Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Trust Frameworks Explained

779 views

Published on

Trust Frameworks Explained 
(in 20 minutes or less). What is a Digital Identity Trust Framework?

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Trust Frameworks Explained

  1. 1. Trust Frameworks Explained (in 20 minutes or less) Andrew Hughes AndrewHughes3000@gmail.com KantaraInitiative.org
  2. 2. WHAT IS A DIGITAL IDENTITY TRUST FRAMEWORK? Explaining Digital Trust Frameworks in 20 minutes or less
  3. 3. Fun and Exciting!
  4. 4. Current Work  Creating a Pan-Canadian Trust Framework for the Digital Identification & Authentication Council of Canada (DIACC)  Stakeholders include: federal & provincial governments; financial institutions; telecom providers; credit bureaus; identity networks / hubs; credential managers, others  Wildly divergent needs, expectations and operational modes
  5. 5. What is a Digital Identity Trust Framework? “Digital Identity” • Identity: A reference or designation used to distinguish a unique and particular individual, organization or device. • Trusted Digital Identity: ‘a trusted electronic representation of who I am.’ “Framework” • Digital Identity Trust Frameworks define the ‘rules of the road’ for interactions between organizations when handling identity, authentication and authorization. Often, these Frameworks form the basis of agreements and contracts.
  6. 6. Functions  The DIACC Framework covers  Person Identity Proofing (Registration Authorities)  Credential Management  Authorization policy (PDP)  Access control (PEP)  Authentication of Credentials (Verifier)  Establishment of government authoritative identity records
  7. 7. WHY USE A DIGITAL IDENTITY TRUST FRAMEWORK?
  8. 8. A reason for a framework? To make negotiating agreements easier
  9. 9. Reasons for Frameworks  STANDARDIZATION of identity, authentication & access control processes and technologies within a trust community  LESSEN BURDEN by amalgamating published standards to reduce burden of adopters to know all the standards  Framework Profile creation process captures community-specific details, regulated requirements – GOVERNED by a designated body  Assessment & conformance approach will acknowledge and use PRIOR USE and certifications
  10. 10. How? Framework Contracts and Agreements Standards Regulations Laws Framework Profile
  11. 11. Some Details
  12. 12. Digital Trust Framework Elements Roles & Responsibilities
  13. 13. Digital Trust Framework Elements Business functions & Expected Processes
  14. 14. Digital Trust Framework Elements Processes & Criteria (proof of ‘sameness’ and ‘equivalency’)
  15. 15. Digital Trust Framework Elements Library of Profiles
  16. 16. Tools and Rules  Technical protocols  Software / servers  Cryptography  Communication protocols  Standards  Policies for proof of identity; ‘Levels’ of certainty  Privacy policy  Operations practices  Designated authorities
  17. 17. The Future Possibilities  Model contract clauses  Automation for contracts  Addition of new roles, responsibilities, business functions  Build a library of framework profiles
  18. 18. Now what? Join us in innovating and verifying trusted identity solutions for the world  Kantara Initiative members include global experts from industry and government in the fields:  Identity assurance  Privacy  Security  Policy  Information systems assessment  Join. Innovate. Trust. Visit.: KantaraInitiative.org
  19. 19. Join. Innovate. Trust. General Inquiries: support@kantarainitiative.org AndrewHughes3000@gmail.com

×