20021010 1600C

67 %
33 %
Information about 20021010 1600C

Published on September 27, 2007

Author: Junyo

Source: authorstream.com

Business Models in Identity:  Business Models in Identity Carol Coye Benson Digital ID World Denver – October 2002 Identity Business Models:  Identity Business Models Established Business Models Nothing but Questions Where’s the Beef?:  Where’s the Beef? Many players are looking for successful business models in open identity services networks What do we know? There is need (consumer convenience, relying party costs) There are technologies (too many to list) Some early efforts have been unsuccessful New initiatives continue to emerge, and expectations are high for Liberty-enabled, SAML-enabled, XNS- enabled, Passport-enabled identity businesses So, where’s the money? What is reasonable to expect? Let’s look at…. Two failures Two flawed ideas A few predictions Some opportunities Two Failures:  Two Failures Partial (a.k.a. failure to thrive): Identrus Global bank consortium – common root for digital certificates in B2B Original vision – an identity business not directly connected to financial transactions; mechanism for implementing variable value guarantees (and commissions!) connected with identities # 1 Lesson learned: it’s tough to start a market from scratch. #2 Lesson learned: identity guarantees are dicey business Complete: SET Visa and MasterCard joint, PKI based initiative to secure credit cards on the internet. Multiple reasons for failure: technology, market readiness, etc. # 1 Lesson learned: no one will use (much less pay for) authentication unless it is really, really necessary Two Flawed Ideas:  The identity business will work just like payment systems Two Flawed Ideas Consumers Banks Businesses The Credit Card Model:  The Credit Card Model Purchase Authorization Authorization Settlement Settlement Relationship Relationship How it Works:  How it Works Purchase Authorization Authorization Settlement Settlement Relationship Relationship The Merchant Pays for the Service The Issuing Bank guarantees the payment The card association sets the rules and guards the brand Consumer trusts the brand and the ability to get recourse in the event of a problem Why it Works:  Why it Works Purchase Authorization Authorization Settlement Settlement Relationship Relationship Liability Transfer is: Explicit Simple Denominated (everything has a “tangible metric”) Non-contingent An Identity Industry Equivalent …:  An Identity Industry Equivalent … Request for Access, Enrollment, or Service Authorization Authorization Settlement Settlement Relationship Relationship The Service Provider pays for the identity service The Identity Provider guarantees the identity Where It Doesn’t Work . . .:  Where It Doesn’t Work . . . Purchase Authorization Authorization Settlement Settlement Relationship Relationship $$$ $$$$$ Liability Transfer is: Unclear Complicated Non-denominated (no“tangible metric”) Other Payment Models:  Other Payment Models A “Circle of Trust” governed by: Membership Governance Operating Regulations Technical Standards Funding Mechanisms Transfer Pricing Risk Management. Liability Transfer Enforcement, Arbitration Communication (Brand) Bank A Bank B Bank C Bank D Banks participate in multiple payment systems – “circles of trust” Each payment system has its own, highly specific rules Financial responsibility closely tracks the rules of each payment system in a game of “hot potato” as responsibility – and liability – moves from party to party. Banks are the “grownups” in payment systems – take different responsibilities vis-à-vis each other than do end party participants. End party responsibilities are more governed by contracts with banks than by payment system rules. Transactions are exchanged within payment systems – not among them: i.e., there is no inter-system “federation” Payments as a Business:  Payments as a Business US (2000): $170 Billion in total revenue Total Money Flows = $25,598 Billion Total Transactions = 782 Billion Source: McKinsey Research Banks make money in payment systems through: Transaction Fees – very low unless linked to guarantees! Float Customer relationships with other highly profitable businesses that are tightly coupled to payments: deposits (good) and lending (better). Banks tolerate the costs and risks inherent in payment systems because of the non-transactional revenues associated with payments. Implications:  Implications There are no obvious leading candidates for non-transactional (I.e. profitable/lending-type) revenues associated with identity assertion. Identity guarantees are an intriguing prospect but we think are unlikely to broadly emerge, particularly across circles of trust. There are specific situations in which guarantees may be used (e.g. signing your mortgage documents) – but there is no reason to generalize this Without guarantees relying parties are not even likely to pay significant transaction fees for “receipt of identity”. This implies a business model in which the identity provider is recouping its costs and finding returns based on the