W3C home > Mailing lists > Public > public-webpayments@w3.org > September 2013

Re: Web Payments and Identity

From: <eanders@pobox.com>
Date: Mon, 30 Sep 2013 09:01:54 -0400
To: public-webpayments@w3.org
Message-ID: <4fde1c3a318ffff912a0905957ffa2f9@pobox.com>
I would agree we need to separate authentication and identification from 
"Identity".  We need to tackle these 2 things separately.  I recommend 
they be in this order.

1) Authentication
   - 3 factor at a minimum.  I wouldnt support anything less.
      a. Something you know
      b. Something you have
      c. Something you are
   - As an example, our next generation BUNITS 
(http://www.bloomberg.com/bunit/Overview_Features.pdf) provide up to 5 
factor authentication).
     We have had these for 7+ years now and they get better every 1-2 
     With the advent of the iPhone5s with the finger print scanner I 
would guess it is possible to role these features into an iPhone5s app.
2) Identification
    - No identification without authentication.
    - Provide user approved access to 1 or more attributes about the 
      a) Age
      b) Sex
      c) Email address
      d) Race
      e) Passport Image and metadata
      f) Drivers License Image and metadata
      g) Home Address
      h) Social Security Number
      i) etc...
    - All attributes are on a need-to-know basis.  You shouldnt get 
access to someones SSN just to buy some cough medicine.
      Possibly a vendor authorization list of what attributes they are 
allowed to request access to?

Received on Monday, 30 September 2013 13:06:03 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:07:24 UTC