Jim,
Thank you for this information.
http://fstc.org/projects/FSTC_E-Auth_Prospectus_FINAL.pdf
Although I do not plan to attend please let me pass some information
related to the a-authentication project.
The most advanced such service running to date is probably the
Norwegian BankID.no, that has a SAML-like authentication but
also offer signing services using portal-based technology. That is,
signatures are also created on a server and no keys are ever
distributed down to the clients. For authentication to the server
which is of course of prime importance, One Time Passcode
(OTP) schemes are used, ranging from SecurID and similar, to
scratch cards.
BankID.no's scheme enable citizens to access e-government
services from virtually any computer as no local software
installation is required.
A further advantage of a portal-based auth and sign system is
that since all operations are logged, possible disputes are
easier to cope with. In addition to offer citizens a possibility
to actually verify that they indeed signed something a certain
day etc.
Anders Rundgren
e-authentication developer
- Original Message -
From: "Jim Salters" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, September 20, 2004 21:06
Subject: FSTC Project Update
To: FSTC Members and Friends
From: Jim Salters, Director of Tech Initiatives and Project Development
*** September Project Update ***
After a busy summer season of meetings and project development, a number of
FSTC projects are poised to launch, as well as a strong pipeline in
development. Our Standing Committees (SCOMs), especially those in Business
Continuity, Security, and Check Imaging and Truncation, continue to broaden
their participation, and build upon a foundation of dialog and action that
leads to FSTC projects. In the past few weeks, we issued two new calls for
participation: e-Authentication Proof-of-Concept, and Business Continuity
Compliance and Status Reporting. See http://fstc.org/projects/new.cfm .
In addition, we have recently completed projects in Image Quality and
Usability Assurance Phase I, Technology Recovery Best Practices, and
Survivability of Check Security Features. Details on these recent projects
can be found at: http://fstc.org/projects/past.cfm .
FSTC provides an action-oriented, collaborative forum for our members to
address shared business opportunities and challenges through technology
projects and knowledge-sharing. We view our projects as our core activity,
and one of the key benefits of FSTC membership is eligibility to participate
in these projects. In our efforts to keep our members and friends
up-to-date on the latest developments in these active and developing
initiatives, we provide our colleagues this periodic project update As
always, please contact me or Zach Tumin, FSTC Executive Director, for more
information. Or visit our website at http://fstc.org.
Active Projects:
1. Counter-Phishing Phase I
Projects in Formation:
1. e-Authentication: Business and Technology Proof-of-Concept (call for
participation issued 9/8)
2. Business Continuity: Compliance and Status Reporting (call for
participation issued 9/8)
Projects in Development:
1. Image Quality and Usability Assurance Phase II
2. Survivability of Check Security Features Phase II
3. Treasury Services Integration: Data Exchange and Customer Connectivity
through Web Services
4. Transformation to Open Mission Critical Systems
5. Minimum Essential Finance (MEF)
__
ACTIVE PROJECTS:
1. Counter-Phishing Phase I (launched July 2004, expected to complete in
December)
http://fstc.org/projects/counter-phishing-phase-1/
FSTC has launched a phased initiative to address the problem of phishing and
related threats in financial services, as it affects the relationship
between customer and firm. In collaboration with other industry groups,
FSTC will focus on defining the unique technical and operating requirements
of financial institutions (FIs) for counter-phishing measures; investigating
counter-phishing technical solutions, proving and piloting solution sets
enabled by technology to determine their fit against FI criteria and
requirements; and clarifying the infrastructure fit, requirements, and
impact of these technologies when deployed in concert with customer
education, enforcement, and other industry initiatives. The benefits to
participants are: industry-vetted due diligence and scaling of the current
problem and its future evolution; insight into peer institution strategies
and assessments; and definition of an industry response that may be best
undertaken with collaboration between key industry segments.
12 financial institutions and over 15 technology companies are participating
in the 5-month first phase. This project originates from the Security SCOM:
co-chaired by Mike McCormick of Wells Fargo, and Mike Versace of NEC.
Please contact FSTC Managing Executive Gene Neyer for more information
([EMAIL PROTECTED])