The many contexts of eID (Part 1)

Submitted by Vincent Jansen on Mon, 07/25/2011 - 09:38 in
Vincent Jansen's picture

Mapping a model for online payments to electronic identities and authentication

In 2007 Innopay partners Chiel Liezenberg and Douwe Lycklama together with independent consultant Harry Smorenberg published an article titled “Understanding buyer and seller behaviour for improved payment product development” in the Journal of Payment Strategy & Systems (download here). In this article a context model for e-commerce transactions is described.

In a multi-part blog of which this will be the first entry, I will attempt to map this model to some e-identity concepts. I foresee that (a lot of) additional thinking and working out of ideas will be required, so a part 2, 3 etc. will probably be written in due course. For now let's start with a look at the original article.

The article introduces the concepts of Agree, Pay and Deliver as key components of a buyer-seller transaction and it shows that in early commerce these concepts were connected in time and place. E.g. on a market square in the Roman times you shook hands with your favourite farmer and paid on delivery of your turnip.


With new channels for doing business the agreement, payment and delivery are no longer as aligned anymore and new risks for buyer and/or seller are introduced. Risks that, according to the model, vary with the context of the transaction. That context can be described on four axes: Location (where are the buyer and the seller relative to each other?), Relation (how well do they know each other?), Product (what is it that is sold and what is it worth?) and Timing (how are the agreement, payment and delivery aligned in time?).

For commerce the answer to mitigating the risks for these different contexts is to use different payment methods, each tailor-made to that specific context, reaching an optimum between buyer and seller risk. For example a risk perceived by the buyer of online goods because the seller is unknown to him can be countered by offering a pay-on-delivery payment method. However this payment method won’t work for digital online products like PDF’s or streaming video.

So from this starting point we will try to map some concepts from the model to e-identity.

If we depict an identification transaction I think we can see components such as Identification, Authentication and Trust that may have some resemblance to the Agree, Pay and Deliver concepts from the context model, but I will leave that for next time.

Right now I want to zoom in a bit on the concept of risk balance. In an e-commerce transaction goods or services are exchanged for money. Both buyer and seller run a certain amount of risk (by paying, the buyer is exposed; by delivering, the seller is), risk that varies with the context. But for e-identity this is different. The risk is almost completely in the corner of the relying party. Who relies, runs the risk. Of course by identifying/authenticating him or herself a user exposes him or herself a little bit, giving up anonymity, but we leave that for another time.

The risk for the relying party becomes apparent in an e-contracting example. A user signs an online contract with an insurance company, the relying party. The insurance company is exposed to the risk of not authenticating the right person and ending up with a worthless contract. This risk is not balanced with the risk the user runs, which is virtually none. Of course the topic of mutual authentication (both actors in a transaction authentication each other) comes to mind here, but again we leave that for another time.

So for e-identity the relying party runs all the risk and that risk varies with the context of the transaction. This means that from different contexts for the relying party we should be able to derive corresponding risk levels. This may be a bold statement, I know, but I think it must be doable to come up with objective parameters that would allow us to define risk levels.

How to derive these risk levels from the context parameters of an e-identity transaction will be explored in more detail in a later part of this blog series. For now I'd like to close with some thought on the solution. In e-commerce, payment methods are the answers to the problem of differing contexts. So what would be the solution for different risk levels? Exactly: corresponding levels of assurance. The more I can assure you of my identity, the less you are exposed to risk. And the good thing is, these solutions already exist. For example the STORK project (www.eid-stork.eu) already provides a framework for determining the level of assurance of a specific e-identity solution. In a project for the Dutch government, called eHerkenning (www.eherkenning.nl/eRecognition) we use that framework for certification of e-identity providers that want to offer their services under the eHerkenning brand.

Enough deep thoughts on e-identity for now. We have a lot more to explore. I will keep you posted in my next blog. In the meantime I'm very curious about what you think. Please let me know via email or in the comments below.

 

Share: email | LinkedIn

Related posts

Comments

Submitted by John Bullard (not verified) on Wed, 07/27/2011 - 12:43.

