Transcript NET Passport Sign In

Commerce Électronique
Séance 5
La gestion et l ’utilisation de
l ’information sur internet
Jacques Nantel
octobre 2002
La notion de vie privée telle de vue
par les consommateurs
Consumer Control
Goodwin, C. (printemps 1991), “ Privacy : Recognition of a Consumer Right ”,
Journal of Public Policy and Marketing, Vol. 10, No 1, pp. 149-66.
NO
Surfing
Movements tracked by software.
Consumer no longer owns information.
NO
Purchasing
Use credit card, no privacy statement.
Consumer no longer owns information.
Consumer
Knowledge
YES
YES
Surfing
Technology solutions, consumers can dismantle tracking
software.
General control maintained.
Purchasing
Use cash (not feasible online), technology.
General control maintained.
Surfing
Able to access privacy statements, no opt-in and opt-out
options, no technology solutions.
Consumer no longer owns information.
Surfing
Able to access privacy statements, opt-in and opt-out
options, technology solutions.
Consumer owns information.
Purchasing
Have to use credit card.
Privacy statement, no opt-out.
Consumer no longer owns information.
Purchasing
Able to access privacy statements with opt-out option if
using credit card, ability to pay cash with opt-in option.
Consumer owns information.
Group G47 "Terms and Conditions"
(Value tabulated = 1)
Pct of Pct of
Name
Count Responses Cases
Dichotomy label
What's Being Collected
How it will be Used
In Exchange for Access to Site
Discount at Site's Store
Some Value Added Service
Aggregated Only
Would Not Give
Other
Q39
Q40
Q41
Q42
Q43
Q45
Q46
Q47
------- ----Total responses
838 19.3
56.5
1084 24.9
73.1
345
7.9
23.3
361
8.3
24.4
459
10.6
31.0
831
19.1
56.1
130
3.0
8.8
302
6.9
20.4
----4350 100.0 293.5
Nature des informations colligées
•
•
•
•
Nombre de clicks
Click streams
Temps moyen par page
Circuits et liens
– entre les sites
– pour un usager
• Achats
Quelques mécanismes de base
• Identification minimale d ’un usager
– Pays
– Nature du serveur
•
•
•
•
•
Distinction entre la machine et l ’utilisateur
Utilisation des «cookies»
Utilisation des «cookies étendus»
Notion de passeport électronique
Combinaison avec d ’autres mécanismes
Nature des modèles de réponse
• Aucun modèle
• Identification pour fins publicitaires
• Identification pour fins de revente de
l ’information
• Identification pour fins de configuration du
site
– «Customization (rules-based systems)
– Collaborative filtering
– Open Profiling Standards
L’intérêt, pour l’entreprise à
utiliser de la donnée privée
• La personnalisation
• Le courriel
• La commercialisation croisée
Ce que viennent changer les
systèmes CRM
• Ils composent avec de plus grandes bases de
données
• Ils sont plus rapides
• Ils sont souvent plus efficaces
• Ils permettent de coordonner plusieurs
vendeurs
• Ils sont efficaces pour démontrer le ROI
• Ils peuvent être plus coûteux
Mesures de performance de l ’action marketing selon
la nature du commerce
Sites web
avec CRM
Coûts
D'acquisition
Sites web Catalogue Tradition Moyenne
14$
55$
14$
34$
29$
Revenus
récurrents
55%
42%
40%
34%
40%
Coûts de
Rétention
6$
24$
8$
16$
13%
Source: BCG déc. 2001
La commercialisation par courriel
• Spams
• Permission
• Viral
Marketing par personnalisation
• Amazon
• Land’send
Web-based Personalization
• Personalized services
–My Virtual Model
–My Personal Shopper
–E-Mail
• Personalized products
–Lands’ End Custom
My Virtual Model
• 13% of landsend.com visitors use
it
• 34% higher conversion rate
• 7% higher average order value
Microsoft .NET Passport
June 2002
Mark Ugar
Director, Retail Vertical
MSN
Authentication
• What is it?
– Presentation of valid credentials to convince a
network that you are allowed to access some set
of resources
• Why is it important?
– Sites, devices, networks and applications need a
way to provide a secure, customized experience
– A secure authentication mechanism is important
to ensure the integrity of the transaction
What is Microsoft .NET
Passport?
Key features:
Internet scale
authentication service
available to any web
site

Single sign in across
multiple sites

Enables easy, secure
commerce

Enables parents to make
informed decisions for kids
(Kids .NET Passport)

