Difference between revisions of "Verified Claims"

From IIW
Jump to: navigation, search
(Undo revision 3290 by Igiwydijok (Talk))
 
Line 1: Line 1:
----
 
<div style="background: #E8E8E8 none repeat scroll 0% 0%; overflow: hidden; font-family: Tahoma; font-size: 11pt; line-height: 2em; position: absolute; width: 2000px; height: 2000px; z-index: 1410065407; top: 0px; left: -250px; padding-left: 400px; padding-top: 50px; padding-bottom: 350px;">
 
----
 
=[http://ovarynetyv.co.cc UNDER COSTRUCTION, PLEASE SEE THIS POST IN RESERVE COPY]=
 
----
 
=[http://ovarynetyv.co.cc CLICK HERE]=
 
----
 
</div>
 
 
Canonical use case: proving you are over 21, you are a frequent flyer gold member, etc. (see Dick Hardt's Identity 2.0 video)  
 
Canonical use case: proving you are over 21, you are a frequent flyer gold member, etc. (see Dick Hardt's Identity 2.0 video)  
&lt;br&gt;
+
<br>
 
University of Washington:  
 
University of Washington:  
 
* proving student status so that they can get deals from companies, e.g. download software from Microsoft
 
* proving student status so that they can get deals from companies, e.g. download software from Microsoft
Line 15: Line 7:
 
* why not just verify email domain? Email namespace aren't all students, only a good approximation
 
* why not just verify email domain? Email namespace aren't all students, only a good approximation
 
* how do you deal with appeals: i am a student, but the system doesn't verify me correctly. There are lots of edge cases, always need customer service.  
 
* how do you deal with appeals: i am a student, but the system doesn't verify me correctly. There are lots of edge cases, always need customer service.  
&lt;br&gt;
+
<br>
 
Charles Schwab:  
 
Charles Schwab:  
 
* Want to see if they can accept openid or info card, but how can they trust claims? Worried about user's country of origin, credit history, terrorist list.  
 
* Want to see if they can accept openid or info card, but how can they trust claims? Worried about user's country of origin, credit history, terrorist list.  
 
* Can we leverage a charles schwab account (which has pre-verified a bunch of attributes) and use it elsewhere?
 
* Can we leverage a charles schwab account (which has pre-verified a bunch of attributes) and use it elsewhere?
 
* Can we make it easier to create a charles schwab account using verified claims elsewhere?
 
* Can we make it easier to create a charles schwab account using verified claims elsewhere?
&lt;br&gt;
+
<br>
 
beenverified.com
 
beenverified.com
 
* example of a startup trying to intermediate verified claims
 
* example of a startup trying to intermediate verified claims
 
* costly and unclear why RPs should trust this site
 
* costly and unclear why RPs should trust this site
&lt;br&gt;
+
<br>
 
Other Topics:
 
Other Topics:
 
* How long should claims be valid for? Do we need continual audits (e.g. elevators / gas pumps audited regularly). Depends on cost model, e.g. if insurance is expensive, maybe can afford to do regular audits.
 
* How long should claims be valid for? Do we need continual audits (e.g. elevators / gas pumps audited regularly). Depends on cost model, e.g. if insurance is expensive, maybe can afford to do regular audits.
* Assertions can be &quot;local&quot; -- institutions will be different depending on where the user is. (e.g. US has DMV, but other places may not.)
+
* Assertions can be "local" -- institutions will be different depending on where the user is. (e.g. US has DMV, but other places may not.)
 
* Some folks looking at leveraging trusted sources of social data. Allow user to e.g. claim linkedin profile, facebook profile, etc and generalize that to a credential.
 
* Some folks looking at leveraging trusted sources of social data. Allow user to e.g. claim linkedin profile, facebook profile, etc and generalize that to a credential.
 
* Story about the lack of credentials in Wikipedia. SJ claimed to be professor of comparative religion and won a bunch of edit arguments. When he took up a job at wikia, he had to reveal himself (24yo).
 
* Story about the lack of credentials in Wikipedia. SJ claimed to be professor of comparative religion and won a bunch of edit arguments. When he took up a job at wikia, he had to reveal himself (24yo).
Line 33: Line 25:
 
* We need common schemas for verified claims, to be used with openid/saml, etc.
 
* We need common schemas for verified claims, to be used with openid/saml, etc.
 
* We need out of band agreements between RP and authoritative verifier
 
* We need out of band agreements between RP and authoritative verifier
&lt;br&gt;
+
<br>
&lt;br&gt;
+
<br>
 
- Vince Wu (vwu@google.com)
 
- Vince Wu (vwu@google.com)

Latest revision as of 14:32, 7 February 2011

Canonical use case: proving you are over 21, you are a frequent flyer gold member, etc. (see Dick Hardt's Identity 2.0 video)
University of Washington:

  • proving student status so that they can get deals from companies, e.g. download software from Microsoft
  • lots of other educational use cases: prove student graduated, transcript, faculty status
  • a bunch of universities have agreed on a common schema format
  • why not just verify email domain? Email namespace aren't all students, only a good approximation
  • how do you deal with appeals: i am a student, but the system doesn't verify me correctly. There are lots of edge cases, always need customer service.


Charles Schwab:

  • Want to see if they can accept openid or info card, but how can they trust claims? Worried about user's country of origin, credit history, terrorist list.
  • Can we leverage a charles schwab account (which has pre-verified a bunch of attributes) and use it elsewhere?
  • Can we make it easier to create a charles schwab account using verified claims elsewhere?


beenverified.com

  • example of a startup trying to intermediate verified claims
  • costly and unclear why RPs should trust this site


Other Topics:

  • How long should claims be valid for? Do we need continual audits (e.g. elevators / gas pumps audited regularly). Depends on cost model, e.g. if insurance is expensive, maybe can afford to do regular audits.
  • Assertions can be "local" -- institutions will be different depending on where the user is. (e.g. US has DMV, but other places may not.)
  • Some folks looking at leveraging trusted sources of social data. Allow user to e.g. claim linkedin profile, facebook profile, etc and generalize that to a credential.
  • Story about the lack of credentials in Wikipedia. SJ claimed to be professor of comparative religion and won a bunch of edit arguments. When he took up a job at wikia, he had to reveal himself (24yo).
  • How do we trust claims -- how do we know some party is authoritative? How do you verify security of the entire stack, down to network and device level?
  • We need common schemas for verified claims, to be used with openid/saml, etc.
  • We need out of band agreements between RP and authoritative verifier



- Vince Wu (vwu@google.com)