Building the Identity Ecosystem Framework

From IIW

Session Topic: Identity Ecosystem Framework

Tuesday 4D

Convener: David Temoshok

Notes-taker(s): Eric Scace

What are the participants in the ecosystem?

• users: individuals, businesses, machines/devices

• actors: machines or persons

• groups: generic (as users)

• service providers

• agents a.k.a proxies

• authorities, government

• access providers

• credential issuers

• regulators

• technology suppliers

• advocacy groups

• attribute providers

• relying parties

• noise

• trust framework providers

• criminals

• accreditation services

... and probably more.

What are roles?

• users who want to access something...

• service providers (either providing identity services or employing identities provided by something/someone else): relying parties

• credential users

• regulators

• tech suppliers

• trust framework providers.  Led into an expository talk about trust inheritance or transitive prosperities.

What is a trust framework?

• 1 answer: business, legal, & technical rules...

• another answer: what is the bar of acceptability... verified conformance to a set of rules.

• Kaliya: What do you mean by trust?

DaveT: Ficam defined 4 levels of assurance (low to high).  Other trust frameworks have done something similarly.

Long discussion about establishing trust criteria for relying parties.

Several speakers asserted that, by focusing on 'trust framework', we are focusing on the wrong thing.  For example, one spoke of 'assurance trust'.

Kaliya raised issues around frameworks that rely on increasing amounts of personal data for higher levels of assurance.

The clock ran out as the group delved further into the thicket of views about scope of trust frameworks and assurance... and at expiry many intriguing perceptions were socialized but opinions had yet to coalesce around any one or small subset of perspectives.