Secure Sharing of High Integrity Documents
Revision as of 22:53, 29 February 2020 by Tomjones (talk | contribs) (→=Use Case, Consent with Assurance)
Full Title
When documents from multiple sources are sent in response to a request, some means must be established to set the context of the documents so that the receiving process can determine how to process every element of the transmission.
Context
Use Case, Consent with Assurance
Consider the case of a user attempting to establish a connection with a site that they have never been registered that requires both consent of the user to store their personal data plus assurance of either the identity (IAL2) or authentication (AAL2) of the resulting connection. While it has been possible to do this using separate messages, the user experience requires separate actions by the user. The proposed solution for this is the following:
- The user establishes an identifier, possibly with some attributes, like email or phone, that will authenticate an interchange session.
- The user acquires some hardware device that can keep the user's credentials secure from attack.