What is a Trust Federation?
...
- Rule set: A set of standards and rules used to build a contract and run a certification program.
- Contract: A contract, other written form of commitment or some legislation to have a legal binding for a federation
- Template: A generic set of rules to craft the set of rules for a specific trust federation. It is not an instance of a contract.
- Instance of Template: The specific set of rules that is effective for a trust federation
- Conformance: A certification program that accredits the conformance of a federation-specific rule set to the "template" using a defined procedure
Trust Framework Meta Model (TFMM)
The objective of the TFMM is to define a model that can help with an analysis of existing frameworks and improve their interoperability.
...
- Assess policies, question if their scope is well defined;
- Perform a gap analysis between a specific policy and the common superset;
- Provide a statistical analysis about the granularity of a policy, to gibt hints for under- or over-specification:
- Support the mapping of different policies;
- Foster the standardization of controls in federations to promote automated contract negotiation;
- Create a reference model for the development of public policies in this field.
Existing frameworks
There are several frameworks that provide a certain part of a TF, like the entity authentication assertion (EAA) frameworks
...
(I am not informed about relevant frameworks: P3G, UMA, NSTIC, .. – need help)
Related Efforts
ABA: Tom Smedinghoff and Scott David are working on aligning the term Trust Framework used in different domains.
P3WG is working on a Privacy Framework, currently with the scope limited to PII used for identity verification and authentication.
UMA is working on a Trust Framework for user managed access.
IAWG is expanding the IAF with a Relying Party Guideline to cover the release of PII (subject attributes) to Relying Parties
ISO SC27/WG5 is working on an Entity Authentication Assurance Framework in ISO 29115
ITU-T is starting an effort to define Open Identity Trust Framework (x.oitf)
Interoperability
To make systems using different policies based on various frameworks interoperable the frameworks need to be mapped. However, that is not trivial for several reasons:
...