...
- SAML
- OAuth
- PKI certificates
- OASIS Web Services over SOAP
...
Gap #8: Trust frameworks
With regard to attribute management and governance in Trust Frameworks, quite a bit of work has gone into the Identity Confidence/Assurance aspect, with different levels of confidence/assurance certifications described by different standards bodies, auditors trained, and a general understanding of the concept shared. That said, finding a trust framework that extends down to the level of the attributes themselves is still a work in progress. An individual could have a mix of self-asserted and proofed attributes describing them, and a consumer of those attributes should be able to choose which attribute to use, depending on the context of the activity or transaction. The question of how a cohesive Trust Framework could handle information at the attribute level is still an open question and will be a critical component of attribute management. The complexity of attribute management is multiplied many times in the case of inter-federation. Trust framework governance becomes a critical dependency for cohesive attribute management.
...
- OIX Attribute Working Group
- Kantara's Business Cases for Trust Frameworks: http://kantarainitiative.org/confluence/display/bctf/Home
- ProtectNetwork: www.protectnetwork.org
Gap #9: Defining and implementing consent
The legal definition and implementation around consent is reaching a stable point in the EU. That said, there is still some concern that implementing consent in the federation space is still problematic. Consent management will undoubtedly involve consent-related attributes and attribute sets in the consent process. Consent needs to be 'designed in' either as in band or as a service but implemented in a standardized way so you get consistent UX.
...
- EU Data Protection
- ABC4Trust: https://abc4trust.eu/
Gap #10: Governance around use of attributes
A driver for the exploration of attribute management is the growing economy behind the mining and exchange of attribute information. We see here the overlap of financial reward and privacy regulation; overlaps such as this generally see the creation of some kind of governance model. That governance may be formal regulation, it may be accepted industry standards groups, or some other model. Different sectors of society and industry are looking at what governance is necessary in the world of Internet Identity and the attribute economy. Each group, however, has a fairly narrow view of how governance is required in their particular sector.
...