Entity Statement: Difference between revisions
Jump to navigation
Jump to search
| Line 1: | Line 1: | ||
==Full Title or Meme== | ==Full Title or Meme== | ||
An [[Attestation]] statement about the [ | An [[Attestation]] statement about the [https://tcwiki.azurewebsites.net/index.php?title=Trusted_Identifier Trusted Identifier] of the [[Entity]] typically from a [[Trust_Framework_Membership_Validation#Federation_Operator|Federation Operator]]. | ||
==Preconditions== | ==Preconditions== | ||
Revision as of 21:15, 30 April 2019
Full Title or Meme
An Attestation statement about the Trusted Identifier of the Entity typically from a Federation Operator.
Preconditions
- The primary use case for the Entity Statement is a user navigating to the web site where they need be able to trust the site with their User Private Information.
Problems
- Best method for establishing trust with a web site today in the EV Cert which is designed to bind the web site to a real world entity.
Solutions
- Users can Authenticate in a manner that gives a Relying Party a consistent Identifier that can be sued from session to session without the need for sharing any User Private Information.
- To be fully compliant with the various Privacy legislation like the GDPR or the California legislation the Relying Party may first require that the user establish a channel back to the user for the performance of required Redress and Recovery operations.
- Only then should the Relying Party be in a position to request additional Attributes from the User.