Attribute Vector: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
|||
(5 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
==Full Title or Meme== | ==Full Title or Meme== | ||
A list of [[Attribute]]s about an individual that is presented to provider of goods or services (the [[Relying Party]]) to establish to ability of the user to successfully complete a transaction with the provider. | A list of [[Attribute]]s about an individual that is presented to a provider of goods or services (the [[Relying Party]]) to establish to ability of the user to successfully complete a transaction with the provider. | ||
==Preconditions== | ==Preconditions== | ||
* The primary use case for the [[Attribute Vector]] is a user navigating to the web site where they need be able establish a level of trust by the [[Relying Party]] to meet | * The primary use case for the [[Attribute Vector]] is a user navigating to the web site of a [[Relying Party]] where they need be able establish a level of trust by the [[Relying Party]] to meet its need for assurance about the user's ability to be trusted with their goods or services while maintaining the user's expectations of privacy. As such it is expected that user stipulations will be included as well as [[User Private Information]]. | ||
* Both the user and the [[Relying Party]] have the capability to create and understand the vector and its release of [[Attribute]]s to the [[Relying Party]]. | * Both the user and the [[Relying Party]] have the capability to create and understand the vector and its release of [[Attribute]]s to the [[Relying Party]]. | ||
==Problems== | ==Problems== | ||
* Today the user is prompted for [[User Information]] by the web site it whatever form that site wishes. There is no real understanding by the user of what all will be requested or what conditions the user may be able to place on the release of information to the site. | * Today the user is prompted for [[User Private Information]] by the web site it whatever form that site wishes. There is no real understanding by the user of what all will be requested or what conditions the user may be able to place on the release of information to the site. | ||
==Solutions== | ==Solutions== | ||
Line 13: | Line 13: | ||
# To be fully compliant with the various [[Privacy]] legislation like the [[GDPR]] or the California legislation the [[Relying Party]] may first require that the user establish a channel back to the user for the performance of required [[Redress]] and [[Recovery]] operations. | # To be fully compliant with the various [[Privacy]] legislation like the [[GDPR]] or the California legislation the [[Relying Party]] may first require that the user establish a channel back to the user for the performance of required [[Redress]] and [[Recovery]] operations. | ||
# Only then should the [[Relying Party]] be in a position to request additional [[Attribute]]s from the [[User]]. | # Only then should the [[Relying Party]] be in a position to request additional [[Attribute]]s from the [[User]]. | ||
# Once the [[Relying Party]] has possession of the [[Attribute Vector]] it can apply its own risk profile to the vector to determine if the user meets the | # Once the [[Relying Party]] has possession of the [[Attribute Vector]] it can apply its own risk profile to the vector to determine if the user meets the site's policy for granting trust to users on the site. | ||
==References== | ==References== |
Latest revision as of 21:49, 27 April 2019
Full Title or Meme
A list of Attributes about an individual that is presented to a provider of goods or services (the Relying Party) to establish to ability of the user to successfully complete a transaction with the provider.
Preconditions
- The primary use case for the Attribute Vector is a user navigating to the web site of a Relying Party where they need be able establish a level of trust by the Relying Party to meet its need for assurance about the user's ability to be trusted with their goods or services while maintaining the user's expectations of privacy. As such it is expected that user stipulations will be included as well as User Private Information.
- Both the user and the Relying Party have the capability to create and understand the vector and its release of Attributes to the Relying Party.
Problems
- Today the user is prompted for User Private Information by the web site it whatever form that site wishes. There is no real understanding by the user of what all will be requested or what conditions the user may be able to place on the release of information to the site.
Solutions
- Users can Authenticate in a manner that gives a Relying Party a consistent Identifier that can be sued from session to session without the need for sharing any User Private Information.
- To be fully compliant with the various Privacy legislation like the GDPR or the California legislation the Relying Party may first require that the user establish a channel back to the user for the performance of required Redress and Recovery operations.
- Only then should the Relying Party be in a position to request additional Attributes from the User.
- Once the Relying Party has possession of the Attribute Vector it can apply its own risk profile to the vector to determine if the user meets the site's policy for granting trust to users on the site.