User Agent Assurance
Full Title or Meme
This is an abstract concept that covers any combination of software and hardware that can be assured to faithfully represent any part of a user's presence or intentions on the web.
Context
- This extends a prior effort to specify a means to report Software Compliance Attestation for Native Apps for US Healthcare to Web Apps and devices like FIDO2.
- There are two relevant standards, both of which are up for review on 2021-01-01
- ISO/IEC 29115 Entity Authentication Assurance
- Nist SP 800-63-3B
Solutions
Native Apps
This certifies that the named app has been certified according to all listed trust-registries.
{ "id": 1, "name": "us.trustworthy.agent", "version": "1", "platform": "Android", "min_platform": "23", "source": null, "jurisdiction": "us-wa", "user_authn": null, "dateRegistered": 1576358115, "url": "https://trustregistry.us/csp", "trust_registry": "US Healthcare Assurance Framework" },
Web Apps
This MAAS gives "Fred's software shop' the certification and binding to a signing key based on the rules of all listed trust registries.
{ "id": 1, "name": "us.trustworthy.agent", "version": "1", "platform": "ServiceWorker", "min_platform":null, "source": { "developer":"Fred's software shop', "key": "...key..." } "jurisdiction": "us-wa", "user_authn": null, "dateRegistered": 1576358115, "url": "https://trustregistry.us/csp", "trust_registry": "US Healthcare Assurance Framework" },
FIDO Authenticators
References
- Device Integrity supporting User Authentication Use case from 2013