Phase III IDEF Registry: Difference between revisions
Jump to navigation
Jump to search
Line 15: | Line 15: | ||
*[https://tcwiki.azurewebsites.net/index.php?title=Framework_Profile Framework Profile] | *[https://tcwiki.azurewebsites.net/index.php?title=Framework_Profile Framework Profile] | ||
* [https://docs.google.com/presentation/d/1sYqjqnarKBMGMT-3dJuA6QE4EWYhD3pvtbQZvn9Xz3w Consumer Ratings System] | *[[Health Care Profile]] | ||
*[[Financial Profile]] | |||
*[https://docs.google.com/presentation/d/1sYqjqnarKBMGMT-3dJuA6QE4EWYhD3pvtbQZvn9Xz3w Consumer Ratings System] | |||
===Use Cases=== | ===Use Cases=== |
Revision as of 16:49, 15 April 2019
Project details for Phase III are to be tracked here.
Phase II IDEF Registry is where the prior phase was tracked.
Requirements for Phase III
- Trusted Identities in Cyberspace will continue as the primary goal.
- Users can know that their personal information is:
- Acquired and used only on their consent and for the purposes agreed in advance.
- Only going to sites that have proven their identity and intent to the user.
- Will be securely protected wherever it is stored.
- Users can easily learn about the ratings on registered web sites
- Each Web site will present cryptographic proof of their identities, ratings and intentions about user information.
Requirements Documents
Use Cases
Archive of Files
- Trusted Resolver
- Wiki page Privacy Profile is in development
Minuets of meetings
Updates completed in Phase II
- Interop File:Interop Requirements Update.docx
- Privacy File:Privacy Requirements Update.docx
- Security File:Secure Requirements Update.docx
- Usable File:Usable Requirments Update.docx
Work Product
- Build example use case and sandbox for emergency contact information
- Obtain funding to move forward with Web Site ratings
- Obtain funding to build out a sandbox for the Trust Registry
- Continue alignment with NIST specifications on Risk and Privacy.
Open Issues
Carry over from the Phase II team:
- There will be multiple identifier frameworks (aka methods or profiles) which have their own set of identity requirements.
- Some of the frameworks will be IDEF compliant.
- All IDESG compliant frameworks will provide a machine-readable method to determine if a web site is a member of the framework
- Especially at the start, most frameworks will not be IDEF compliant.
- How should an IDEF compliant entity deal with identifiers that are:
- from within their own framework, ie within Healthcare or within the education internet 2 framework,
- from an external framework that is still IDEF compliant, ie a student being transfered from a school client to the healthcare hospital or from a VA hospital with a PIV card to a public hospital that cannot read it
- from an external framework it is not IDEF compliant, ie from a social network site like Google, FB, Microsoft, etc.
- There is no advice available for entities that do not normally interact with the user on recovery and redress
- No standard has been found that helps to describe how a site with no user connectivity can meet any privacy or security guideline.
- While there is a federation metadata draft standard from OpenID, it is oriented to enterprise environments where there is already a relationship with the users, there is no similar metadata standard for open environments.