Attestation: Difference between revisions

From IDESG Wiki
Jump to navigation Jump to search
Line 19: Line 19:


==Solutions==
==Solutions==
The best attestations are performed by a [[Trusted Third Party]] that is known to a community of users. This will typically involved at least a framework profile and a service. As the service branches out to increasing levels of security and privacy it is likely that more levels of specificity, as outlined above, will be desirable.
The best attestations are performed by a [[Trusted Third Party]] that is known to a community of users. This will involved at least a framework profile and a service. As the service branches out to increasing levels of security and privacy it is likely that more levels of specificity, as outlined above, will be desirable.
===Self Attestation===
===Self Attestation===
===Audited Attestation===
===Audited Attestation===

Revision as of 18:32, 21 May 2019

Full Title

Attestation is a certified form of access checking or labeling that gives users or services to ascertain the trustworthiness of the entity.

Context

Goals

Components

This is a taxonomy of the components, that might be attested, ordered in increasing levels of specificity.

  • Framework - in this wiki a trust framework that provides principles.
  • Profile - details on the application of the framework to a specific vertical or horizontal group of entities.
  • Service - a web site or collection of sites that offers services to entities, both digital and real-world
  • Endpoint - a single address providing a specified set of services
  • Application - a collection of software that provides a service to entities, both digital and real-world
  • Device - a specific type of computing hardware with specific features specified in the framework.
  • Instance - an identified application on an identified device or endpoint

Problems

It is far too easy for a web site to make a set of claims or mimic a well know brand to trick a user into performing actions that are against their intentions or best interests.

Solutions

The best attestations are performed by a Trusted Third Party that is known to a community of users. This will involved at least a framework profile and a service. As the service branches out to increasing levels of security and privacy it is likely that more levels of specificity, as outlined above, will be desirable.

Self Attestation

Audited Attestation

References