Open ID Connect Flows and Levels of Assurance (W3H)

From IIW

Session Topic: Open ID Connect Flows and Levels of Assurance (W3H)

Convener: John Biccum

Notes-taker(s): Dave Sanford

Tags for the session - technology discussed/ideas considered:


Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:


Rick started indicating that as the world is digital, we replicated too much of the physical model - it doesn't fit. The model he articulated includes:


1) External Entities - which includes:


Relying parties

Identity Providers

Medical

Business

Work/Employer

Collaboration

Entertainment/Games

... Government


2) Rules of Engagement interface layer which involves:

- user managed access

- provider managed access

- industry self-regulation


3) About me is the avatar with includes:


- identity and authorization

- reputation

- personas

- personal data ecosystem, creates collaborative info,

some of this is observable data (mostly not controlled by me)

- personal (dear diary)

- transactional


The data stewardship of this avatar managed data should be shared responsibility with me. The avatar is a platform that uses the services of the external entities, they should in general not retain information unecessary for registration of the transaction.


The model relies largely on industry self-regulation (exchange rules might be from the National Information Exchange Model (NIEM).