Today many online interactions require you to disclose identity information. This poses substantial trust challenges, both for the people who disclose the information and for those who receive it. Until now, this problem has been addressed by a simplistic model in which a third party or identity service provider discloses identity information to a recipient, known as the relying party, on behalf of a user. The identity service provider reduces risk and promotes efficiency by confirming aspects of the exchange, for example, that a user is who he or she claims to be.
With this basic model, strangers from all over the world can interact easily, especially as technologies like OpenID and Information Cards facilitate the flow of identity information. Still, this flow of identity information carries significant risks. How can consumers and businesses know that reasonable technical and operational safeguards are in place? Can these technical and operational details of the connection be worked out in an efficient and trustworthy way so that people can get on with what they want to do?