Nick was a most special 'kindred spirit" and such a friend both personal and business- we had so many happy and amusing times, always ready to listen to new ideas and initiatives. Much missed but so much admired.
John G Bullard
20 Oct 2021 21:33 Read comment
Bo;
Implicit in the word Trust is Accountability. For Trust to be truly "trustworthy" there must be a set of legally enforceable obigations/liabilities and corresponding rights and entitlements..... so that if things do go wrong there is a pre-determined process for putting them right. It is no good if such processes are limited to geographic boundaries because of course the internet does not recognize these- there must be a set of contractual relationships enforceable wherever needed. ie Legal, not just technological.
Best wishes
London, England
28 Feb 2018 09:01 Read comment
Bo- I agree- and have always done...we have the model/ we have the demonstrable experience in 1,2,3 and 4 corner global usage and interoperability of ebank log-in- with the essential underlying liability model (no hidden surprises) and it is there for all to leverage. Best wishes JohnB
21 Oct 2015 11:06 Read comment
A scheme based approach where particpating banks (and by extension their Customers) know and understand and sign up to the liabilities and entitlements, the rights and obligations of all parties- is why IdenTrusts Trust Network was established (as a distributed liability model). These aspects are defined thru 4 specific but interlinked dimensions, namely Policy Legal Operation and Technical- so that complete Business interoperability and associated liability is established upfront... not in hindsight....or after the the cat is out of the bag (or the mole is already burrowing...!)
23 Sep 2014 17:24 Read comment
It depends what you mean by a bank.... there is a way of looking at the business of banking as being Risk Management/Mitigation/ Intermediation (pick any one but they are all about Risk/Liability etc) in 3 distinct areas: namely i) Credit Risk (being the acceptance of deposits and the lending of money) ii) Capital Market Risk (being trading etc either on the banks account or for large clients across Capital Markets- this incl "Investment Banking" etc) iii) Operational Risk Management- this is about transactional risk- the movement of bits and bytes representing value across electronic networks; whether those bits bytes represent money (ie a payment), or a document (eg a contract) is actually immaterial- they are still bits 'n bytes. A bank probably comes closest to being an IT company in (iii)- but "payments" are still seen by society (and by regulators) largely as something "banks" do- although of course that perception is changing.
Final point- whether in i) ii) or iii) there is a single common denominator without which each one will crash- namely Trusted Identity- can I be sure that my counterparty really is who he/she says they are..... and that the bits/bytes get to their destination privately and unaltered...... And if there is aproblem, where do I go for recourse...an IT company or a Bank ? ...I know which I would choose..... All of which which takes us back to why banks and trusted digital identity are so important to each other in a borderless world of public ubiquitous and instantaneous electronic networks....... JGB
09 Aug 2013 08:38 Read comment
Chirs; You are right to distiguish between the "counterparty identity" issue and the digital currency itself.
In mainstream payments world, we can look at a payment as the movement of value (represented by bits and bytes) from one digital identity (called a bank account number) to another digital identity (another bank account number). It is the Know Your Customer process that a bank undertakes in establishing that digital identity, and the liabilities/entitelements which go with it- which bring Trust in payments systems (something which end-customers all largely take for granted, because it works). That KYC process is then overlaid by a set of contractually binding operating rules (eg as found in a Cheque Clearing Syatem) that brings the interoperability between banks/their customers. The opportunity for banks, large and small, to consider is whether to leverage that same KYC capability beyond the payment application into other apps which transfer value in the form of "bits and bytes" from one digital identity to another. JohnB
30 May 2013 11:58 Read comment
Nick; I agree but it may not be as crazy as it first seems.......if one thinks of a payment as the movement of value from one digital identity (aka an account number) to another, and that invariably a payment is the final stage of a series of other "movements of information containing value" which take place (electronically) between different parties before the payment itself happens, then one could build on this one piece of the banking sector that does actually work/is trusted......and by doing so reinvent the relevance of the banker....
24 Jul 2012 15:02 Read comment
Great blog Elizabeth, and yes a lively CSFI Round Table- and in its own way definitely about "Innovation". Hopefully in the final RT we can move the debate on from the pure Identity /Utiltiy Bills aspects blah blah blah (which can get quite torrid) toward some real world liability aspects- and maybe focus a bit on the corporate/business/public sector aspects of assurance- specifically what happens when it all goes wrong, what if one relies upon a credential which it turns out was wrongly issued, it was bogus,it had expired or been revoked- where does the buck stop, how is liability managed ? If we can crack the interplay between the technical and legal, the operational and the "policy" dimensions of trusted electronic credentials, then (albeit maybe with some kickin'and screamin' from a few quarters), we can actually make progress along the road.
02 Feb 2012 17:18 Read comment
Implicit to each one of these requirements is the exchange of Data between two or more parties- invariably across industry boundaries, and/or across geographic boundaries, and/or across product-specific boundaries.
In order to be trusted and reliable, that Data must have the benefits and properties of Privacy, of Authenticity, of Integrity and of Non-Repudiation.
Transaction Management arms of Banks have enormous opportunities to provide that required degree of Trust and (electronic identity) Assurance- they uniquely "Know Their Customers" and are positioned to help their customers manage the implicit Operational Risk Management challenges which accompany each one of the requirements/innovations which this survey reveals. Indeed without the neccessary degree of Trust , Liability Management and Interoperability underpinning these requirements, they will remain unfulfilled.
Kind regards
John Bullard
21 May 2010 13:13 Read comment
I agree with your points- and believe that Governments around the world are starting to understand that "eGovernment applications" can indeed be underpinned by "bank issued electronic identity credentials". It doesn't make any sense to reinvent a wheel if banks already have one which works in their space.
As for your 3 neutralities:
i) yes Regulation both at a local (ie national) and worldwide (ie at a "scheme" level) is essential. Not just Technology audits (eg WebTrust) but also at the Policy level- with some form of Policy Approval Authority for the conduct of the Scheme.
ii) Applications will drive the nature of the underlying tool. For accessing a low value application, hi-level eID assurance can be overkill. But as technology costs are driven down, the use of higher assurance tools (such as certificates on some form of hardware device) become more affordable for lower value apps.
iii) The platform should be able to support multiple different tokens-including mobile- again it is the Application/Use which will drive the token- and the eID token itself should be "thin" (ie not loaded with attributes- which would pose security/privacy issues).
Critical to all of this (and exactly as happened in the card payment world some 30 years ago) , there must be some sort of contract-based Operating Ruleset which simply defines the "minimum operating requirements" for issuing and relying parties in eID- in order to define liabilities between all the parties- these MOR's form a set of solid foundation building blocks removing grey areas/inconsistencies (which is where risk/losses occur).
The MOR's of a Ruleset should be globally applicable (just like the rules of the Card Schemes are essentially global ), and then can be blended to meet local needs.
Banks are ideally placed to fulfill the roles of issuance of, and reliance upon eId's on behalf of their customers, and to prosper in doing so. That is why they created a Ruleset/Scheme based approach (IdenTrust) some 10 years ago, and why it is now seen as a practical/workable solution to an enormous problem.
John
30 Apr 2009 10:04 Read comment
Welcome to Finextra. We use cookies to help us to deliver our services. You may change your preferences at our Cookie Centre.
Please read our Privacy Policy.