Re: [identity-credentials] Clarity of definitions: Credentials, unbound identity, identity hardening, and bound identity from Erik Anderson on 2015-05-27 (public-webpayments-ig@w3.org from May 2015)

From: Erik Anderson <eanders@pobox.com>
Date: Wed, 27 May 2015 09:32:53 -0400
To: Web Payments IG <public-webpayments-ig@w3.org>
Message-ID: <cfdc20ed51737ab18c9a394f45d48d59@pobox.com>

> Do you think identity hardening is an essential part of the payments
> process (at the time of payment)?

If the world wants to reach a digital economy you must automate legal, 
regulatory, and consumer protections. Identity hardening is the only way 
we can move forward. This is all easily achievable via someones mobile 
device or off the shelf products like a Yubikey. Web Payments will add a 
whole world of online fraud when the "card not present" transaction 
starts surfacing more and more.

Soon as you can objectively measure the risk and security of a 
transaction you can start reducing fees (or independent identity 
assurance/insurance per transaction).

> I am trying to get away from a scenario where we think a payment can 
> only be made if the participants have specialized technology at their 
> disposal at the time they wish to transact.

We will not limit the payment capabilities to one technology or the 
other however it is necessary to limit the classification of a 
transaction that will be authorized based on the availability of 
identity hardening mechanisms.
Example: $25 transaction versus $3000, $10000, international 
transactions, etc.

The current generation of mobile devices have enough sensors to 
facilitate identity hardening and those sensors get better and better 
every year. Those devices know their user and they have high end 
cryptographic co-processors. Social media, when applied to financial 
services, tells you we need to bring the financial services to the user 
not make them

This is inline with the documentation in the upcoming financial services 
standards in the US pipeline.

NOTE: The account provider is the one that needs the identity hardening 
lego blocks to meet their KYC/AML requirements.

I dont intend to wait 10 years while lawyers and politicians over 
regulate the financial systems with human processes to the point of 
being unsustainable. We design+layer the standards and interfaces on top 
of today's technologies yet design and version those interfaces to be 
extensible for tomorrows next generation solutions.

This is easily achievable when you dont couple the interface with a 
technology (ie dont solder the plug into the wall outlet).

http://lostechies.com/derickbailey/files/2011/03/DependencyInversionPrinciple_0278F9E2.jpg

Erik Anderson
Bloomberg R&D & W3C Web Payments IG/SG

Attachments

application/pdf attachment: Web_Identity_and_Credentials_Standard.pdf

Received on Wednesday, 27 May 2015 13:34:32 UTC