[SIG-IDtheft] Next ID Theft SIG Call Wednesday, February 27

Bob Pinheiro bob at bobpinheiro.com
Tue Feb 26 07:13:09 PST 2008 

One of the potential activities of this SIG is to generate 
suggestions or recommendations for other Liberty activities that 
reflect identity theft considerations.  A current Liberty activity 
that might benefit from such suggestions is the ongoing work of the 
Identity Assurance SIG and Identity Assurance EG to "finalize" the 
Liberty Identity Assurance Framework (IAF).  The IAF represents a 
major effort of the Liberty Alliance to create an identity assurance 
standard to foster adoption of identity trust services.

In a nutshell, the 
<http://www.projectliberty.org/liberty/files/whitepapers/liberty_identity_assurance_framework_v1_0>Identity 
Assurance Framework consists of "detailed discussions of Assurance 
Level criteria, Service and Credential Assessment Criteria, an 
Accreditation and Certification Model, and the associated business 
rules."  The basic idea is to provide a framework for defining a 
trust model between Relying Parties and Identity Providers, so that 
Relying Parties can trust identity assertions from Identity 
Providers.  A series of 
<http://www.projectliberty.org/liberty/news_events/webcasts>webcasts 
on the IAF is underway to provide interested parties with more 
information on what this is all about.

What is the relationship between identity theft and the Liberty 
IAF?  One scenario might be described as follows:  An individual 
obtains an identity credential and authentication token from some 
Identity Provider, after the individual's identity has first been 
established by the Identity Provider to a sufficient degree of 
certainty.  For instance, an Identity Provider might be a bank, motor 
vehicle bureau, or other entity.  The individual then approaches some 
Service Provider and requests an identity-related service.   For 
instance, the Service Provider might be a telecommunications provider 
offering cell phone service.  The individual claims an identity, and 
it is assumed that the Service Provider will seek to verify the 
individual's identity claim before granting the service.  The Service 
Provider then becomes a Relying Party if it now chooses to rely on an 
identity assertion issued by the very same Identity Provider that 
issued the credentials and tokens associated with the claimed 
identity.  In other words, based on the identity claim of the person 
seeking the service, the Relying Party locates the proper Identity 
Provider and requests the Identity Provider to authenticate the 
identity claim.  If the Identity Provider can do so, based on some 
multifactor authentication protocol involving the token bound to the 
claimed identity, the Identity Provider issues an assertion to the 
Relying Party, which would effectively serve to authenticate the 
identity of the person seeking the service.  If, on the other hand, 
the Identity Provider cannot verify the identity claim on the basis 
of the same authentication protocol, it informs the Relying Party of 
such, and a case of (potential) identity theft has been prevented.

Let's have a call tomorrow to discuss whether the SIG may want to 
provide any suggestions or recommendations in support of the Liberty 
IAF.  The above scenario represents one possibility for identity 
theft prevention that involves interactions between Relying Parties 
and Identity Providers based on assumptions of trust, and the SIG may 
want to suggest others.  In any case, if there is interest, this 
topic could serve as the basis for future SIG calls.  If you can't 
attend the call but have comments on this topic, please post them to 
the SIG mailing list.

Thanks
-------------------------
Bob Pinheiro
Robert Pinheiro Consulting LLC
(908) 654-1939


Wednesday, February 27, 2008
9:00 AM PT / 12 Noon ET / 1700 UTC
US/Canada toll-free number: 866-469-3239
US toll number: 650-429-3300
Attendee Code: 00119954 #

International numbers can be found at 
<http://wiki.projectliberty.org/index.php/IntnlDialInNum>wiki.projectliberty.org/index.php/IntlDialInNum 








-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.projectliberty.org/pipermail/sig-idtheft_lists.projectliberty.org/attachments/20080226/918deb34/attachment-0001.html

More information about the Sig-idtheft mailing list