Difference between revisions of "User Engagement"
|Line 3:||Line 3:|
A proposal is in process to extend the Service Assessment Criteria for NIST SP 800-63 into a Trust Registry API for Mobile Applications that act as the [[User Agent]].
A proposal is in process to extend the Service Assessment Criteria for NIST SP 800-63 into a Trust Registry API for Mobile Applications that act as the [[User Agent]]. proposal addresses the first phase of a user experience in acquiring a [[User Agent]] that will honor their intent
===What this is NOT about===
===What this is NOT about===
Revision as of 23:39, 2 July 2021
Full Title or Meme
This topic takes the concept of User Experience to a deeply interactive with the user over time that is intended to help Kantara plan for the next phase of development.
A proposal is in process to extend the Service Assessment Criteria for NIST SP 800-63 into a Trust Registry API for Mobile Applications that act as the User Agent. The existing proposal addresses the first phase of a user experience in acquiring a User Agent that will honor their intent.
The next phase will be the development os specification to the the current set of specification together into a complete package of all of the user attributes, and only those attributes that are required to establish and retain a relationship between one user and one relying party.
What this is NOT about
- User Engagement is also a term used by marketers to mean user manipulations. This is a technical discussion about the interaction of users with their technology choices.
- Pathient Empowerment is about asserting what a healthcare patient CAN do. This is a discussion about what a user SHOULD do.
Is the process of binding and identifier to a real-world person. At its core this is just a comparison of biometric factors of the real-world person to user credentials that are accumulated over a user's life-time.
This is the traditional role for an Identifier provider (IdP). In some ways it becomes an anachronism as we disassemble, enhance and reassemple the parts into a complete User Engagement.
The Relying Party has give the user the information needed to decide to proceed with engagement.
Consent to share data to achieve objectives.
User Agent Trust
- The application that is interactive with the RP on the user's behalf is know to protect the user's secrets and intent.
- Typically this will be real-time identity proofing against biometrics attributes performed in the user agent application software.
- The user reamains engaged in the session and is not replaced by someone else.
- User claims are still valid.
- The biggest challenge is to adequately address the preservation of User Rights in digital interchanges.
Kantara already has a deep reservoir of experience in the development os specification on the User Experience that can serve as a basis for the next steps.
- User Managed Access
- Consent Receipt
- Mobile Authentication Assurance Statement.
- Privacy and Identity in Mobile Driver's License
The path forward
- The consent receipt is being expanded into
- a consent record.
- a generalized notification.
- The MAAS is being bound, in-real-time, into:
- proof that the user is present at the device
- proof that the software running on the device is same code that received the MAAS