Versions Compared

Old Version 73

changes.mady.by.user Former user

Saved on

compared with

New Version 74

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 4.0

...

A more detailed review of working groups, standards efforts, and general understanding of terms is required. The ideal document would be “Attribute Management and The Attribute Ecosystem--The Players, Their Work, The Issues”. There needs to be effort around the normalization of a base identity attribute set. While we see work going on in the FICAM, OASIS, SCIM, OIX-AX and other arenas, work still needs to be done to bridge those and any other efforts together to make a cohesive attribute set.

  • Recommendation: Creation of a Kantara Attribute Management Working Group or continuation of the existing Discussion Group (but rechartered) to conduct an environmental survey of groups and activities in the attribute management space (there are dozens at least) and create a cohesive index and description of where they fit in the attribute management space, where they are orthogonal or overlapping (this should be a prerequisite to the attribute LoA/LoC work mentioned below under 'Trust Frameworks')
  • Recommendation: Establish formal liaison with the OIX Attribute Exchange Working Group and the OASIS Trust elevation Technical Committee so that the various efforts are harmonised, synergistic and do not overlap.

Recommendation #4: Query Language

In response to Gap #6

While the need for a query language that could handle multiple schemas and protocols is identified as a gap by this discussion group, closing that gap was determined to be outside the mandate and expertise of the Kantara Initiative. This area should be left to other organizations, such as OASIS, IETF or the W3C.

Recommendation #5: Trust frameworks

In response to Gap #7

Current trust framework/federation/circles of trust deployments are still developing their approaches to attribute management. Interfederation increases the complexity of attribute management many times. In the case of inter-federation, trust framework governance becomes a critical dependency for cohesive attribute management.

  • Recommendation: Create a Kantara Working Group or co-create/collaborate in the creation of a group elsewhere (IDCommons, ISOC, OIX - wherever most support can be garnered) to define the components that constitute a 'LoC' for attributes and to confirm the need to differentiate this context from the context of identity proofing and credential strength that is applied to 'LoA' of identity. The output of this work should be submitted to an SDO for onward standardization, to avoid any future confusion or misunderstanding.
  • Recommendation: Monitor developments in ISOC's 'Internet Attribute Infrastructure' initiative, the Business Cases for Trusted Federations (BCTF) DG, and look for opportunities to develop specific work streams within Kantara. (One potential area is to create a Kantara Working Group to establish an LoC/LoA program and associated criteria for attributes. Kantara has experience in providing and vetting an LoA framework for identity with the Identity assurance Working Group and the Assurance Review Board; can that be expanded in to providing LoC/LoA for attributes?)

Recommendation #6: Governance

In response to Gap #8, 9

The governance aspect of attribute management is critical - both inwards facing from a trust framework/federation/circle of trust down to and through the enterprise, and outwards to global governance of accessible repositories of attribute sets. While there are sporadic efforts in communities at present, what is needed is a commonly agreed roadmap to further develop attribute management and a set of guidance and best practice to assist implementers and deployers.

  • Recommendation: Kantara establish multiple liaisons with the ISOC 'Internet Attribute Infrastructure' initiative back to the AM DG (or a sub group of the proposed AM WG Group) and the BCTF DG, and monitor progress for specific work streams to be developed within Kantara.

Recommendation #7: Mechanisms

In response to Gap #8

The mechanisms required to enable discovery, maintenance and exchange of identity attributes are critical to deploying identity solutions. These mechanisms must address the security and privacy concerns of subjects, relying parties and identity providers both within and across trust frameworks.

  • Recommendation: Creation of a Kantara Attribute Management Working Group or continuation of the existing Discussion Group (but rechartered) to make recommendations concerning catalogs of vertical specific attribute sets (i.e. extensions), lists of authoritative sources for attribute sets, protection and sharing of attributes (including privacy), and the metadata used to describe attributes.

...

Glossary

As pointed out definitions are still a gap around attribute management, that notwithstanding the following references have been used in the development of this report.  In addition to the way terms are defined in the Kantara Initiative Identity Assurance Framework Glossary the report also uses the following terms and definitions:

Authoritative Party - An organization or individual that is trusted to be an authority on the identity related attributes or roles associated with users and subjects of services.

Identity Attribute - Information bound to a subject identity that specifies a characteristic of the subject.

Identity Context - The environment or circumstances in which identity information is communicated and perceived. Individuals operate in multiple identity contexts (e.g., legal, social, employment, business, pseudononymous) and may identify themselves differently based on the context.