User Engagement: Difference between revisions

From IDESG Wiki
Jump to navigation Jump to search
Line 29: Line 29:
* The user reamains engaged in the session and is not replaced by someone else.
* The user reamains engaged in the session and is not replaced by someone else.


==+Currency===
===Currency===
* User claims are still valid.
* User claims are still valid.



Revision as of 23:36, 2 July 2021

Full Title or Meme

This topic takes the concept of User Experience to a deeply interactive with the user over time that is intended to help Kantara plan for the next phase of development.

Context

A proposal is in process to extend the Service Assessment Criteria for NIST SP 800-63 into a Trust Registry API for Mobile Applications that act as the User Agent. This proposal addresses the first phase of a user experience in acquiring a User Agent that will honor their intent.

What this is NOT about

  • User Engagement is also a term used by marketers to mean user manipulations. This is a technical discussion about the interaction of users with their technology choices.
  • Pathient Empowerment is about asserting what a healthcare patient CAN do. This is a discussion about what a user SHOULD do.

Proofs

Identity Proofing

Is the process of binding and identifier to a real-world person. At its core this is just a comparison of biometric factors of the real-world person to user credentials that are accumulated over a user's life-time.

User Authentication

This is the traditional role for an Identifier provider (IdP). In some ways it becomes an anachronism as we disassemble, enhance and reassemple the parts into a complete User Engagement.

User Informed

The Relying Party has give the user the information needed to decide to proceed with engagement.

User Intent

Consent to share data to achieve objectives.

User Agent Trust

  • The application that is interactive with the RP on the user's behalf is know to protect the user's secrets and intent.

Presence

  • Typically this will be real-time identity proofing against biometrics attributes performed in the user agent application software.

Liveness

  • The user reamains engaged in the session and is not replaced by someone else.

Currency

  • User claims are still valid.

Problems

  • The biggest challenge is to adequately address the preservation of User Rights in digital interchanges.

Soltuions

Kantara already has a deep reservoir of experience in the development os specification on the User Experience that can serve as a basis for the next steps.

  1. User Managed Access
  2. Consent Receipt
  3. Mobile Authentication Assurance Statement.
  4. Privacy and Identity in Mobile Driver's License

The path forward

  1. The consent receipt is being expanded into
    1. a consent record.
    2. a generalized notification.
  2. The MAAS is being bound, in-real-time, into:
    1. proof that the user is present at the device
    2. proof that the software running on the device is same code that received the MAAS

References