Attestation: Difference between revisions
Jump to navigation
Jump to search
Line 19: | Line 19: | ||
==Solutions== | ==Solutions== | ||
The best attestations are performed by [[Trusted Third Party]] that is | The best attestations are performed by a [[Trusted Third Party]] that is known to a community of users. This will typically involved a | ||
===Self Attestation=== | ===Self Attestation=== | ||
===Audited Attestation=== | ===Audited Attestation=== |
Revision as of 18:29, 21 May 2019
Full Title
Attestation is a certified form of access checking or labeling that gives users or services to ascertain the trustworthiness of the entity.
Context
Goals
Components
This is a taxonomy of the components, that might be attested, ordered in increasing levels of specificity.
- Framework - in this wiki a trust framework that provides principles.
- Profile - details on the application of the framework to a specific vertical or horizontal group of entities.
- Service - a web site or collection of sites that offers services to entities, both digital and real-world
- Endpoint - a single address providing a specified set of services
- Application - a collection of software that provides a service to entities, both digital and real-world
- Device - a specific type of computing hardware with specific features specified in the framework.
- Instance - an identified application on an identified device or endpoint
Problems
It is far too easy for a web site to make a set of claims or mimic a well know brand to trick a user into performing actions that are against their intentions or best interests.
Solutions
The best attestations are performed by a Trusted Third Party that is known to a community of users. This will typically involved a