Guardian: Difference between revisions

From IDESG Wiki
Jump to navigation Jump to search
Line 22: Line 22:
==Solutions==
==Solutions==


A guardian cannot act in isolation—it must always have a mandate. That mandate can originate
A guardian cannot act in isolation—it must always have a mandate. That mandate can originate from these sources:
from three sources:
# Legal Construct. Guardianship may be based on a legal construct. This legal construct usually takes the form of a power of attorney singed by the subject, regulation, or court order.
# Legal Construct. Guardianship may be based on a legal construct such as the U.K. Power of Attorney that Jamie gave his wife, Ann. This legal construct usually takes the form of a document, regulation, or court order.
# Social Norm. Many forms of guardianship are based on a social norm with nothing but custom or circumstance to back it up. An example is the aid worker who found an unaccompanied child at the border and brought her to a camp.
# Social Norm. Many forms of guardianship are based on a social norm with nothing but custom or circumstance to back it up. An example is the aid worker who found Mya at the border and brought her to the camp.
# Organizational Governance. This type of mandate is encoded in an industry code of practice, regulation, or domain-specific governance framework.
# Organizational Governance. This type of mandate is encoded in an industry code of practice, regulation, or domain-specific governance framework.



Revision as of 18:46, 27 December 2019

Full Title or Meme

Guardians are recognized by sovereign governments as Authorized to take actions to protect people or property that cannot be left to themselves or their owners to protect.

Context

In the context of identity management the guardian accepts responsibility for an Identifier or User Private Information that is owned by some Subject.

Related Terms

  • Delegate - where the guardian is identified independently of the subject (aka acts in openID)
  • Impersonation - where the guardian takes on the identity of the subject (supposedly this is illegal in openID, but it is very hard to detect.)
  • Agent - where the guardian is some other process. While this is like delegation, typically the agent is only identified in the transport protocol and not in the application.
  • Proof-of-Presence - where the agent presents evidence that the Subject has personally initiated the request that is presented by the agent.
  • Client - in the sense that the Subject has delegated some limited authority to the client who can then access only to those subject's assets granted by the subject.
  • Fiduciary - the resource owner may place their assets in the hands of an organization like many in a bank, or data in a data store that acts on their behalf.

Problems

Guardianship is context dependent.

  • An adult can register a homeless child for school with little documentation.
  • A child that needs medical care can allow nearly anyone that comes with them to the hospital to make choices.
  • Emergency workers may need to notify guardians of actions taken to protect life or property, but cannot be expected to seek prior approval.
  • Good data is often more important than strict enforcement of guardian relationships.

Solutions

A guardian cannot act in isolation—it must always have a mandate. That mandate can originate from these sources:

  1. Legal Construct. Guardianship may be based on a legal construct. This legal construct usually takes the form of a power of attorney singed by the subject, regulation, or court order.
  2. Social Norm. Many forms of guardianship are based on a social norm with nothing but custom or circumstance to back it up. An example is the aid worker who found an unaccompanied child at the border and brought her to a camp.
  3. Organizational Governance. This type of mandate is encoded in an industry code of practice, regulation, or domain-specific governance framework.

References