Attestation

From IDESG Wiki
Jump to navigation Jump to search

Full Title

Attestation is a certified form of access checking or labeling that gives users or services to ascertain the trustworthiness of the entity.

Context

Goals

Components

This is a taxonomy of the components, that might be attested, ordered in increasing levels of specificity.

  • Framework - in this wiki a trust framework that provides principles.
  • Profile - details on the application of the framework to a specific vertical or horizontal group of entities.
  • Service - a web site or collection of sites that offers services to entities, both digital and real-world
  • Endpoint - a single address providing a specified set of services
  • Application - a collection of software that provides a service to entities, both digital and real-world
  • Device - a specific type of computing hardware with specific features specified in the framework.
  • Instance - an identified application on an identified device or endpoint

Problems

It is far too easy for a web site to make a set of claims or mimic a well know brand to trick a user into performing actions that are against their intentions or best interests.

Solutions

The best attestations are performed by Trusted Third Party that is know to a community of users. This will typically involved a

Self Attestation

Audited Attestation

References