...
This Code of Conduct for Relying Parties assumes (1) a set of agreed definitions/terminlogy, (2) Scopem Scope and specification of the Replying Party activities, (3) a legal contract in force to make all obligations clear for interpretation (4) that a federated trust framework is operating, (5) that a quality ISMS is operating in the RP/AP environments..
...
https://refeds.terena.org/index.php/Federations
(esp. section 4 and 5)
We also have the discussion/list in the IETF about the Vectors of Trust which we should refer to
The trust vectors so far are (flip-sided as risk vectors thanks to Scott Shorter!):
Identity proofing/Identity theft
Credential Management/Credential Use
Assertion Presentation
And we have some basic security requirements from the likes of ISO 27001/27002
Excerpt from InCommon FOPPs- sections 6-10 most relevant
IETF: Vectors of Trust discussion at IETF: https://datatracker.ietf.org/doc/draft-richer-vectors-of-trust/?include_text=1 latest draft from https://www.ietf.org/mailman/listinfo/vot https://www.incommon.org/docs/policies/incommonfopp.htmlNZ RealMe:
Data Protection Code of Conduct For Service Providers ... with clauses that might apply to an overall contract removed for clarity./.
...