W3C home > Mailing lists > Public > public-webpayments@w3.org > September 2013

Re: Web Payments and Identity

From: Joe Cascio, Jr. <joe.cascio.jr@gmail.com>
Date: Mon, 23 Sep 2013 07:11:23 -0400
Message-ID: <CAP3sjNEuZb_2b1m4cpAgnzxm0__6BOKf4_YN3c=V3tBGeCo43g@mail.gmail.com>
To: Melvin Carvalho <melvincarvalho@gmail.com>
Cc: Manu Sporny <msporny@digitalbazaar.com>, Ben Adida <ben@adida.net>, Lloyd Hilaiel <lloyd@mozilla.com>, Dan Callahan <dan.callahan@gmail.com>, Web Payments CG <public-webpayments@w3.org>
Manu, I would like to be on the call as well. (Do I need to be on the
mailing list?)

Yes, I agree that Identity as perceived by banks is a much different and
broader concept than Identity as merely "username" or URI. We might say
banks are interested in Person as opposed to Account.

I think what Manu referred to as the desperate need by banks (and by the
way the whole financial industry) is for a universally acceptable digital
platform upon which to build different forms of identity than can coexist
rather than a one-size-fits-all solution. As Ricardo pointed out, each
country or institution may have their own particular requirements.

Personally, I like the idea of a passport book that can carry many
different stamps (ie digitally signed records) of endorsement by different
institutions or authorities. Banks frequently accept or require a provable
endorsement of some other authority (eg, a driver's license). A passport
file would allow each institution to formulate its own information record,
sign it, and simply append it. OpenTransactions uses an approach like this
for its notion of "contracts".

Joe Cascio

On Mon, Sep 23, 2013 at 4:26 AM, Melvin Carvalho

> On 22 September 2013 15:36, Manu Sporny <msporny@digitalbazaar.com> wrote:
>> I was recently asked to speak at the world banking conference about Web
>> Payments. I had a ton of meetings with various big banks (HSBC,
>> Barclays, Royal Bank of Scotland, etc) over the past week. They
>> desperately need an online identity solution, and I'm trying to get
>> leading thinkers in this space together to talk about how we might come
>> up with a solution that works for them while dovetailing it with the
>> work we're doing here on identity.
>> Here's the basic problem:
>> In order to do anything serious with money in the world, financial
>> institutions need to do something called a "Know Your Customer", aka
>> KYC, process on their customers. This involves doing things like
>> verifying their address, government ID, making sure they're not on a
>> government watch list, etc. Each bank does this, typically in a way that
>> is specific to that particular bank. The Bitcoin community is having to
>> do this now as well, for large transactions.
>> An identity solution for the Web should take these use cases into
>> account. We already have a mechanism of endorsing data on the sorts of
>> identities that we use in PaySwarm, but the bridge between that and
>> things like Persona's PICL stuff is not clear at the present time. We
>> really need to work through these details.
>> Any future identity standard for the Web should take these issues (of
>> KYC, government or private institutions endorsement, extensible
>> metadata) into account. We're going to be discussing this at a high
>> level on this weeks upcoming Web Payments call. I ask that at least a
>> representative from the Persona, PICL, and Bitcoin communities
>> participate in the conversation. The details about joining the call are
>> here:
>> http://lists.w3.org/Archives/**Public/public-webpayments/**
>> 2013Sep/0126.html<http://lists.w3.org/Archives/Public/public-webpayments/2013Sep/0126.html>
> +1
> Identity on the web is challenging because everyone does it in a slightly
> different way.  You need to model the concept then have digital identifiers
> that point to that concept.
> Following web axioms you ideally want to have identity as a URI so that it
> is scalable and properly namespaced.  Payswarm does a pretty decent job
> here, as does WebID, OAuth is not bad as it allows both email and profile
> pages to be your identifier.  In persona your email *is* your identity,
> which is a smart hack that allows memorable identifiers, but the trade off
> is that is does excludes web style identifiers.  In systems like bitcoin
> your account address is both your identifer and your public key, which is a
> clever way to use content addressable identifiers that can verify
> signatures without needing any kind of lookup.  In terms of standardization
> you want to be able to model all of these eco systems, but that's very much
> doable by giving each identity system a URI.
> The things people like to model are "Person" and "Account".  Normally a
> person "has-a" account.
> There's a few ways to add authenticity.  For example if a bank shows you
> your balance, you trust DNS (perhaps also TLS) that the information is
> valid.  If you want to be more portable, you can use signing instead of /
> or as well as DNS.
> In a general sense I see three aims:
> 1. To create a scalable identity solution that allows key value pairs to
> be tied to an identity (e.g. using RDFa) this allows users to be associated
> with more data such as KYC
> 2. To separate identity from authentication in a modular scalable way,
> then allow permissive first class solutions for both.
> 3. Have the correct privacy / access control options so that the correct
> people see the correct data in a secure way, and there is no unauthorized
> access
>> -- manu
>> --
>> Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
>> Founder/CEO - Digital Bazaar, Inc.
>> blog: Meritora - Web payments commercial launch
>> http://blog.meritora.com/**launch/ <http://blog.meritora.com/launch/>
Received on Monday, 23 September 2013 14:53:54 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:07:24 UTC