Building the Identity Ecosystem Framework
Session Topic: Identity Ecosystem Framework
Tuesday 4D
Convener: David Temoshok
Notes-taker(s): Eric Scace
What are the participants in the ecosystem?
• users: individuals, businesses, machines/devices
• actors: machines or persons
• groups: generic (as users)
• service providers
• agents a.k.a proxies
• authorities, government
• access providers
• credential issuers
• regulators
• technology suppliers
• advocacy groups
• attribute providers
• relying parties
• noise
• trust framework providers
• criminals
• accreditation services
... and probably more.
What are roles?
• users who want to access something...
• service providers (either providing identity services or employing identities provided by something/someone else): relying parties
• credential users
• regulators
• tech suppliers
• trust framework providers. Led into an expository talk about trust inheritance or transitive prosperities.
What is a trust framework?
• 1 answer: business, legal, & technical rules...
• another answer: what is the bar of acceptability... verified conformance to a set of rules.
• Kaliya: What do you mean by trust?
DaveT: Ficam defined 4 levels of assurance (low to high). Other trust
frameworks have done something similarly.
Long discussion about establishing trust criteria for relying parties.
Several speakers asserted that, by focusing on 'trust framework', we are
focusing on the wrong thing. For example, one spoke of 'assurance trust'.
Kaliya raised issues around frameworks that rely on increasing amounts of
personal data for higher levels of assurance.
The clock ran out as the group delved further into the thicket of views about
scope of trust frameworks and assurance... and at expiry many intriguing
perceptions were socialized but opinions had yet to coalesce around any one or
small subset of perspectives.