Attestation
Full Title
Attestation is a certified form of access checking or labeling that gives users or services to ascertain the trustworthiness of the entity.
Context
Goals
Components
This is a taxonomy of the components, that might be attested, ordered in increasing levels of specificity.
- Framework - in this wiki a trust framework that provides principles.
- Profile - details on the application of the framework to a specific vertical or horizontal group of entities.
- Service - a web site or collection of sites that offers services to entities, both digital and real-world
- Endpoint - a single address providing a specified set of services
- Application - a collection of software that provides a service to entities, both digital and real-world
- Device - a specific type of computing hardware with specific features specified in the framework.
- Instance - an identified application on an identified device or endpoint
Problems
It is far too easy for a web site to make a set of claims or mimic a well know brand to trick a user into performing actions that are against their intentions or best interests.
Solutions
The best attestations are performed by a Trusted Third Party that is known to a community of users. This will typically involved at least a framework profile and a service. As the service branches out to increasing levels of security and privacy it is likely that more levels of specificity, as outlined above, will be desirable.