Proofing the Masses

Issue/Topic: Proofing the Masses (T1C)

Convener: Vikas Mahajan

Conference: IIW-East September 9-10, 2010 in Washington DC Complete Set of Notes

Notes-taker(s): Justin Tormey

Tags for the session - technology discussed/ideas considered:

Proof, verify, physical, trust, notary public, business model, market, audit

Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:


 * Issue: How do we “proof” 300 million+ US Citizens?
 * Daunting task for any identity provider hoping to provide higher level of assurance
 * Some levels require physical inspection of documents
 * Process similar to getting a passport
 * Birth certificate, utility bill, tax information, etc.
 * Example: Social Security Administration unable to handle flow of new requests coming in from baby boom generation.
 * Not enough office staff to handle the influx of new claims.
 * Can they off-load some of this to third-party sources?
 * What’s included in a Level 1 / 2/ 3 proof?
 * There are standards that exist, but they don’t specify exact documents or requirements
 * Depends on the level of confidence the issuing party requires.
 * Some government agencies require physical document checks for “Level 2” for example, while the specification doesn’t require those checks until “Level 4”
 * Concept: Team of trained volunteers, like the AARP, perform certification
 * AARP already doing physical checks for some tax preparation services they provide for free
 * Concept: Nearly everyone has a mobile phone, what if carriers could provide an authenticated identity?
 * Should there be a split between Identity Providers & Identity Proofing
 * There are many organizations, groups, companies, etc. that have some identity assets.
 * Companies could provide this data in an open market to Identity Providers
 * Who will consumers trust with their information?
 * Some organizations, like AARP or the Post Office have a perceived high degree of trustworthiness
 * What’s the business model for proofing?
 * Sell identity attributes and verified identities to Identity Providers
 * There needs to be some risk management assessments done
 * Who is liable for bad information?
 * Proofing can be done for free or cheap with no liability implied
 * Pay for some degree of protection
 * Audits need to be performed on a regular basis to ensure the proofing is high enough quality