larger relationship it has with the identified party. …. for Identity Business Models The Compulsive Consumer Fantasy:  The Compulsive Consumer Fantasy “A consumer might decide to participate in a Circle of Trust run by America Express. As we connect to various airline, car rental, and restaurant Web sites, all of the information about who we are and what we like is coordinated by American Express and shared (again, with our permission) with the participating members we've selected within the Circle…., as customers, we can opt in or out of sharing information with each member of the Circle, but we can't yet opt in or out of WHICH information we choose to share in WHICH specific contexts. … Ideally, the participating players should be ….giving customers complete control over which information and relationships they want to enable in the context of different scenarios. Patricia Seybold, critique of Liberty Alliance 1.0 specifications A common vision among privacy advocates and identity buffs is a world in which consumers pro-actively manage their identity profiles. Get Real! :  Get Real! If real, this vision implies a business model in which motivated consumers will pay – directly or indirectly – for their ability to manage their identities. How many people will really do this? Let’s look at a few comparables: Personal Financial Management software – about 25 million users out of 174 million adults = 14% of the population own the software – what percent use it? These are presumably the “compulsives” who might be inclined towards active management of identity. Gator – 22 million users = 13% of the adult population, less if you include kids . . .again, what percent actively use it? So if, say, 6-7% of the population actively manages their identities, what will the rest of us do? Will probably use single sign on features without ever customizing them – when packaged with simple ISP, carrier, credit card or employer services. Current day model: credit card “enhancements” (e.g. free rent-a-car insurance) Apt to tolerate multiple, overlapping, and disorganized “identities” Probably won’t pay for identity management – either directly or indirectly Some Things That Will Happen:  Some Things That Will Happen Broadly pervasive government issued identities More likely to be state than federal Tied to social security number Used for access to a wide variety of government services – note development of e-Gov “authentication gateway” Broadly pervasive employer issued identities Used for internal building and application access Opened up for use with partners, customers, and employers Issued to both people and applications (web services) ? Will these issuers tolerate the more general use of these identities? One View – 4 Years Out:  One View – 4 Years Out Employer Issued Government Issued ISP/Bank Issued Special purpose – closed circles of trust Special purpose – highly controlled by consumer Hundreds of millions Tens of millions Identities “In Circulation” Note: assumes most individuals will have multiple identities Needed Components:  Needed Components Interoperability – “Federation” Among Closed Circles of Trust Formalized rules and trust agreements; some may include guarantees Among More Open Circles of Trust Much more casual trust agreements – may leverage other, standing agreements – “good enough for government work” Counter party Evaluation Interoperability:  Interoperability Easy Hard + + + Interoperability is generally driven by consortia efforts: Cross Industry Industry Specific System Specific Counter Party Evaluation:  Counter Party Evaluation Who is the authenticator? Public/private Financial strength Certified security practices? Reputation What is the strength of the authentication? What is the length of the relationship between the identified party and the authenticator? Is there additional information available about the party being authenticated? Credit Bureaus – One Model:  Credit Bureaus – One Model Credit Reports: Not guaranteed Don’t reference a tangible metric Regulated Consumer involvement is passive and exception oriented A system run on behalf of the businesses that use it Credit Bureau Conclusions:  Conclusions Look at the numbers – who will issue digital identities in volume – and how will they be used? Don’t expect guarantees on identity or business opportunities derived from guarantees Technical interoperability issues will be addressed across industries – there will be limited but crucial roles for intermediaries Business interoperability issues will be addressed in verticals – a wider variety of intermediary and value added service opportunities may grow out of these groups About Glenbrook Partners:  About Glenbrook Partners Glenbrook Partners is a small, targeted research and advisory firm that helps companies leverage the electronic delivery of financial services, with particular focus on payments, digital identity, and authentication. Carol Coye Benson ccbenson@glenbrookpartners.com 541 301 0139 Glenbrook Partners Two Bryant Street, Suite 240 San Francisco, CA 94105

Add a comment

Related presentations