Attestation: Difference between revisions

Full Title

Attestation is a certified form of access checking or labeling that gives users or services to ascertain the trustworthiness of the entity.

Context

Goals

Components

This is a taxonomy of the components, that might be attested, ordered in increasing levels of specificity.

• Framework - in this wiki a trust framework that provides principles.
• Profile - details on the application of the framework to a specific vertical or horizontal group of entities.
• Service - a web site or collection of sites that offers services to entities, both digital and real-world
• Endpoint - a single address providing a specified set of services
• Application - a collection of software that provides a service to entities, both digital and real-world
• Device - a specific type of computing hardware with specific features specified in the framework.
• Instance - an identified application on an identified device or endpoint

Problems

It is far too easy for a web site to make a set of claims or mimic a well know brand to trick a user into performing actions that are against their intentions or best interests.

Solutions

The best attestations are performed by a Trusted Third Party that is known to a community of users. This will involved at least a framework profile and a service. As the service branches out to increasing levels of security and privacy it is likely that more levels of specificity, as outlined above, will be desirable.

Self Attestation

Audited Attestation

References