Framework Profiles: Difference between revisions

From IDESG Wiki
Jump to navigation Jump to search
Line 4: Line 4:
==Context==
==Context==
*As a part of the creation of a set of [[Identity Ecosystem]]s this plan lays out how to address specific community needs for security, privacy, interoperability and user experience. It is expected that all communities will start from the Baseline Functional Requirements (as amended from time to time) and add additional requirements in those four areas plus the potential for a trusted laboratory validation of compliance with the profiles.
*As a part of the creation of a set of [[Identity Ecosystem]]s this plan lays out how to address specific community needs for security, privacy, interoperability and user experience. It is expected that all communities will start from the Baseline Functional Requirements (as amended from time to time) and add additional requirements in those four areas plus the potential for a trusted laboratory validation of compliance with the profiles.
*The Kantara Initiative has a[https://kantarainitiative.org/trust-registry/ Trust Registry] base on SAML 2 metadata.
A partial list of the existing compliance effort that are used as models includes:
*The OpenID foundation has a certification program for several of their identity profiles that has won wards for [https://openid.net/2018/05/16/openid-certification-program-wins-2018-european-identity-and-cloud-award/ 2018 European Identity and Cloud Award] and the [https://openid.net/2018/03/29/openid-certification-program-wins-2018-identity-innovation-award/ 2018 Identity Innovation Award].
#The Kantara Initiative has a[https://kantarainitiative.org/trust-registry/ Trust Registry] base on SAML 2 metadata.
*The NIST has an [https://pages.nist.gov/800-63-3/ SP 800-63-3] compliance program which now has assessors like Kantara to certify compliance.
#The OpenID foundation has a certification program for several of their identity profiles that has won wards for [https://openid.net/2018/05/16/openid-certification-program-wins-2018-european-identity-and-cloud-award/ 2018 European Identity and Cloud Award] and the [https://openid.net/2018/03/29/openid-certification-program-wins-2018-identity-innovation-award/ 2018 Identity Innovation Award].
#The NIST has an [https://pages.nist.gov/800-63-3/ SP 800-63-3] compliance program which now has assessors like Kantara to certify compliance.


==Problems==
==Problems==

Revision as of 20:49, 10 October 2018

Full Title or Meme

The Identity Ecosystem Framework will need fine-grained specifications for applying its principles to specific vertical industry and horizontal community requirements.

Context

  • As a part of the creation of a set of Identity Ecosystems this plan lays out how to address specific community needs for security, privacy, interoperability and user experience. It is expected that all communities will start from the Baseline Functional Requirements (as amended from time to time) and add additional requirements in those four areas plus the potential for a trusted laboratory validation of compliance with the profiles.

A partial list of the existing compliance effort that are used as models includes:

  1. The Kantara Initiative has aTrust Registry base on SAML 2 metadata.
  2. The OpenID foundation has a certification program for several of their identity profiles that has won wards for 2018 European Identity and Cloud Award and the 2018 Identity Innovation Award.
  3. The NIST has an SP 800-63-3 compliance program which now has assessors like Kantara to certify compliance.

Problems

  • Each jurisdiction creates their own Identifier domain(s) for users and for providers that can be used to identify participants with some central rooted registry for the participants that have met the framework profile requirements.

Solutions

As each community begins the process of creating profile the committee will coordinate and record their efforts here:

  1. Health Care Profile now in planing with the
  2. Financial Profile now considering the creation of a specific implementation of a Financial Profile Sandbox for compliance testing.

References