User in control, data
stored is minimal
PUID
.NET Passport Unique ID defined by .NET Passport
User
profile
•User's e-mail address or phone number
•First and last names
•Demographics data:
– Country/region, postal code, and state
– Time zone, preferred language,
– Accessibility
– Occupation
– Birth date and gender
Credenti
als
Wallet
Standard
User's e-mail address (from the user profile)
Password of at least six characters
Secret question and answer
Alternate
(optional)
Phone number and 6 digit PIN
Strong
(optional)
Four-digit security key
Three secret questions and answers
Card type, card numbers, name on card and associated expiration dates, billing addresses (first
and last names, address, city, state/region/province, postal code, phone, e-mail) and friendly
description
Shipping addresses (first and last names, address, city, state/region/province, postal code, phone,
e-mail) and associated friendly description
Benefits for Consumers
• Single sign-in
– Only one user name and password to remember
– Common experience on all participating web sites
• Anytime, anywhere, any device
– Personalization associated with user, not device
• Privacy and security
– User in control of their information
• Faster & easier online purchasing
Benefits for Partners
• Enables deeper relationships with customers
– Single click log-in removes registration barriers
– .NET Passport identifies a customer consistently
across multiple Web sites
– Authentication for additional services
• Lets partners focus on core competencies
– Microsoft manages evolution of new
technologies (mobile devices, smart card,
biometrics)
– Microsoft supports users (password resets)
.NET Passport: Running at Scale
Today




165 million accounts
Growth – millions per month
2 billion authentications per month
Used for most Microsoft online properties
& growing number of third parties
.NET Passport Usage Today
•
•
•
•
•
Over 270 signed and implementing
77 total live today
64 live express purchase
13 live Single Sign In (SSI)
Some examples:
800.com
OfficeMax
800Flowers.com
McAfee.com
Starbucks.com
Radio
Expedia.com
Victoria’s
Office
Buy.com
Depot
Shack
Secret Catalog
Privacy
• Critical success factor: trusted data management
– Microsoft will make no secondary use of .NET
Passport data
– Microsoft will not mine, sell, rent, lease .NET Passport
or .NET My Services data
– Easy user management of consent/permissions
• We are legally accountable to honor our privacy
guidelines
• Partners contractually agree to privacy standards
• We support Safe Harbor for all customers worldwide
• Microsoft services subject to same conditions as other
partners
Security
• Secure data centers
– Physical access controls
– User information stored on servers that are not
connected to the Internet
• Credential information never shared with
partner sites
• .NET Passport data is always encrypted
• Sophisticated intrusion detection
• Multiple security levels
.NET Passport Consent model
• User decides what part of their .NET Passport profile they want to share with
Web sites at Sign In:
– Email address
– First and last name
– All other profile information
• Default during registration is that nothing is shared (full affirmative consent).
In that case, only the PUID is transferred to participating sites at Sign In and
.NET Passport provides a true ‘anonymous’ authentication system (No
personal information is shared)
• No partner specific information (e.g. shoe size, favorite music, etc.) is ever
shared with .NET Passport
• Selected wallet information is shared only when using the .NET Passport
express purchase service
.NET Passport Sign In
Browser
(4) Auth Response
Cookies:
In pp.com
Redirect URL:
Includes site specific
t=ticket and p=profile
on the query string
(SSL, Javascript, Cookies)
(1) Initial
Page Request
(3) Authentication
Request
Microsoft .NET Passport
Microsoft .NET Passport
Domain Authority
Microsoft
.NET Passport
UserDomain
Registration andAuthority
Authentication
Web
Servers andand
Databases
Domain
Authority
User
Registration
Authentication
(2) Redirect for
Authentication
Id=site-id,
ru=return URL
Participating
Participating
Web
Site
Participating
Web
Site
.NET Passport Manager
Object
(encryption
library,
authentication
Web
Site
Passport Manager
Object
WebRegistration
Servers andand
Databases
User
Authentication
Web Servers and Databases
and
data
access
interfaces)
(encryption
library,
authentication
.NET
.NET
Passport
Manager Object
and data access
interfaces)
(encryption
library,
authentication
and data access interfaces)
Registration and Login
Servers
Configuration and
Database Servers
(5) Authenticated
Page Request
T=ticket, P=profile
(6) Page including
Set cookie for
MSPAuth and MSPProf
Central Config
Service
‘Nexus’
Valid Domains, Schema, URLs
•No server-to-server communication at
authentication
•Central Configuration Service
•.NET Passport Manager server object
resident at SSI Site
•Alternative Interfaces (not shown)
•Digest security packages for nonHTML clients
•XML interfaces for clients
The Truth About .NET Passport
• Users choose what data is shared with partners
• Partners do not share their data with .NET Passport
• .NET Passport collects a limited set of user
information
• .NET Passport does not track what users do on the
web
• Microsoft will not use .NET Passport information to
market to customers
• .NET Passport is not required to use Windows XP
• MSN sites play by the same rules as other partner
sites
Business Model
Guiding Principles
• .NET Passport
– End users will not be charged for .NET Passport
authentication functionality
– Partners who use the service will be charged a
fixed annual fee plus a utilization charge above a
certain threshold
Principales questions
Partners
Affiliates
Subsidiaries
Ad
networks
3) Should consumers have a
right to opt out or opt in
before Web sites channel
4
ad networks’ cookies to
their machines?
Other third
parties
4) What kind of
sharing takes place
with a Web sites’
business partners -which are
considered “third
5
parties”?
3
5) Should Web sites
be required to
have opt-in or optout policies on
third-party data
sharing?
Web sites
2
1) What kinds of notice should Web sites
be required to provide before they
collect information? Should limits be
imposed on what can be collected and
how long it can be kept?
Forrester May 2000
6) What access should
consumers have to their
1 6
information?
2
Offline
transactions
2) Can on- and offline data be merged?
What are the notification
requirements?