[WG-IDAssurance] What to call a Relying Party in terms of a Trust Framework
mark at smartspecies.com
Wed Mar 9 12:04:37 EST 2011
In the data protection world a relying party would be called a
'Processor' an Identity Provider would be called a 'Controller' and a
service user would be called the 'Data Subject or Principle'.
I think these terms map quite well. As well. I think there should be
a level of Processing Assurance = eg RP assurance that certifies the
highest standard of data protection regulation in the jurisdictions it
will federate. From this point a federation contract and policy
mapping should then be entertained for higher level assessment criteria.
For all levels a privacy framework should entail auditing and the
passing of privacy preferences/profile to the relying party
(processor) from the Identity Provider (controller).
My 2 cents.
More information about the WG-IDAssurance