- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Thu, 30 Apr 2015 19:39:54 +0200
- To: Adrian Hope-Bailie <adrian@hopebailie.com>, W3C Credentials Community Group <public-credentials@w3.org>
On 2015-04-30 18:36, Adrian Hope-Bailie wrote:
> http://www.americanbanker.com/news/bank-technology/identity-is-broken-can-banks-fix-it-1074066-1.html
"Banks could get together, agree on standards for identity management and authentication,
and collectively become the gatekeepers for their customers' identities. They could let
consumers log into any website using their bank ID"
A few questions for you:
- What kind of authentication technology would they use to enable this [1]?
- Wouldn't it be more logical if banks took on Web Payments first [2]?
Anyway, banks *are* since 15 years back acting as public IdPs in Scandinavia although
they (quite unsurprisingly) do neither share technology, nor trust-anchors
(the schemes are all based on X.509 certificates).
A major problem with banks as public IdPs is that they see authentication as a "business model"
where relying parties have to pay for authentications.
The only parties who have bought into this are governments which (at least in Scandinavia)
use the same citizen-ID for all files involving a specific citizen. This is *not* the case for the
private sector who actually isn't that terribly interested in your ID, they rather want your credit card number :-)
My take on the citizen-ID issue is creating a platform (in a mobile phone) which enables
governments to issue virtual electronic IDs without any need for cards or specific client software
to rather *getting away* from bank-IdPs because fee-based authentication have a stifling effect
on the deployment of secure e-government services.
Anders
1] The only technology I'm aware of that actually can do this is HTTPS Client Certificate Authentication
which is generally regarded as inferior from a usability point of view
2] Secure/Convenient/Decentralized like EMV in a shop
Received on Thursday, 30 April 2015 17:40:25 UTC