Our vision of the future with OneID

Wouldn't it be great if:

  • you could get rid of the hundreds of usernames and passwords you have to manage?

  • you only had a single ID that could be used on-line and off-line?

  • you only had to remember a single PIN code for that identity. Nothing else. No username. No password (it's optional).

  • that you can do 2 factor authentication without an OTP token, SMS, or phone?

  • your computer was stolen, that your identity would self-disable instantly everywhere on the Internet when used from that device

  • all the issues with security of identity (like accounts being cracked and hacked, phishing, keylogging, malware, mass credit card breaches, mass password file breaches, identity providers who assert your identity without your consent, credit card numbers being stolen) would just "go away"?

  • you could create an account at a new website with just a single click (no more choose a username that is not in use, choose a password, fill out a captcha, etc.)?

  • you could complete a purchase on a website you've never been to before without typing...with just a single click

  • you could prove to a site that you really are who you claim to be without revealing any personal details so you can see things like your government benefits?

  • you never had to remember the answer to those stupid "what is your dog's name?" questions ever again?

  • you were never again told to change change your password or how long and which characters it must have?

  • you could never forget or lose your identity...ever?

  • when you made a purchase that all your receipts would be stored securely in one place (like all your software right-to-use licenses)

  • credit card statements would never contain transactions that you never authorized?

  • when you moved or changed your email address or change a credit card number that you only would have to update it one place?

  • you could replace all your loyalty cards, identity cards, membership cards, gift cards, etc. with a single card?

  • you could check into a hotel by saying "Hi, I'm Steve," press a button on your phone, and be instantly registered and your phone given the NFC credentials to open your hotel room door?

  • you could buy a plane ticket on Orbitz and then click login to United and see your ticket without having to remember any account names, flight numbers, confirmation codes, or anything else?

  • you could prove your identity to a person over the phone without telling them any "secrets" like you mother's birthday that they can use to steal your traditional identity?

  • you could order pizza over the phone by telling the person "Hi, I'm Steve" and confirm on your phone and not have to give the person your credit card

  • you could scan a QR code on a paper bill to pay it?

  • if you could wire money from your bank to anyone with a single click (instead of having to wait 10 days, talk to someone on the phone, and be required that the account names are the same)?

  • you were only prompted for enhanced authentication (like out-of-band PIN code) only if the transaction was very risky (e.g., a large wire to someone you've never wired money to before)?

  • you could fill out forms on any website with a single click?

  • login to any website with a single click?

  • you could make credit card purchases without disclosing your credit card information to the website?

  • you could pay in-store by just touching your finger to a fingerprint reader (and not have to worry that your fingerprints are stored in a file somewhere)?

  • that personally sensitive information could be stored in a computer database that could only be accessed by you?

  • all the issues with privacy would disappear?

  • you can use the same identity you use for websites with your desktop apps, mobile apps, and enterprise apps (including SSH, VPN, SSO, etc)?

That is what OneID is about. To accomplish all of these things.

OneID enables a massive paradigm shift to happen because it provides four things:

1.       Digitally signed transactions

2.       Secure, private storage of information

3.       A means to communicate changes when an attribute value changes  (such as your home phone number)

4.       A means for presenting  and proving digital claims

Here are 25 things we’d like to be able to do with a OneID in the near future:

1.       Fill out any PDF forms one click

2.       Digitally signing a document (and keeping a record of what was signed)

3.       Only have to remember at most one password, and one PIN (with the peace of mind knowing there is a hint for both available)

4.       No more PAN. Online purchases are all digitally signed transactions.

5.       Authenticate once; use all web services w/o further challenges to my identity.

6.       No more breaches at RP or OneID

7.       A permanent identity; never need to change (available now)

8.       Certificates tied to my unique identity, nobody can act as me, even if they have same name and DOB.

9.       Buy ticket on Orbitz for me using my GUID and locate record at AA by presenting my GUID. Never have to worry about remembering my AA account username or my frequent flyer number. If I give my identity, it should associate it without me having to track individual identifiers.

10.   Fraud less than EMV levels

11.   Transaction detail stored in my identity on every transaction; reduction in chargebacks

12.   No more having to ask my wife, “did you make this transaction?”; you have a record of every transaction. Same for business transactions. You’d know it if you made the transaction.

13.   Easy phone orders without giving out a credit card or address

14.   Phone authentication without sharing any secrets

15.   Bill pay with a simple QR code scan

16.   In-store purchase with a touch of my finger

17.   No more loyalty numbers, no more loyalty applications. Everyone know my number but I can use different numbers at different locations and not have to worry about remembering any of them.

18.   Change your email or home address once in just one place

19.   Change your credit card info in just one place

20.   No more identity theft.

21.   No more forced password changes ever

22.   Manage all your recurring charges in ONE central place

23.   Store all your proof of purchases in one place

24.   Need to retur?; no problem; no more lost receipts!

25.   End-to-end secure transactions; no more tampering, PCI liability, etc.