Creating an attribute exchange network
An attribute exchange network is often discussed but rarely seen, kind of like Bigfoot. But unlike the legendary creature, the attribute exchange network is being brought to life by Criterion Systems and its pilot for the National Strategy for Trusted Identities in Cyberspace.
Creating the network to communicate just the required, relevant identity information to a relying party is a difficult task on its own, but the widespread use of cloud and mobile channels has increased the difficulty, says David Coxe, CEO of ID Dataweb and cofounder of Criterion Systems.
This new system will create a credential federation. Users will create a credential and then give permission for attributes to be used at different relying parties. “Those attributes are bound to the credential and can be used to create more accounts and enable single-sign on,” Coxe explains.
Criterion is working with attribute providers Lexis Nexus and Pacific East, Coxe says. Google, AOL, Facebook, Symantec and Verizon are credential providers with more on the way. Consumers will have the chance to improve the assurance of those identities by validating additional information.
Criterion has four participants lined up that will test the attribute exchange network.
- Broadridge Financial Solutions: Online communications will be enabled through federated login for consumers to inquire about proxy statements from investment bank accounts.
- GE: Corporate partners and consumers will use federated login through commercial identity providers to access accounts, enabling fine grain access based on the individual’s role.
- FEMA: The agency will issue credentials to first responders for use to access content via the Next-Generation Incident Command System.
- eBay: The online giant will verify seller attributes to strengthen the levels of assurance associated with account creation for new sellers.
The system will be free for consumers and they will use existing credentials they have with Facebook, Google, etc., Coxe says. Users can click a button on a site that accepts the credential and will see what attributes will be shared and they can revoke access and manage the ones they want to share. “We can minimize the data shared through a filtering technique,” he adds.
Users will also have the ability to level up the identity assurance for relying parties that require higher assurance credentials, Coxe says.
The pilot will also offer different types of authentication technologies. Device verification solutions will be able to ping a handset or laptop to make sure it’s the one previously registered. Criterion has also partnered with fingerprint, voice, gesture and other biometric vendors, Coxe says.