W3C home > Mailing lists > Public > public-webpayments@w3.org > September 2013

Re: Web Payments and Identity

From: <eanders@pobox.com>
Date: Mon, 30 Sep 2013 09:01:54 -0400
To: public-webpayments@w3.org
Message-ID: <4fde1c3a318ffff912a0905957ffa2f9@pobox.com>
I would agree we need to separate authentication and identification from 
"Identity".  We need to tackle these 2 things separately.  I recommend 
they be in this order.

1) Authentication
   - 3 factor at a minimum.  I wouldnt support anything less.
      a. Something you know
      b. Something you have
      c. Something you are
   - As an example, our next generation BUNITS 
(http://www.bloomberg.com/bunit/Overview_Features.pdf) provide up to 5 
factor authentication).
     We have had these for 7+ years now and they get better every 1-2 
years.
     With the advent of the iPhone5s with the finger print scanner I 
would guess it is possible to role these features into an iPhone5s app.
2) Identification
    - No identification without authentication.
    - Provide user approved access to 1 or more attributes about the 
user.
      Example:
      a) Age
      b) Sex
      c) Email address
      d) Race
      e) Passport Image and metadata
      f) Drivers License Image and metadata
      g) Home Address
      h) Social Security Number
      i) etc...
    - All attributes are on a need-to-know basis.  You shouldnt get 
access to someones SSN just to buy some cough medicine.
      Possibly a vendor authorization list of what attributes they are 
allowed to request access to?

Erik
Received on Monday, 30 September 2013 13:06:03 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:07:24 UTC