The Microsoft UK Identity team has been working with a number of companies to help support the adoption a secure federated identity on the Internet. One of the challenges that faces each country is the legitimacy of the identity that someone is providing on-line. They may say that they are “Mr Jones aged 42 with credit card XYZ”, to gain access to services or goods, but behind the scenes they could be “Mr Theft, aged 19 who has stolen someone’s Identity “. You know the story from there….. Its a growing problem.
One of the things the team has been working on, is a partnership with Identity issuers locally, in this case Experian, the provide an Identity service which issues higher quality certificates through a secure Identity technology called CardSpace, ensuring more trust to the web site service that they consumer is really who they say they are, and this is not identity theft for the consumer.
Once the requesting website is identified, Experian then forms and returns a signed and encrypted ‘token’, which contains a confidence level as to whether that person exists and is who they say they are to Windows CardSpace and hence to the website offering the service.
For example, if an individual wants to renew their car insurance, they select their ‘Experian Card’, which would contain confirmation of identity details and age plus, in this instance, other facts that form part of money laundering legislation. Windows CardSpace then sends a request to Experian, the identity provider, to validate the identity of the website.
CardSpace is built into Vista and available down level as part of the .NET Framework 3.0, making this level of security pretty approachable.
More details can be found at the following site.
I expect to see more of these kinds of partnerships popping up throughout the world to protect again identity theft and reduce fraud on the Internet. Eventually through similar mechanisms, local governments and banks will need to drive and build similar models of trust.