[WG-P3] [WG-IDAssurance] Trust Federation Frameworks andAssurance Metrics
rainer at hoerbe.at
Sun May 15 09:45:45 EDT 2011
Am 15.05.2011 um 14:09 schrieb j stollman:
> It if for this reason, that I continue to focus on the alternative model for Trust Frameworks that I proposed back in March. The current model is based on roles. I proposed a model based on trust relationships. Ultimately, I am just transposing rows and columns in a matrix of roles versus trust relationships. I contend that there is a fixed and manageable number of trust vectors that exist between any two parties -- regardless of their role. (Though, I also agree the the weighting will change depending on the role of the party or the environment of the transaction. I.e., though I trust my best friend to look out for my interests, I may not trust him to do so if his life is being threatened.)
The TFMM shall accommodate that view. I believe that a single hierarchy won't be sufficient to provide a structure for all needs. If you look at the detailed TFMM topic map you will see multiple actor models included. The same can be done with trust relationships.
> In my previous proposal I suggested that there need to be at least four trust relationships: Identity, Terms, Subsidiary Rights, and Enforcement. Based on this thread, I have added Environment to include both session integrity as well as such factors such as having one's actions compromised by threats or pressure.
IFAIK we defined trust relationships by their parties (asserting/relying actor) so far. The segmentation into identity, terms etc. is new to me. Did you write about this already?
> In this model, all transactions are 1:1. A particular transaction (e..g, buying a widget from an online vendor) may require multiple 1:1 component transactions (between subject and vendor, between subject and credit card company, between credit card company and vendor, etc.). Each transaction still has the same complexity (i.e. number of cells in the matrix). But each transaction can be evaluated using the same criteria (though the weightings applied may well change for each role pairing). The simplification this model brings is that only five scores need to be created that can then be re-weighted as needed for each component transaction.
Hmm, not sure I really understand this deconstruction. Any kind of transitive trust (like RP -> IdP -> Subscriber -> User; RP -> Attribute Provider -> Attribute Authority; RP -> FO -> Trust Anchor) cannot be mapped into separate 1:1 relationships, as the dependency remains.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the WG-P3