Hi Vincent;
The critical Risk Management aspect of eIdentity and Trust is "what happens if it goes wrong", where does the liability sit, how can it be managed, and how can it be priced? For genuine Trust to exist it is essential for all 4 parties (ie the issuer of the eID, the user of it, the relying party and potentially the relying party's "acquirer") to know, upfront and in advance, what they are on the hook for, and what they are not on the hook for. Then all parties know where they stand. In order to manage this risk in a world of borderless and ubquitous electronic networks, one needs organizations who have inherent skills in Operational Risk Management, and the balance sheet structures to support it.
Best rgds
JohnB

Submitted by Henk van Dam/ Collis (not verified) on Thu, 07/28/2011 - 14:34.

Hi Vincent, Interesting way of modelling and the use of the concept of 'Agree, Pay, Deliver'. In my opinion though e-identity is another dimension that makes me wonder if you can use comparable conceptual thinking. e-Identity is more the loop that you will go through to have 'Agree' as result. (e-)ID is by itself a useless concept and is only relevant when you want to some kind of 'transaction'. Regards, Henk

Submitted by Rieks Joosten (not verified) on Fri, 07/29/2011 - 07:33.

Hi Vincent.
I am happy to see attention being drawn more and more to the fundamentals of the issues we encounter in (e-commerce) transactions, because I think that understanding such fundamentals is ehhh... fundamental to solutions as well.
John already points out the emphasis you have on the risk run by RPs is unbalanced. I follow suit: each stakeholder of a transaction has its own risks to deal with, and they are different for users and RPs.
I would like to share a view on transactions that we have come up with some time ago, and invite you and others to ponder on it and share your musings.
Any transaction has two (or more) participants, i.e. (legal) entities responsible for executing their part of it. For example, if I were to buy a bottle of whisky from a webshop, the webshop owner and myself are the participants. Before any execution takes place, there is a (call it: agreement) phase in which every participant tries to build up trust with respect to the consequences of the transaction. Only if all participants decide to trust that the consequences of the transaction, when executed, will be 'net positive' for itself, the transaction will be committed to and subsequently executed. In the example, I need to build up trust that whatever bottle of whisky I will be getting will be of more value (to me) than the amount of money I will be losing. Similarly, the RP (the whisky shop) will need to build up trust that the amount of money it will be getting is of more value than this bottle of whisky it is about to lose. However, both parties need to deal with all possible consequences. The RP may face a judicial penalty if it cannot prove that I am 18+ years of age. Hence, both parties have to assess the consequences the transaction may have, estimate the risk they run regarding such consequences, find ways to sufficiently mitigate those risks and basically that's what the building of trust-in-this-particular-transaction (TITPT) is all about. Literature shows that this is a very rich activity: people use their experience (e.g.: you cheated on me last time, so chances are you'll do it again), advice (e.g.: people say this you can be trusted, therefore I will trust you too), heuristics (e.g.: parties that have traded for a long time can be trusted), or policy rules (e.g.: I only engage in transactions with people that have a Dutch bank account).

I postulate that doing electronic transactions is not all that different from doing transactions in the real world. It consists of an agreement phase in which participants try to build their own TITPT, and the transaction will execute only if all participants trust that the net consequences will be positive. Some difficulties are caused by the fact that computers take part in building TITPT: in order to do this, the actual participants must model their rich way of building TITPT sufficiently precise and complete that a computer can actually execute it. This is done very poorly so far. Some time ago, the only possibility for an RP to build TITPT would be 'to identify the user', or better: to verify knowledge of an account registered with the RP. Then, discussions started on 'two sided authentication', which basically is the acknowledgement of the fact that ALL participants need to build TITPT. Next, all sorts of reputation stuff was being introduced and discussions emerged about 'context'. Your blog adds 'Location', 'Relation', 'Product' and 'Timing' to this list. All this is very useful, but it is not the fundamental thing.
What is fundamental is this: every (individual) transaction has its own (individual) consequences. They need to be assessed before execution by all participants; execution only takes place if all participants have accumulated sufficient TITPT to decide to commit to the transaction. What it is a participant needs to accumulate sufficient TITPT depends on the transaction and the participant. Because it is too tedious to do for each individual transaction, we define (arbitrary) classes of transactions, and we create (possibly complex, possibly unconsciously) rules or heuristics that, when satisfied, constitute sufficient TITPT for any transaction in such a class. Such rules stem from experience, heuristics etc.; basically: from risk assessment on many transactions of that particular class. And this is something that can be automated.

