This is the text of a presentation given to the Electronic Identity Verification conference on the 16th Feb in Sydney and the 18th Feb in Melbourne.
The presentation can be viewed at http://prezi.com/wmvwdpic1wot/
A YouTube version is at http://www.youtube.com/watch?v=jpSE80EfDVo part 1 and
http://www.youtube.com/watch?v=MeUZMmBUcp0 part 2
Text of presentation
Before we talk about Electronic Identity Verification we need to understand what it means to verify an identity.
(a slide with Electronic Identity Verification heading and with a stylised diagram of people where one person is highlit)
A person’s identity becomes relevant in the context of a group. For the purposes of EV, identity is how each person is known to a group to which they belong, have belonged or to which they wish to belong. A person’s identity is not an abstract notion but is a social construct that enables us to distinguish between different members of a social grouping. Identity verification involves establishing whether a person is entitled to be part of a group. For most groups a person needs only to be identified once to the group.
(a slide with several different groups of stylised people. One labelled customers, one employees, one suppliers, one shareholders. A person may be in different groups but the person may have different identities in the different groups)
Most people in this audience represent organisations and your organisation has relationships with its customers, its employees, its shareholders and its suppliers. Your organisation defines different groups to which people may belong. It defines the requirements for joining the group, and specifies the rules for how individuals are to identify themselves as a legitimate member of the group.
Each person here is a current or past member of thousands of different groups. This is what we as a species do. We cluster together for purposes of sharing because we each draw strength from our interactions with others. Most of our interactions with others require us to know with whom we are interacting and for each group there is a process of identification.
(show a slide of my cards, show a slide of the number organisations where I have a user code password)
The number of groups we can join has exploded with the introduction of the Internet. We now have a major problem of keeping track of all our memberships. My wallet contains 23 membership cards. My list of user codes and passwords contains 100+ entries. Keeping track of all these different forms of identification is a major logistics task. Luckily the Internet which has caused the explosion of groups also gives us the way to control and organise our interactions.
(show a slide with silos of information. Privacy breaches occur when information from one silo leaks to another without the permission of the person)
Issues of privacy arise when our activities as a member of one group become known to others both within the group and more particularly to others outside the group. This becomes an issue if our membership of one group means that our activities in all other groups is visible. So privacy involves keeping our activities within groups hidden from the eyes of others who have no legitimate reason for knowing what it is we are doing elsewhere. My employer has the right to know that I am ill and cannot come to work but there is no need for them to know all of the details of the illness or how I contracted it.
It is this leakage of information between groups that is at the heart of privacy.
(put up words describing the methods of tackling the problem)
There are various ways of tackling this problem. One way is not to store any historic information about transactions and interactions. For most interactions this is appropriate although in the electronic era we tend to be storing more and more of our interactions for extended periods. We do something and it becomes a permanent record. Another way is to keep our interactions within tightly controlled silos, taking precautions to prevent leakage of information from one silo to another without our express permission. A third way is for us to know exactly what is held in all silos and to be kept informed who has accessed any of the information and the reason for the access.
To keep separate silos of information it is necessary for individuals to agree to join each group and to prove who they are to the group.
(show a slide with greenID )
Edentiti EV is building enabling technologies for identification purposes.
Our first product in identity verification is greenID. greenID is specifically designed to assist organisations comply with anti money laundering and counter terrorism obligations applicable to low risk transactions.
greenID works as follows – (show short verification set of screens).
This demonstration shows how a customer verifies themselves with greenID.
(slide)
This screen would be on a clients screen and typically this information would have been collected as part of a registration process.
(slide)
The user would be given a set of sources from which to choose. The user knows which organisation they have a relationship with and so they will choose the ones that suit them and with which they are comfortable.
(slide)
Let us assume they have a qld driver’s license. They enter the driver license number, the other fields are already filled out, agree to the terms and conditions, then press submit details.
(slide)
Let us assume they do this for the Australian Electoral Roll and Passport as well as the Queensland Licence. They will then be verified.
(slide showing how a person identifies themselves by proving they have a relationship with others)
Some important points with this demonstration are:
1. The organisation requesting identification sets the rules for identification depending on the risk associated with an incorrect identification.
2. The individual provides information that is difficult for anyone else to know. If they provide false information then they are almost certainly stealing someone else’s identity rather than creating a new identity.
3. Information that is needed for proving identity is discarded as soon as it is no longer needed and it is only “seen” by the individual being identified.
4. The approach complies with privacy guidelines because individuals have a choice in what they use, and any information not required is discarded in order to protected the integrity of silos of information.
With greenID the individual has shown they are known to other organisations and they have a relationship with those organisations. This verifies their identity.
