When considering authentication and privacy, here is a list of several
principles I feel is important to protect one's privacy when using
digital wallets (or eWallet) or anything containing personal identity.
- I own the wallet.
- I control contents of the wallet.
- I control the software my wallet uses.
- I may have more than one wallet.
- I may have multiple identities stored in my wallet.
- I decide where I want to use my wallet.
- I can securely create a backup of the information in my wallet.
- I can recover the backup and place it in a new wallet.
- I can use my wallet to securely log onto a system without typing a username/password.
- I want to be able to use my wallet as a Credit Card.
- I want to be able to use my wallet as a debit card.
- I want to be able to use my wallet to access my bank accounts.
- I want the store some or all of my account information in my wallet, including passwords, etc.
- I want to be able to use the wallet to authenticate myself to remote sites using a borrowed computer.
- I want to use my wallet to authenticate a remote site before I reveal any personal information to that site.
- I want to be able to authenticate myself with multiple mechanisms (weak to strong) depending on what I access. I am going to protect my bank account more than my Instant Message/Facebook/Linkedin account.
- I want to be able to use it to buy things using it as conveniently as possible.
- I want to be able to decide upon the convenience and security that suits my needs. I want to decide upon the balance of security and convenience.
- If someone steals my wallet, they can be limited in what they do with it, based upon my personal security/convenience trade-offs that I have specified.
- I want to store confidential information in my wallet. If the size of the information is too big to store, I want to be able to store the information securely elsewhere, with the decryption key to this data in my wallet .
- I may choose to have an escrow service that can unlock some or all parts of my wallet in the event of my death.
- I want to be able to act as a go-between between two organizations who wish to share information about me. I want the option to decide what information about me they have access to.
- I want to be able to conveniently fill out financial forms using my wallet using one of the profiles in my wallet. That is, I can select a profile with specific name, address, and account information that specifies what information i wish to share with third parties.