Open ID Connect Flows and Levels of Assurance (W3H)
Session Topic: Open ID Connect Flows and Levels of Assurance (W3H)
Convener: John Biccum
Notes-taker(s): Dave Sanford
Tags for the session - technology discussed/ideas considered:
Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:
Rick started indicating that as the world is digital, we replicated too much of the physical model - it doesn't fit. The model he articulated includes:
1) External Entities - which includes:
Relying parties
Identity Providers
Medical
Business
Work/Employer
Collaboration
Entertainment/Games
... Government
2) Rules of Engagement interface layer which involves:
- user managed access
- provider managed access
- industry self-regulation
3) About me is the avatar with includes:
- identity and authorization
- reputation
- personas
- personal data ecosystem, creates collaborative info,
some of this is observable data (mostly not controlled by me)
- personal (dear diary)
- transactional
The data stewardship of this avatar managed data should be shared responsibility with me. The avatar is a platform that uses the services of the external entities, they should in general not retain information unecessary for registration of the transaction.
The model relies largely on industry self-regulation (exchange rules might be from the National Information Exchange Model (NIEM).