User Agent Assurance: Difference between revisions

From IDESG Wiki
Jump to navigation Jump to search
 
(4 intermediate revisions by the same user not shown)
Line 8: Line 8:
** Nist SP 800-63-3B
** Nist SP 800-63-3B
==Solutions==
==Solutions==
The following are just the current thinking about how to accommodate the known variants of User Agent.
===Native Apps===
===Native Apps===
This certifies that the named app has been certified according to all listed trust-registries.
* This certifies that the named app has been certified according to all listed trust-registries.
* This cert is tied to one particular software version.
   {
   {
     "id": 1,
     "id": 1,
Line 25: Line 27:


===Web Apps===
===Web Apps===
This MAAS gives "Fred's software shop' the certification and binding to a signing key.
* This MAAS gives "Fred's software shop' the certification and binding to a signing key based on the rules of all listed trust registries.
* The developer certifies that code loaded from this site is conformant to the acceptance criteria.
   {
   {
     "id": 1,
     "id": 1,
Line 43: Line 46:
     "trust_registry": "US Healthcare Assurance Framework"
     "trust_registry": "US Healthcare Assurance Framework"
   },
   },
===Browser as User Agent===
In general browser trust is built by the company that provides it. The user is responsible for picking the browsers that is most likely to meet their needs.


===FIDO Authenticators===
===FIDO Authenticators===
The user selects the authenticator. Each authenticator needs an assurance statement.


==References==
==References==

Latest revision as of 22:05, 14 January 2021

Full Title or Meme

This is an abstract concept that covers any combination of software and hardware that can be assured to faithfully represent any part of a user's presence or intentions on the web.

Context

Solutions

The following are just the current thinking about how to accommodate the known variants of User Agent.

Native Apps

  • This certifies that the named app has been certified according to all listed trust-registries.
  • This cert is tied to one particular software version.
 {
   "id": 1,
   "name": "us.trustworthy.agent",
   "version": "1",
   "platform": "Android",
   "min_platform": "23",
   "source": null,
   "jurisdiction": "us-wa",
   "user_authn": null,
   "dateRegistered": 1576358115,
   "url": "https://trustregistry.us/csp",
   "trust_registry": "US Healthcare Assurance Framework"
 },

Web Apps

  • This MAAS gives "Fred's software shop' the certification and binding to a signing key based on the rules of all listed trust registries.
  • The developer certifies that code loaded from this site is conformant to the acceptance criteria.
 {
   "id": 1,
   "name": "us.trustworthy.agent",
   "version": "1",
   "platform": "ServiceWorker",
   "min_platform":null,
   "source": 
       {
        "developer":"Fred's software shop',
         "key": "...key..."
        }
   "jurisdiction": "us-wa",
   "user_authn": null,
   "dateRegistered": 1576358115,
   "url": "https://trustregistry.us/csp",
   "trust_registry": "US Healthcare Assurance Framework"
 },

Browser as User Agent

In general browser trust is built by the company that provides it. The user is responsible for picking the browsers that is most likely to meet their needs.


FIDO Authenticators

The user selects the authenticator. Each authenticator needs an assurance statement.

References