...
http://kantarainitiative.org/confluence/display/bctf/Global+Trust+Framework+Survey
...........................................................................................................................................................
And of course we have the SAC (Service Assessment Criteria) that the Kantara Identity Assurance Framework uses for IdPs, that the IAWG is custodian of, that you see here (IAF 1400)
Look at the lists in section 4 and 5 of this
Section 4: COMMON ORGANIZATIONAL SERVICE ASSESSMENT CRITERIA
Enterprise and Service Maturity ..................................................................
Notices and User Information/Agreements ..................................................
Information Security Management ...............................................................
Security-relevant Event (Audit) Records......................................................
Operational infrastructure ............................................................................
External Services and Components ..............................................................
Secure Communications
Section 5: OPERATIONAL SERVICE ASSESSMENT CRITERIA.......................................
Credential Operating Environment ..............................................
Credential Issuing..........................................................................
Credential Renewal and Re-issuing...............................................
Credential Revocation...................................................................
Credential Status Management....................................................
Credential Verification/Authentication
We also have the discussion/list in the IETF about the Vectors of Trust which we should refer to
The trust vectors so far are (flip-sided as risk vectors thanks to Scott Shorter!):
Identity proofing/Identity theft
Credential Strength//Credential compromise
Assertion strength/Assertion subversion
Operational management/?
And we have some basic security requirements from the likes of ISO 27001/27002