(photo id screen – where the photo is on the screen and on a card and on a mobile)
Edentiti is extending the identification service in various ways – for example, through the introduction of biometric forms of identification. Biometrics will be introduced in a privacy friendly reusable way. The approach is for a trusted party to take a photograph of a person and send it to Edentiti with the name of the person. The person accesses the photograph online and asserts it is their photograph and they ask two other previously-verified people to agree that the photograph is of them. The identity of the person is also verified against three other organisations by demonstrating that the other organisations have a record about them. Once the photograph is identified then a person can use it for any other organisation who requires a photoid for the person. Such organisations are the passport office, driver’s licence, club cards.
Photoid can be attached to any verified identity. It does not have to be printed on a card but can be shown on a mobile phone or on a teller or check out screen. We see it as a very useful identification device for door to door people such as census checkers where (for example) a person could dial a number and get a photograph of the person delivered to their mobile phone.
(diagram of Federated Identification)
The Edentiti approach to identification fits well with the concept of Federated Identification. Federated Identification is where one organisation agrees to accept identification established with another organisation. Some people call this “single signon” but it is broader than single signon. Federation can be made to work very easily if a group of federated organisations agree to use an identity provider to include the end user as part of the Federation.
(slide)
The following set of screens show how Edentiti itself can use the association with a bank to simplify and reduce the costs of collecting money from customers. The organisations independently identify the person and agree to allow the person to divert and perform actions on the other organisation’s website while on the first organisations website.
(show screens of making payment)
The end customer already has an account with a federated bank. They are first going to identify themselves to Edentiti because they wish to be a customer of Edentiti. One of the sources that Edentiti uses for identification is the Bank, because Edentiti the company is federated with the Bank for the purposes of payment.
(slide) (slide)(slide)
At some later stage while at the Edentiti website they wish to make a payment, The default will be to transfer money from the Bank account used previously for verification. Other payment options will be available.
(slide)
The payment is authorised by the user entering a two factor verification method that is done by the bank or authorised by the bank. This is typically getting a code by SMS then entering the code into the screen.
(slide)
If the person does not have an account with the bank then they cannot use the bank as a data source but they can be asked to create an account and then come back and pay with that account.
(slide)(slide)(slide)
(slide)
We will be creating a SuperID which will identify people for superannuation purposes. Any superannuation website will be able to allow the user to perform actions on another website. This is particularly important for transfers of superannuation benefits. It will be useful for finding lost superannuation. Organisations using SuperID will reduce cases of lost super because a person’s lost super can be checked whenever they make a deposit to a super fund.
(show screens of passport federation with banks and ATO)
The passport office can use the photo id but it could also agree to allow people to verify their photo id with their passport photo. More importantly it could allow banks to use passport photoids in return for the banks allowing access (if the person consents) to bank histories.
(show screen of AAF)
The approach allows organisations to federate their identifications. We are a member of the Universities and Research Organisations Australian Access Federation (AAF) and we look forward to offering federated services to the AAF.
(slide showing the question and the answer and that is all that is needed to get federated ids)
Individuals have certain rights to information that his held about them, and organisations holding information on a person are legally obliged to answer yes or no for no cost to the question “Do you hold any information on me”. They are further required to give the individual that information if they request it, though a reasonable charge can be levied for supplying the information.
Many government departments do not welcome such requests because they believe something might go wrong. For example, they believe if they supply direct electronic access to an individual’s data they may have to meet service level obligations. The tax office believes that a person accessing their own tax information via a service like Edentiti might somehow compromise the integrity of the Tax File Number. These difficulties can be easily addressed but the common reaction of most organisations is that if there is chance of something going wrong then they should not do it. This ignores the positive benefits that the organisation can obtain form allowing electronic access.
(slide showing advantages for other organisations)
To give an example: We find that 25% of all addresses in the Electoral Office are incorrect. Most commonly the person has moved and not bothered to change their address. It is critical for the working of representative democracy that the enrolment address be correct when an election is held. greenID could inform the electoral office – with the person’s consent – that their address had changed and put in place a process for the electoral roll to be corrected.
The same idea can be used by any organisation that wishes to keep information about their customers up to date. In the future we see address and contact detail changes being automatically updated over the Internet when the customer changes their personal details in any of their different identities.
What of the future?
(slide showing lots of groups of people with lots of interactions and with the individual controlling the flow of information)
Rather than less identification we see more. We see data continuing to be kept in tight silos but we also see an evolving process of the individual gaining electronic access to their own information. We see Edentiti providing tools to the individual to help them access their own information and control its release to other parties. We see many other organisations like Edentiti providing competition in this identification space. We see identification becoming “standardised” and we see a wholesale introduction of federated identity organisations using identity providers to give individuals access to their information.
A Blog by Kevin Cox 