Phase III IDEF Registry

From IDESG Wiki
Jump to navigation Jump to search

Project details for Phase III are to be tracked here.

Phase II IDEF Registry is where the prior phase was tracked.

Requirements for Phase III

  1. Trusted Identities in Cyberspace will continue as the primary goal.
  2. Users can know that their personal information is:
    1. Acquired and used only on their consent and for the purposes agreed in advance.
    2. Only going to sites that have proven their identity and intent to the user.
    3. Will be securely protected wherever it is stored.
  3. Users can easily learn about the ratings on registered web sites
  4. Each Web site will present cryptographic proof of their identities, ratings and intentions about user information.

Requirements Documents

Updates completed in Phase II

Archive of Files

Open Issues

Carry over from the Phase II team:

  1. There will be multiple identifier frameworks (aka methods) which have their own set of identity requirements.
  2. Some of the frameworks will be IDEF compliant.
  3. All IDESG compliant frameworks will provide a machine-readable method to determine if a web site is a member of the framework
  4. Especially at the start, most frameworks will not be IDEF compliant.
  5. How should an IDEF compliant entity deal with identifiers that are:
    1. from within their own framework, ie within Healthcare or within the education internet 2 framework,
    2. from an external framework that is still IDEF compliant, ie a student being transfered from a school client to the healthcare hospital or from a VA hospital with a PIV card to a public hospital that cannot read it
    3. from an external framework it is not IDEF compliant, ie from a social network site like Google, FB, Microsoft, etc.
  6. There is no advice available for entities that do not normally interact with the user on recovery and redress
  7. No standard has been found that helps to describe how a site with no user connectivity can meet any privacy or security guideline.
  8. While there is a federation metadata draft standard from OpenID, it is oriented to enterprise environments where there is already a relationship with the users, there is no similar metadata standard for open environments.

References