- From: Ricardo Varela <phobeo@gmail.com>
- Date: Sun, 22 Sep 2013 22:32:19 +0100
- To: Ben Adida <ben@adida.net>
- Cc: Manu Sporny <msporny@digitalbazaar.com>, Web Payments CG <public-webpayments@w3.org>, "Joe Cascio, Jr." <joe.cascio.jr@gmail.com>, Dan Callahan <dan.callahan@gmail.com>, Lloyd Hilaiel <lloyd@mozilla.com>
- Message-ID: <CAN46wV-_Cek3b6QbQkL2SU_0xwqvs4gQ1ciGsyBttqCPoajrbw@mail.gmail.com>
hallo, Just for clarity, what use case exactly is that they "desperately need" that online identity for? For the sake of background: I reckon the banks do not currently have widespread federated authentication schemes because it is up to individual bank-to-bank agreements to trust the KYC of the other bank and they need rules about whose liability it is if the transaction goes wrong. Its that or you route the transaction through some group with an already pre-agreed set of rules like those in a card network (eg: VISA) or in some cross-country scheme (eg: SEPA) and even for those some banks make their own piece for the identity (eg: in SEPA the "customer related messaging" is "strongly recommended" but not mandatory) By the way, to add to the mix: one of the comments in SEPA is that it makes sense that in some cases identity cannot be formulated in a cross-border manner as there may be country-level regulations to add to the EU ones (eg: data protection and retention policies in Germany) So, back to the original bank question: are they proposing a specific scenario where the issue is actually technical? or was this more the "visible excuse" for the reality that they have other issues to solve before getting to that common solution because a common identity still requires trust? PS: so that this is not just bank-bashing: I work with mobile operators and the issues are more or less the same, more legal/process than tech, and banks are even in a more advanced phase --- ricardo On Sun, Sep 22, 2013 at 5:40 PM, Ben Adida <ben@adida.net> wrote: > Manu, > > Speaking broadly here, as I don't speak for Persona anymore: it's not > obvious to me that we should conflate all identity use cases into one. > Specifically, I see 3 paths for success: > > 1. simple web login and financial login are totally different and should > be served by different technologies. > > 2. financial login can build on top of simple web login with additional > layered features. > > 3. financial and simple web login can be served by the same product. > > My only nudge here is to not presume that option 3 is the only way to go. > If the burden of KYC complicates the technology too much, the right > solution could be 1 or 2. > > -Ben > On Sep 22, 2013 6:36 AM, "Manu Sporny" <msporny@digitalbazaar.com> wrote: > >> I was recently asked to speak at the world banking conference about Web >> Payments. I had a ton of meetings with various big banks (HSBC, >> Barclays, Royal Bank of Scotland, etc) over the past week. They >> desperately need an online identity solution, and I'm trying to get >> leading thinkers in this space together to talk about how we might come >> up with a solution that works for them while dovetailing it with the >> work we're doing here on identity. >> >> Here's the basic problem: >> >> In order to do anything serious with money in the world, financial >> institutions need to do something called a "Know Your Customer", aka >> KYC, process on their customers. This involves doing things like >> verifying their address, government ID, making sure they're not on a >> government watch list, etc. Each bank does this, typically in a way that >> is specific to that particular bank. The Bitcoin community is having to >> do this now as well, for large transactions. >> >> An identity solution for the Web should take these use cases into >> account. We already have a mechanism of endorsing data on the sorts of >> identities that we use in PaySwarm, but the bridge between that and >> things like Persona's PICL stuff is not clear at the present time. We >> really need to work through these details. >> >> Any future identity standard for the Web should take these issues (of >> KYC, government or private institutions endorsement, extensible >> metadata) into account. We're going to be discussing this at a high >> level on this weeks upcoming Web Payments call. I ask that at least a >> representative from the Persona, PICL, and Bitcoin communities >> participate in the conversation. The details about joining the call are >> here: >> >> http://lists.w3.org/Archives/**Public/public-webpayments/** >> 2013Sep/0126.html<http://lists.w3.org/Archives/Public/public-webpayments/2013Sep/0126.html> >> >> -- manu >> >> -- >> Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny) >> Founder/CEO - Digital Bazaar, Inc. >> blog: Meritora - Web payments commercial launch >> http://blog.meritora.com/**launch/ <http://blog.meritora.com/launch/> >> > -- Ricardo Varela - http://twitter.com/phobeo "Though this be madness, yet there's method in 't"
Received on Sunday, 22 September 2013 21:32:46 UTC