Claims Agent Use Cases

Initial Business Cases Three cases could be expanded or added to by others.

1. The claims agent is part of the identity provider which makes money from advertising or validation from the relying party.
2. The claims agent is part of either the display device or the identity provider and is funded by the broader service functionality. (like an employer, a government body, or Microsoft Windows ID)
3. The claims agent is part of a user owned display device. The identity provider is funded by a user who want blinded verification of claims, or by the relying party for non-blinded verification.

The following are entities that could be included in the business use cases.

• • a central government department (e.g. benefits agency)
  • an online financial services provider
  • a local government body (council)
  • a retailer (mixed online and offline)
  • a health insurance company

Initial Test Cases It is important to test that the specifications meet the stated goals. For this purpose the following test cases have been created. Any resultant specification needs to work for all of these cases to be known to meet the goals. In all cases the user and device owner can set policy about claims that are released on behalf of the user and the sites that qualify to receive those claims.

• Test case 1 – The user gets a collection of claims from one or more services and aggregates them in the cloud. There is no private protected key and no signed claims are created on the user device.
• Test case 2 – The claims agent gets a collection of claims from one or more services and aggregates them for the user. There is no private hardware-protected signing key for the user. The claims agent can report device information to a health service.
• Test case 3 - Signed claims are created on the user device with a private protected key. The device has the ability to report on its own health and the quality of protection for the signing key.