Towards a User Centric Identity Management Portal for managing trust

In my blog post of August 4, 2010 I mused about one aspect of user centricity little talked about: That is the availability of a simple secure user interface, in which the user can manage his/her identity affairs. In the portal there could be a link that gives access to audit trail information on what information is sent to which Relying Parties by the IdP.

Some authors/architects seem to think Jo Public is not interested in such details and we just have to concentrate on ‘ease of use’ and ‘choice’ while hiding all the complexity from the user and bury it somewhere in the network.

The National Strategy for Trusted Identities in Cyberspace introduces a new role of Attribute Provider (AP), who in the identity eco system is responsible for the processes associated with establishing and maintaining identity attributes.

See, I don’t like where this is going, because to me that’s too much like going behind the user’s back in profiling the user. This reminds me of the tactics of the search engine providers and the credit rating agencies. “To them you are the product, not a customer” it is often joked.

I would like the user himself to manage his/her claims and so I introduced in one of my blogs the concept of ‘trust provider’ to back up those claims. Simple example: In my professional identity I may like to put forward the claim, that I have an MBA degree and will authorise my identity provider to verify that claim with the Rotterdam School of Management (RSM).  When I want to proof residency in order to obtain a residents’ parking permit my utilities could vouch they deliver services to my address and that the accounts are in my name.

In the illustration below I tried to make a mock-up, of what such a dashboard transaction could look like. In it I link my identity to one of my utility providers Britsh Gas.  It is the equivalent of my bank asking me to bring a utility bill as part of their ‘Know your customer’ identity verification process. Only in my portal it is all done on-line  from my comfortable chair sitting with my laptop. With each relationship I prove in such a way my trustworthiness bar goes further ‘in the green’. This untill I reach a certain level of verification that can be readily accepted by most relying parties I deal with.

User IDM Portal
User IDM Portal
 
User Claims that can be verified ‘True or False’ on-line
 
  • My name is…….
  • I have lived at this address for > 10 years (30 points)
  • EON is supplying me electricity (10 points)
  • British Gas is Supplying me with  gas (10 points)
  • Anglian Water is supplying me with water and sewerage.
  • My Passport number is ( 25 points)
  • My Drivers License no is ( 5 points)
  • I bank with Barclays Bank (20 points)
  • I have never been declared ‘Bankrupt’ ( 5 points)
  • I have not been banned from public office ( 5 points) 
Each ’true’ claim is worth a number of points. Business decision/risk assessment:
User scores more than 80 points  => I am willing to give him/her a mobile contract etc.
Advertisements

About lasancmt

Passionate about Identity Management Disgusted at #ukip and #brexit
This entry was posted in Identity Providers and tagged , , . Bookmark the permalink.

One Response to Towards a User Centric Identity Management Portal for managing trust

  1. Pingback: What exactly does user centricity mean? | IdentitySpace

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s