21 August 2018
Register now

A new approach to digital identity

03 December 2009  |  10955 views  |  2 Source: finextra.com

The Global Trust Council is a non-profit organisation working with governments and businesses in a bid to create an international legal framework that will help protect digital identities.

The Council's David Merkel, who has previously worked for the US Treasury Department and the SEC, explains to Finextra why a new legal framework is necessary for the digital world, how it can work and its relevance to the financial services industry.

Comments: (2)

A Finextra member
A Finextra member 10 December, 2009, 04:51

The first thing that comes to mind is that all countries will not share their data. This confines us to a single possible model. Leave the data where it is.

It needs to work for everyone and we have two possible scenario's - use what is already in place - or issue a new solution to everyone.

Eventually you'll arrive back a what is in place. This means utilisation of existing infrastructure - and we can.

Compatibility or consistency has to be high, in fact it needs to be ubiquitous. The trust levels must be consitent for the global model. The trust must be equal (in as much as one government trusts another). Citizen need to trust the solutiom amd businesses and individuals must be able to use the system to confirm their identity.

Given that all this has to happen without risking any personal information governments have a challenge.

It will be a step forward when governments recognise that identity is essential infrastructure for everyone. From there it's a no-brainer to deploy - if you've already come up with the solution. It is a challenge we recognised and solved some time ago - comfortable in the knowledge that there will be only one outcome.

We figure we can provide the service for about $1 per person per year. How do the other ideas stack up?

Be the first to give this comment the thumbs up 0 likes
A Finextra member
A Finextra member 13 January, 2010, 15:53

Several years ago Bob Blakey put forth the idea of the information oracle. This idea is that instead of sending raw identity information around, a service can be offered by an identity provider to answer questions. An example question might be the following: Is the entity with this identifier able to purchase alcohol in <some governmental unit>? Or, one that happens millions of times every day: Is the bearer of this payment card good for <amount>?
In fact, this oracular nature of payment card authorization has all the goodness that Bob articulated in his original post. The privacy of the consumer is protected - the merchant finds out nothing about the net worth of the individual or other financial details, nor do they get much, if any, personal information. The relying party (the merchant) gets what they want without having to protect a whole bunch of identity data in the long run. The identity provider (the issuer) has a monetizable asset, which is not diminished by authorizing that one transaction. The user's privacy is protected.
Large identity stores are a danger if disclosed improperly. They require the highest levels of technical, operational, and personnel security. Once the identity information is disclosed to a third-party, that party does not have to go back to the identity provider, so the value of the data is diminished. And finally, with all these copies of the identity data, it is impossible to update or correct them.

Be the first to give this comment the thumbs up 0 likes
Comment on this story (membership required)

Related blogs

Create a blog about this story (membership required)
03 December 2009

Solution source

Search by company or single key word