User Agent Assurance

From IDESG Wiki
Revision as of 22:05, 14 January 2021 by Tomjones (Talk | contribs) (FIDO Authenticators)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Full Title or Meme

This is an abstract concept that covers any combination of software and hardware that can be assured to faithfully represent any part of a user's presence or intentions on the web.

Context

Solutions

The following are just the current thinking about how to accommodate the known variants of User Agent.

Native Apps

  • This certifies that the named app has been certified according to all listed trust-registries.
  • This cert is tied to one particular software version.
 {
   "id": 1,
   "name": "us.trustworthy.agent",
   "version": "1",
   "platform": "Android",
   "min_platform": "23",
   "source": null,
   "jurisdiction": "us-wa",
   "user_authn": null,
   "dateRegistered": 1576358115,
   "url": "https://trustregistry.us/csp",
   "trust_registry": "US Healthcare Assurance Framework"
 },

Web Apps

  • This MAAS gives "Fred's software shop' the certification and binding to a signing key based on the rules of all listed trust registries.
  • The developer certifies that code loaded from this site is conformant to the acceptance criteria.
 {
   "id": 1,
   "name": "us.trustworthy.agent",
   "version": "1",
   "platform": "ServiceWorker",
   "min_platform":null,
   "source": 
       {
        "developer":"Fred's software shop',
         "key": "...key..."
        }
   "jurisdiction": "us-wa",
   "user_authn": null,
   "dateRegistered": 1576358115,
   "url": "https://trustregistry.us/csp",
   "trust_registry": "US Healthcare Assurance Framework"
 },

Browser as User Agent

In general browser trust is built by the company that provides it. The user is responsible for picking the browsers that is most likely to meet their needs.


FIDO Authenticators

The user selects the authenticator. Each authenticator needs an assurance statement.

References