Re: [Auth]ISsec Profile Providers (was Re: IDsec meeting)

[Mike Warren]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Norbert Bollow <address@hidden> writes:

> I propose that the DotGNU's standard Profile Provider software
> should be designed in such a way as to make it very attractive for
> banks to become Profile Providers.  We absolutely need to win the
> banks over to our side.  This is of key strategic importance.

Yes, this would be fantastic.

Of interest perhaps is a Canadian banking proposal to allow
``e-mailable cheques''. Basically, the scheme boils down to a
bank-to-bank transfer with email notification (although you can send a
``e-cheque'' to someone without a bank account; they have to come to a
bank and redeem it). God knows how insecure it is; they refused to
discuss security with me except to claim ``there are multiple levels
of encryption''.

The system is called ``CertaPay'' at http://www.certapay.com.

Anyway, the point is that at least some Canadian banks are open to the
idea of financial transaction via the Internet; if it can be shown
that a DotGNU ``virtual cash token'' system is secure and cheap to
deploy, then there is a good chance some of them might adopt
it. Perhaps they would also be interested in hiring FreeDevelopers as
consultants...

> Actually, if the Profile Provider is a bank where the user has an
> account, the payment doesn't need to be via credit card... it could
> go directly from the user's bank to the merchant's bank.  (True
> e-banking :-).

Yes; this would be fantastic.

> This will make them attractive to e-business merchants and even to
> simple netizens who can use them to accept the occasional payment.

This could realistically enable ``Street Performer Protocol'' payment
schemes; for example, a plugin in a Web browser could enable people to
make small payments to artists' via their Web sites: when the user
visits such a Web site, a small side-bar (I'm thinking Mozilla here,
but the idea is the same) could allow the browser to send $0.50 (or
whatever) to the author's Profile.

If all this could happen essentially at the click of a button (an
entry of an amount and passphrase), the scheme might become a
realistic way to fund certain types of artistic development.

It also would work well for free software; with such a system in place
it would be easy to implement the ability to ``sponsor'' the fixing of
certain bugs or additions of features in popular software.

I think most people would be very happy to make such micro-donations
(or micro-payments) if it was easy and secure.

> At least here in Switzerland, banks verify customer-provided
> personal information anyway (because of the anti-money-laundering
> due diligence rules).  So it shouldn't be difficult for them to
> optionally provide a certificate that the user's personal
> information is true.

Yes, exactly. I would expect such ``semi-public'' institutions to be
the first large Profile providers (perhaps large corporations could
also provide Profiles for their employees).

- -- 
address@hidden
<URL:http://www.mike-warren.com>
GPG: 0x579911BD :: 87F2 4D98 BDB0 0E90 EE2A  0CF9 1087 0884 5799 11BD



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.5 and Gnu Privacy Guard 
<http://www.gnupg.org/>

iD8DBQE8BrybEIcIhFeZEb0RAqHJAJ90AWCHnrIdrKWYqGNU7S6TItHhcQCgxTbP
ZL1MCndRbh1OPiA4Qo6C9jQ=
=DwJ3
-----END PGP SIGNATURE-----