Attestation: Difference between revisions

From IDESG Wiki
Jump to navigation Jump to search
Line 6: Line 6:


===Components===
===Components===
This is a taxonomy of the components that might be attested ordered in increasing levels of specificity.
*Framework - in this wiki a trust framework that provides principles.
*Framework - in this wiki a trust framework that provides principles.
*Profile - details on the application of the framework to a specific vertical or horizontal group of entities.
*Profile - details on the application of the framework to a specific vertical or horizontal group of entities.

Revision as of 18:26, 21 May 2019

Full Title

Attestation is a certified form of access checking or labeling that gives users or services to ascertain the trustworthiness of the entity.

Context

Goals

Components

This is a taxonomy of the components that might be attested ordered in increasing levels of specificity.

  • Framework - in this wiki a trust framework that provides principles.
  • Profile - details on the application of the framework to a specific vertical or horizontal group of entities.
  • Service - a web site or collection of sites that offers services to entities, both digital and real-world
  • Endpoint - a single address providing a specified set of services
  • Application - a collection of software that provides a service to entities, both digital and real-world
  • Device - a specific type of computing hardware with specific features specified in the framework.
  • Instance - an identified application on an identified device or endpoint

Problems

It is far too easy for a web site to make a set of claims or mimic a well know brand to trick a user into performing actions that are against their intentions or best interests.

Solutions

The best attestations are performed by Trusted Third Party that is know to a community of users. This will typically involved a

Self Attestation

Audited Attestation

References