Are you shocked when I say that terms such as 'identifying the user', 'authenticating a user' are irrelevant? Then I won't say that, but I do think the purpose of using such terms is limited to not upsetting my discussion partners. I use usernames such as 'v1d0f9s8hd' and I find it hard to believe that someone may identify me with such a string. From our model, identification of the user is also not relevant in itself. User identification is only necessary if, in order to mitigate some risk, I want/need to sue the user, in which case the police need to pick him/her up.

So what I'm really trying to say here is that before you focus on a set of classifiers such as Location, Relation, Authentication and such, it just might be useful to show the actual goal they serve (which purpose is the reason for their existence), which as far as I am concerned is: show how they relate to building TITPT.

Submitted by ofiufykog (not verified) on Sat, 06/30/2012 - 06:41.

Together with reasonable skin color the cuboid framework on the experience has a big part to have fun playing the appearance of carriers underneath the face. Really they're most dangerous people mainly because Aromas are believed Perceptive Home i. http://www.judo-apf59.com/userinfo.php?uid=3410 - I thought about this The underlying fatty tissue will then be taken out by the physician. Sinus obstruction or nasal ailment. Framework of Bone fragments.

It made it easier for to remove the stained hemoglobin along with waste elements in the eye. Lacking spring straightener could cause under eye circles too. It's possible to also delicately massage the under eye spot with almond fat for good success.

Related Websites

http://www.farmgate.co.za/content/cream-grasslands-forum-brochure-pearl-shell-beads - Is picking a safe but effective eyes cream learning to be a horror
http://www.bsacforum.co.uk/forums/forumdisplay.php?f=28 - It's possible to submit an application cucumber drink in the neighborhood beneath the eye balls by leaving for 15 minutes
http://theclosetentrepreneur.com/10-excel-tips-to-make-your-life-easier-part-2 - Don't forget that any answer or blend harnessed for your epidermis is specifically ingested and will be jogging as a result of the path of your blood vessels
http://szyfrowanie.phorum.pl/posting.php?mode=post&f=1 - Since you nicely know collagen and elastin as skin flesh that accounts for the fresh-wanting type of your skin
http://www.crabwizard.com/crabwizard-forum/ - An easy hint to shed the catch is to re also-examine your lifestyle and find strategies to reduce the load before going to nap

Submitted by oqctduipc (not verified) on Mon, 07/02/2012 - 05:22.

Teas and Acai have high degrees of antioxidants a truth that makes them crucial ingredients in natural antiwrinkle lotions. It is exactly what nearly all consumer of the merchandise pertains contentedly. [url=http://lifecell-store.info]click this[/url] A number of these contributors are things you should have no treatments for but other folks may be quit to reduce the aging process. So what does that mean to you. As your grow older advances your skin layer also will become leaner and gradually seems to lose the property or capacity to fix alone.

They work as exfoliants burning your skin layer of dead skin cells and causing the regeneration of the latest types. What it really does is creating the signs of ageing fade away instantly and correct your skin in a way that it continues to be unaltered even if you get soaked in rainwater or sweat profusely. Request a few of our Fashion followers.

Related Websites

[url=http://theignitionpoint.co.uk/petrolhead-adventures/road-trip-on-the-wild-roads-of-norway-part-2/]HydroxatoneSetting New Criteria in Wrinkle Attention[/url]
[url=http://www.les-roches.co.kr/tt_board/tt/board/ttboard.cgi?act=read&db=click_france_qna&idx=635283&page=1]Wrinkle Cream Visio[/url]
[url=http://www.sdwhaven.com/free-resources/large-cement-crack-textures-part-1/]The Very Best Deep Wrinkle Cream That contains Natural Ingredients Can Restore Your Attractiveness[/url]
[url=http://www.guardian.co.uk/education/mortarboard/2011/aug/25/gcse-results-day-2011]The Superior Anti Wrinkle Cream Is Just Not The Easiest Method To Stop Wrinkles[/url]
[url=http://www.onedirt.com/tech-stories/engine/bad-ass-sport-mod-355-sbc-engine-build/]Successful AntiWrinkle Cream How It Erases Wrinkles[/url]

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Lines and paragraphs break automatically.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Image CAPTCHA
Enter the characters shown in the image.