...
With a variety of government, commercial, and research initiatives around Internet Identity, the question on if and how to create a common methodology for managing the bits of information about an entity on the Internet is in urgent need of an answer. The Kantara Initiative has sponsored a discussion group to look at the attribute management space and make recommendations on where focused effort from the Kantara Initiative might help move this space forward.
This report and associated recommendations has been developed out of several months of reviewing and discussing the attribute space across a broad range of sectors and interests. The wiki space for the discussion group includes a repository of links to information in government, commercial industry, and higher education in the United States, Canada, Europe, and New Zealand. From that base, we have identified the following gaps and made a set of recommendations for further work.
...
After several weeks of discussion and collecting information from sources across a variety of sectors, the members of the Discussion Group condensed the requirements for of what is needed for Attribute Management as follows:
1. There must be a base set of attributes and associated definitions and representations available to all interested and involved parties.
2. There must be a catalog of vertical specific attribute sets (i.e. extensions).
3. There must be a list of authoritative sources for attribute sets.
4. Individuals and service providers must have the ability to protect and share these attributes.
5. There must be coordination among the bodies working on and the initiatives underway on entity attributes as well as of the groups creating and using these attributes.
6. A framework to address privacy, trust and level of assurance of attributes is necessary.
7. There must be a process to allow for ongoing evaluation of where the attribute ecosystem stands (i.e. governance)
...
| Info | ||
|---|---|---|
| ||
Information bound to a subject identity that specifies a characteristic of the subject. – Derived from the ITU-T X.1252 definition of "attribute" |
It should be noted that Identity Attributes are part of, but not necessarily the complete set of, the Attributes associated with an individual. Each Identity Proofing process needs to establish the set of Identity Attributes it deems necessary and sufficient to infer, with a level of assurance, who an individual is (i.e., the identity of the individual) based upon the risk / consequences of being incorrect.
While this document takes a high-level, broad look at the attribute management space, finding information on all the activities and common definitions in this space to any kind of detailed level was impossible. The repository of information put together by the Attribute Management Discussion group is a start, but pulling together a more granular document should be a fundamental requirement to further work being done by Kantara. The general consensus is that it is better to take the time to find where work is going on than to duplicate effort.
...
Each of these functional process patterns contains sub-sets and super-sets of attributes.
In addition, there is a need to understand the needs of service providers that rely upon entity attributes in order to deliver services. An understanding of these needs will drive the definition of the mechanisms that will need to exist to provide assurances about an entity attribute or a set of entity attributes. It will also drive the definition of the criteria required to enable organizations to become an Authoritative Party for an entity attribute or set of entity attributes.
| Info | ||
|---|---|---|
| ||
An organization or individual that is trusted to be an authority on the identity related attributes or roles associated with users and subjects of services. Authoritative Parties may issue credentials. -- taken from the Government of British Columbia Identity Information Reference Model |
Efforts in this space:
- SEMIC.EU was a starter project but closed in 2009, now partly replaced by ISA
- The Government of Canada strategy of federating credential and then federating identity
Common Semantics and terminology
...
Perhaps a subset of Semantics and Terminology, the question of context is significant in its own right. From an electronic identity perspective, what information is expressed about an individual will almost certainly vary according to the context in which it is requested or presented. An identity is expressed differently with different attributes under different contexts.
| Info | ||
|---|---|---|
| ||
the environment or circumstances in which identity information is communicated and perceived. Individuals operate in multiple identity contexts (e.g., legal, social, employment, business, pseudononymous) and may identify themselves differently based on the context. -- taken from the Government of British Columbia Identity Information Reference Model |
Different contexts may include:
...
How should attributes be categorized or expressed in different contexts? Is this a question that can be rolled in to the questions around Attribute Semantics? Governance? Schema? It overlaps all of the above.
Efforts in this space:
- none knownThe Government of British Columbia evidence of identity
Common language - Schema and Metadata
...
- Federal PKI and PKI Bridge Certification Authority: http://www.idmanagement.gov/
- APEC Privacy Framework, in particular the Cross Border Privacy enforecement Arrangement: www.apec.org/Groups/Committee-on-Trade-andInvestment/Electronic-Commerce-Steering-Group/Cross-border-Privacy-Enforcement-Arrangement.aspx
- An emerging effort is the ISOC initiative 'Moving forward with an Internet Attribute Infrastructure', that spawned from the main gap identified in the 2011 workshop 'Mapping the Identity Ecosystem' ( http://tid.isoc.org/trac/ideco )
Recommendations
...
Coordination
A more detailed review of working groups, standards efforts, and general understanding of terms is required. The ideal document would be