Empfohlen
Weitere ähnliche Inhalte
Andere mochten auch
Andere mochten auch (14)
Ähnlich wie Andrew Nash
Ähnlich wie Andrew Nash (20)
Mehr von catalyticgov
Kürzlich hochgeladen
Kürzlich hochgeladen (20)
Andrew Nash
- 1. Andrew Nash Senior Director of Identity Services Topics in Identity and Payments
- 2. Progress in Identity “Ownership” Enterprise Centric 1 2 Federated Partners 3 User Centric Social Networks Mashups Web 2.0 Tagging e-commerce Finance
- 4. Credit Card Ecosystem Multiple Value Flows Merchant Consumer Acct IssuerAcquirer Card Network merchant discount usage fees/awards Switch fee /assessment Switch fee /assessment Interchange fee
- 5. Service Transactional Opportunity identity service Consumer Claims Fraud/Risk Reduction Targeted Marketing Reduced Friction Increased Checkout Completion cookies historical data checkout- time identity
- 6. The Identity Trust Gradient Low Value High Value None Extreme Transaction “value” Regulatory / Compliance / Risk Blogs Social Networks Shopping Financial Health Intelligence Agency Shopping
- 7. Levels of Assurance Gaps • Unlike NIST, risk based systems are not a one time identity proofing exercise • Continual verification of identity “goodness” – Context, transaction history, behavior, … • Enhancement to authentication – Triggers for step-up authentication
- 8. Brokerage Values • Reduce # of identity sources service providers build business and legal relationships with • Act as consumer advocate • Create a simplified policy view across domains • Simply integrate user attribute management • Provide an integration point for multiple sources of information from attribute providers • Amortize costs of higher value features including 2FA
- 9. Role of IDP? Consumer IDP “I am very privacy conscious” “All information should be free” “Help keep me safe” “Assurance Level 3” “Moderate levels of private information ” “Anonymous is ok” Consumer Agreements Relying Party Contracts Information Classification Attribute Providers
- 10. The Three Laws of Consumer ID Svcs 1. An ID Svc may not injure a consumer, or through inaction, allow a consumer to come to harm. 2. An ID Svc must obey orders given by consumers, except where such orders would conflict with the 1st Law. 3. An ID Svc must protect its own existence as long as such protection does not conflict with the 1st or 2nd Law.
Hinweis der Redaktion
- Application specific identity Enterprise/Service identity (across apps) Federation (across services) Platform (across app providers) – less oriented around federation than platform identity ownership – asymmetric federation Consumer
- Just like economics - 2, 3, 4 parties Amortize costs and increase level of technology (eg 2FA)
- Consumer Value Transaction flow – aka $$$ (poker chips) Infrastructure Entity Value Flow of value – interchange fees (how the house makes $$$)
- Multiple brokers Enablers of access to channels Amortization of costs like 2FA Aggregator of information content Simplifying # relationships Common user experience