Versions Compared

Old Version 69

changes.mady.by.user Salvatore D'Agostino

Saved on

compared with

New Version 70

changes.mady.by.user Salvatore D'Agostino

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

While Enterprise Architecture Frameworks (EAFs) like the US Federal Enterprise Architecture Framework (FEAF) (and the Australian and NZ EAF's are based on the US FEAF) segment down to services and functions, there is no work going on to standardise the terms to describe generic business process patterns. For example, in the NZ government's Internal Affairs Department's public facing services the process patterns supporting those services can be distilled down to: Grant, Register, Monitor, Advise, Enforce, Legislate, Collect.  Can these descriptions be standardised and can the same be done for each of these functional process patterns sub-sets and super-sets of attributes?

In addition, there is a need to understand the needs of service providers that rely upon identity attributes in order to deliver services. An understanding of these relying party needs will help drive the definition of the mechanisms process and procedures that will need to exist to provide assurances about an entity identity attribute or a set of entity identity attributes. It will also drive the definition of the criteria required to enable organizations to become an Authoritative Party authoritative party for an entity identity attribute or set of entity identity attributes.

Info
titleDefinition: Authoritative Party

An organization or individual that is trusted to be an authority on the identity related attributes or roles associated with users and subjects of services. -- taken from the Government of British Columbia Identity Information Reference Model

...

Gap #3: Normalization and categorization of identity attributes

...

Gap #3: Normalization and categorization of identity attributes

A broad, common, accepted list of attributes and associated definitions is currently not achievable in its entirety. The goal, however, of publishing code lists and meanings to a public directory should be possible. There is a need for local profiles to Local profiles could be published to a central URN/URL namespace repository so other parties and metadata interoperating with the an attribute provider can get the applicable 'set'.

Consider a common structure for 'attributes of an attribute' - the properties of an attribute (e.g. unique, authoritative or self reported, time since verified, last time changed, last time accessed, last time consented) that would be released available and provide an audit trail.

The local definition Local definitions of attributes in any given global schema , along with the interpretation of related metadata and trust frameworks , creates a space situation where it is very difficult to efficiently share (or trust) information that will .  This gap needs to be addressed in a context that can meet the expectation of relying parties working across identity and attribute providers.

Efforts in this space:

Gap #4: Identifying and defining contexts

Perhaps a subset of Semantics semantics and Terminologyterminology, the question of context is significant in its own right. From an electronic identity perspective, what information is expressed about an individual will often vary according to the context in which it is requested or presented. An identity is expressed differently with different attributes under different contexts.

Info
titleDefinition: Identity Context

the The environment or circumstances in which identity information is communicated and perceived. Individuals operate in multiple identity contexts (e.g., legal, social, employment, business, pseudonymous) and may identify themselves differently based on the context. -- taken from the Government of British Columbia Identity Information Reference Model

...

  • individual as citizen
  • individual as social group member
  • individual as employee
  • individual acting in a business role e.g. Director
  • individual as researcher, student, or faculty

How should identity attributes be categorized or expressed in different contexts? Are these different identity attributes or sub-attributes? Is this a question that can be rolled in to the questions around Attribute Semantics? Governance? Schema? attribute semantics, governance, schema? It overlaps all of the abovethese.

Efforts in this space:

Gap #5: Agreeing to a common language - Schema and Metadata

Attribute metadata is another an aspect of attribute management concerning the exchange of attributes. What is needed is agreement on what the semantics are for metadata. For example, SAML has some metadata for attributes, but much more will be needed as the growth of interoperability of attributes continues. We will need registries for attribute sets/categorization (i.e. IANA), agreement about the semantics, and mappings between sets of attributes having differing semantics

...

  • OIX (Attributes Exchange (AX) working group

Government

Government

See also others in Repository Current Industry Efforts

Gap #6: Interoperability between protocols

The protocol space around attributes is comparatively stable. Protocols such as SAML and OAuth (and related OpenID Connect and User Managed Access (UMA) are in broad use and fairly well understood even if they are still evolving. PKI certificates and web services also have strong community support and understanding. What is missing, however, is better guidance on how exactly to use those protocols to carry attributes and their associated metadata in a secure and interoperable an interoperable (and secure) fashion. In particular, how to use these protocols in the mobile device market context is an at issue. In addition, a   A means is needed to ask a broad set of identity providers anything about the wide range of attributes that exist about the identities for which they are authoritative or trusted. When a service provider needs to ask dozens of identity providers across the globe "Is this person of legal age to use my service?" the attribute space has no easy answer.

Efforts in this space:

  • SAML
  • SAML Attribute Query (profiled)?
  • OAuth
  • PKI certificates
  • OASIS Web Services over SOAP
  • OpenID ConnectSCIM
  • SCIM 
  • United States Federal Identity Credentialing and Access Managment (FICAM) profiles

Gap #7: Trust frameworks

With regard to attribute management and governance in Trust Frameworks, quite a bit of trust frameworks, substantial work has gone into the Identity Confidence/Assurance aspect, with different identity confidence/assurance.  Different levels of confidence/assurance and certifications are described by different standards bodies, auditors accreditation and standards organizations.  Auditors have been trained, and so a general understanding of the concept shared. That said, finding a trust framework that extends down to the level of the attributes themselves is still a work in progress. An individual could have a mix of self-asserted and proofed attributes describing them, and a consumer of those attributes should be able to choose which attribute to use, depending on the context of the activity or transaction. The question of how a cohesive Trust Framework could handle information at the attribute level is still an open question and will be a critical component of attribute management. The complexity of attribute management is multiplied many times in the case of inter-federation. Trust framework governance becomes a critical dependency for cohesive attribute management.

...