation• User’s registration with government entity that provided name, dob,
address• Bank app development/developer/registration• Agent accreditation/certification• Privacy enabling infrastructure/services• Assurance standards• Evidence of identity standards• …
Plan to see session by Dick Hardt on
Authentication and Authorization Privacy Protecting ProtocolA2P3
Tomorrow
Segue…
• Even with answers to all the previous items
How was it that the bank was able to meet its obligations per: KYC/AML etc. through this approach?
What else?
Barriers to Collective Success(some of the things we have to talk about, or ignore at our peril)
• Ensuring Privacy By Design• Liability Rules• Reputation Risk• Ubiquity Of Platform Access, Interoperability• Equality Of Service Irrespective Of Technology Access,
(Dis)ability, Age, Etc.• What Will The Trust Frameworks Be? • Compelling Use Cases• Responsibility to Educate Consumers• Enabling Consumer Power – Vs. Relying Party Power– Vs. Identity Provider Power