[KI-LC] The OASIS charter we discussed on the call.
jbradley at mac.com
Wed Apr 27 17:03:36 EDT 2011
This is a draft of the OASIS charter that Peter Alterman is circulating.
The name of the TC:
OASIS Electronic Identity Credential Trust Elevation Methods (EIC-TEM) Technical Committee
Statement of Purpose:
The EIC-TEM Technical Committee will identify methods being used currently to authenticate electronic identities by a variety of online Relying Parties, or Service Providers (hereinafter called SPs), and methods in development or identified in theoretical models. The EIC-TEM will develop a set of standardized protocols that SPs may use to elevate the trust in an electronic identity credential presented to them for authentication at generally-recognized levels of assurance.
The EIC-TEM will base its initial analyses of the identified trust elevation methods on the four levels of assurance described by the U.S. in OMB and NIST publications and on comparable ISO and ITU publications. The more widely-recognized and adopted these standardized protocols are, the more useful they will be to governments, businesses and individuals engaged in eGovernment and eCommerce.
4. The conceptual scenario for this TC’s focus is as follows: An online Service Provider (SP) that has determined its electronic authentication requirement at NIST Level 3 receives an electronic identity credential from an end-user that is recognized as a Level 1 credential. By applying one or more recognized methods for assessing the identity of the end-user, the SP is able to assure itself that the presented credential actually represents the asserted identity at higher level(s) of assurance comparable to NIST Level 2 and 3.
Out of scope areas include:
o Considerations of privacy and privacy management
5. List of deliverables:
o The initial deliverable is a comprehensive list of methods being used currently to authenticate identities online to the degree necessary to transact business where (to-be-determined) amounts of money are involved or to transact business where Personally Identifiable Information (to-be-defined) is involved.
o The second deliverable is an analysis of the identified methods to determine each one’s ability to provide the SP with sufficient assurance of the submitter’s identity to transact business where (to-be-determined) amounts of money are involved or to transact business where Personally Identifiable Information (to-be-defined) is involved.
o The final deliverable will be a draft protocols standards document that recommends particular methods as satisfying US and International standards for elevating trust in an electronic identity credential sufficiently to assure the submitter’s identity to transact business where (to-be-determined) amounts of money are involved or to transact business where Personally Identifiable Information (to-be-defined) is involved.
6. IPR Mode under which the TC will operate:
The EIC-TEM TC is anticipated to operate under RF on RAND.
7. Anticipated audience or users:
EIC-TEM is intended for the following audiences: Architects, designers and implementers of providers and consumers of enterprise identity management services.
8. Language: Work group business and proceedings will be conducted in English.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the LC