Publicly Discoverable ePayment Address(es) Part 2: Difference between revisions
m (17 revisions imported: Initial Upload of old pages from IDESG Wiki) |
(No difference)
|
Latest revision as of 04:03, 28 June 2018
Title: Publicly Discoverable ePayment Address(es) Part 2, UPDATE & REVOCATION
Use Case Description:
Minimal API consisting of a secureXML interface split into two separate interfaces: Registration & Query. The Registration interface includes the following: Enroll User, Remove User, Update User. Update / Revocation: a. deletes the given user from the database, or b.) via an account-holder’s unique identifier and/or PII, disassociates previously linked ePayment address(es), or c.) modify PII and/or GLID linked to ePayment address(es).
Purpose: To employ simple design characteristics that can be implemented without delay to a.) enhance safety and security by minimizing the ability for illegitimate (fabricated or stolen) identities to acquire identifiers with attributes having sufficient trust to utilize monetary and high value information asset transfer services; b.) enhance privacy by minimizing the risk that high-trust, private financial identifiers such as bank account or card numbers are unnecessarily divulged and therefore put at some risk to be improperly used to effect monetary or high value information asset transfer services without account-owner's authorization and c.) lay the groundwork for later extensions by Financial Institutions to enhance legitimate identities ability to assert ownership rights and privacy permissions pertaining to the use of cloud-based transactional data.
Use Case Category: Trust/Assurance, Authentication, Interoperability, Privacy
Contributors : Richard O'Brien - Payment Pathways, Inc.,
Peter Tapling - Authentify, Inc., and
Peter Gordon - FISGlobal & PayNet
Use Case Details
Actors: Financial Institutions, Relying parties, eCommerce Companies, Identity Providers, Authoritative Parties
Goals: 1) Timely discontinuance of access to ePayment Addresses by Relying Parties.
2) Fraud reduction which may imply cost reduction for the relying party.
3) Viable business model for the relying party.
Assumptions: 1) The Authoritative Party supports revocation of ePayment Address registrations.
2) The Authoritative Party supports synchronization of ePayment Address registrations & revocations in accordance the operating rules that are common among all other licensed and accredited Authoritative Parties.
Requirements: Internet access device, identity information for the authorizing user
Process Flow: 1) The Authoritative Party obtains a registration change notice from an Identity Provider for a previously ACTIVE status registrant.
2) Authoritative Party submits synchronization file of updates, adds, deletions to Root Registry.
3) Authoritative Party receives synchronization file of updates, adds, deletions from Root Registry.
4) The user wishes to unbind an ePayment Address with his PII and Unique Identifier. Unique Identifier not to be released. a. The user wishes to have a different FI assign a different ePayment Address to his record b. Other reason
5) The relationship is terminated for that Identity Provider, Unique Identifier can be released a. The user has died / account closed permanently b. Other reason
Success Scenario: 1) User is deleted from database.
2) User ePayment information no longer available.
3) Unique Identifier may be re-used upon expiration of dormancy period (Note: currently no concept of a dormancy period).
4) User status is HOLD.
5) New User ePayment Address may be registered. User status may revert to ACTIVE.
Error Conditions: 1) The Identity Provider does not have the credentials required by the Authoritative Party. Mitigation: the Authoritative party to allow manual request to revoke delegated relationship.
2) Identity Provider cannot find the user in the Authoritative Party’s registry.
3) Authoritative Party does not yet support revocation of the ePayment Address Identity Attribute.
Relationships
- Extended by: Publicly Discoverable ePayment Address(es) Part 3 LOOKUP
- Extension of: Publicly Discoverable ePayment Address(es) Part 1 ENROLLMENT
GRAPHIC 1: High Level Economic Model ePayment Address Registry
GRAPHIC 2: Greenlist in the NSTIC IDEcosystem
GRAPHIC 3: PayNet's Greenlist Benefits
GRAPHIC 4: Greenlist Benefits for Stakeholder Groups
GRAPHIC 5: PayNet Launch Schedule
References and Citations
- Enhanced System for Electronic Funds Transfer and Elimination of the Payee’s Need for Encryption and Privacy
US Patent No. 7,831,490 Modigliani, O’Brien and Vitagliano claim a computer implemented method of conducting monetary asset transfer transactions associating a unique identifier with payment address that can only be debited by the accountholder. Such directories containing identifiers and payment addresses are synchronized to a root directory to enable non-repudiable deposits.
- Methods and Systems for Identity Authentication
US Patent No. 7,945,511 O’Brien, Gallant, et al claim a computer implemented method of conducting informational asset transfer transactions where a registry of unique identifiers are associated with informational assets and access to said assets is regulated in accordance with guidelines established by communities of interest functioning as registrars.