Versions Compared

Old Version 9

changes.mady.by.user Former user

Saved on

compared with

New Version 10

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 4.0

What is a Trust Federation?

...

  1. Rule set: A set of standards and rules used to build a contract and run a certification program. 
  2. Contract: A contract, other written form of commitment or some legislation to have a legal binding for a federation
  3. Template: A generic set of rules to craft the set of rules for a specific trust federation. It is not an instance of a contract.
  4. Instance of Template: The specific set of rules that is effective for a trust federation
  5. Conformance: A certification program that accredits the conformance of a federation-specific rule set to the "template" using a defined procedure

Trust Framework Meta Model (TFMM)

The objective of the TFMM is to define a model that can help with an analysis of existing frameworks and improve their interoperability.

...

  • Assess policies, question if their scope is well defined;
  • Perform a gap analysis between a specific policy and the common superset;
  • Provide a statistical analysis about the granularity of a policy, to gibt hints for under- or over-specification:
  • Support the mapping of different policies;
  • Foster the standardization of controls in federations to promote automated contract negotiation;
  • Create a reference model for the development of public policies in this field.

Existing frameworks

There are several frameworks that provide a certain part of a TF, like the entity authentication assertion (EAA) frameworks

...

(I am not informed about relevant frameworks: P3G, UMA, NSTIC, .. – need help)

Related Efforts

ABA: Tom Smedinghoff and Scott David are working on aligning the term Trust Framework used in different domains.

P3WG is working on a Privacy Framework, currently with the scope limited to PII used for identity verification and authentication.

UMA is working on a Trust Framework for user managed access.

IAWG is expanding the  IAF with a Relying Party Guideline to cover the release of PII (subject attributes) to Relying Parties

ISO SC27/WG5 is working on an Entity Authentication Assurance Framework in ISO 29115 

ITU-T is starting an effort to define Open Identity Trust Framework (x.oitf)

Interoperability

To make systems using different policies based on various frameworks interoperable the frameworks need to be mapped. However, that is not trivial for several reasons:

...