[KI-LC] Trust Framework Meta Model (TFMM) WG charter for LC review and approval

Rainer Hörbe rainer at hoerbe.at
Tue Mar 29 14:55:35 EDT 2011


Am 29.03.2011 um 18:47 schrieb Bob Pinheiro:

> So it would appear then that an Identity Assurance Framework differs from a Trust Framework in two major regards:
> 
> An IAF (as currently defined by KI IAF 2.0) focuses strictly on the assurance levels of identity assertions from IdP to RP. 

The IAF provides a complete assurance  of a transaction for a document-centric use case, like mailing a signed pdf-file. It is not complete for the session-based use case, because mutual authentication, session protection and a few other controls are missing. I think that the authentication assurance (LoA) should protect the transaction, not the credential. Otherwise we would have to invent another Level-of-Somthing-assurance, which I would like to avoid to keep the overall system simple.

> There is only one type of RP, which is an entity providing services to the subject/end user.  The assertions refer strictly to the identity of the subject.  The IAF defines responsibilities and liabilities for only 3 kinds of actors: subjects/end users, service providers/relying parties, and identity providers/credential service providers.
> 
> A TF is an expanded version of an IAF in which assertions can involve claims other than those strictly pertaining to identity; e.g., age-related claims, membership-related claims, etc. The set of actors is expanded to include other entities such as attribute providers, federation operators, registration authorities, etc.  Each of these actors carries with it certain responsibilities.  Trust relationships between actors implies that there is an expectation by one actor (the relying party) that the other will behave in a certain way.  Privacy considerations are reflected in a trust relationship between a service provider and a subject, and between an identity provider and a subject.  In these cases, the subject becomes a relying party.  
> 
> So basically an IAF is a subset or slimmed-down version of a TF.  Privacy (as well as other potential expectations) is not defined in the IAF, but will be part of a TF.

yes

> 
> I'm assuming the purpose behind defining a TF meta-model is that any real-world deployment of a trust community based on the IAF would be perceived as deficient in certain regards, and those deficiencies would be corrected with an appropriate TF.  For example, IAF doesn't include privacy considerations, but a TF would.
> 
> Bob
> 
> On 3/29/2011 10:41 AM, John Bradley wrote:
>> 
>> A trust framework comprises more actors than are considered in scope for the IAF.    Those actors include RP, Federation operators, Attribute providers, User controlled personal information stores. 
>> 
>> This page may help explain.
>> http://kantarainitiative.org/confluence/display/fiwg/Trust+Framework+Meta+Model
>> 
>> John B.
>> On 2011-03-29, at 10:29 AM, Frazier-McElveen, Myisha wrote:
>> 
>>> In my view a Trust Framework encompasses the broader trust relationship under which a federated exchange of identity would occur.  So the assurance of the identity bound to the credential is one component.  The privacy concerns of the transaction would be another component.  The legal and liability aspect could be another component.  But the Trust Framework would consider ALL components that would facilitate trust relationship and federated exchange of identity information. 
>>>  
>>> Sincerely,
>>> Myisha
>>>  
>>> Myisha Frazier-McElveen
>>> Identity Management Practice Manager
>>> Truestone
>>> 13873 Park Center Road
>>> Herndon, VA 20171
>>>  
>>> (O) 703-766-6203
>>> (M) 240-751-7780
>>> 
>>> From: lc-bounces at kantarainitiative.org on behalf of Bob Pinheiro
>>> Sent: Tue 3/29/2011 10:28 AM
>>> To: lc at kantarainitiative.org
>>> Subject: Re: [KI-LC] Trust Framework Meta Model (TFMM) WG charter for LC review and approval
>>> 
>>> I'd like to make sure I understand the difference between a Trust Framework and an Identity Assurance Framework.  My understanding is that an Identity Assurance Framework is concerned strictly with providing assurance about the identity of an individual (and perhaps other entities as well), whereas a Trust Framework is concerned with providing assurance of more generalized claims.  So in practical terms, the Service Assessment Criteria for an IAF is strictly limited to identity proofing of individuals (or other entities), whereas the corresponding criteria for a TF is concerned with verification of other non-identifier attributes that define a claim.  Other than that, they are basically the same.
>>> 
>>> Is that correct?  Or are there other differences?
>>> 
>>> Bob P. 
>>> 
>>> On 3/17/2011 5:41 PM, Eve Maler wrote:
>>>> 
>>>> Folks-- I've just accepted this charter for consideration. Please review, comment on the list, and be prepared to vote on approval of this charter at our Mar 30 meeting. Thanks!
>>>> 
>>>> Eve
>>>> 
>>>> Begin forwarded message:
>>>> 
>>>>> From: Joni Brennan <joni at ieee-isto.org>
>>>>> Date: 17 March 2011 9:20:40 AM PDT
>>>>> To: Eve Maler <eve at xmlgrrl.com>
>>>>> Cc: Rainer Hörbe <rainer at hoerbe.at>, John Bradley <jbradley at mac.com>, Anna Ticktin <annaticktin at me.com>
>>>>> Subject: Draft TFMM WG Charter for LC consideration
>>>>> 
>>>>> Hi Eve,
>>>>> 
>>>>> Attached is the draft TFMM WG charter that we briefly spoke about yesterday on the LC call.  Rainer would be the convener and he feels the draft charter is ready to move forward in the LC.  John Bradley has also been close to the development of this charter and John may represent to answer questions in the case that Rainer is not available to do so.  
>>>>> 
>>>>> When you have a moment please have a review of the Draft charter and advise if/when it's ready to move forward in LC.  Also worth noting that the stakeholders of this group are already in a sense 'working' so I think it's fair to say that they'd like to move forward as speedily as possible to form this WG for the focused purpose of developing the TFMM. 
>>>>> 
>>>>> Please advise if there are questions or with confirmation that the charter is ready to move forward. 
>>>>> 
>>>>> Thanks much,
>>>>> =Joni
>>>>> 
>>>>> Joni Brennan
>>>>> IEEE-ISTO
>>>>> Kantara Initiative | Executive Director
>>>>> voice:+1 732-226-4223
>>>>> email: joni @ ieee-isto.org
>>>>> gtalk: jonibrennan
>>>>> skype: upon request
>>>>> 
>>>>> Join the conversation on the community@ list - 
>>>>> http://kantarainitiative.org/mailman/listinfo/community
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> Eve Maler                                  http://www.xmlgrrl.com/blog
>>>> +1 425 345 6756                         http://www.twitter.com/xmlgrrl
>>>> 
>>>> 
>>>> _______________________________________________
>>>> LC mailing list
>>>> LC at kantarainitiative.org
>>>> http://kantarainitiative.org/mailman/listinfo/lc
>>> 
>>>  
>>> _______________________________________________
>>> LC mailing list
>>> LC at kantarainitiative.org
>>> http://kantarainitiative.org/mailman/listinfo/lc
>> 
> 
>  
> _______________________________________________
> LC mailing list
> LC at kantarainitiative.org
> http://kantarainitiative.org/mailman/listinfo/lc

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://kantarainitiative.org/pipermail/lc/attachments/20110329/f972bdd1/attachment-0001.html 


More information about the LC mailing list