Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

placeholder

From the Jan 2015 minutes:

Ken: Some have clearly defined requirements:

Incommon, Safe Biopharma

UK has come up with some

USA has come up with some

6-10 clearly identified

......................................................................

As discussed on the call, this page is a wiki comparing the various research and education federations.

https://refeds.terena.org/index.php/Federations

I feel a resource like this for eGov would be a great project for us to undertake and put on the Kantara wiki. It makes comparison of different technologies, models and policies very convenient.

This would take the excellent work done by the BCTF and add more information to the model, with a focus on eGov only.

http://kantarainitiative.org/confluence/display/bctf/Global+Trust+Framework+Survey

...........................................................................................................................................................

And of course we have the SAC (Service Assessment Criteria) that the Kantara Identity Assurance Framework uses for IdPs, that the IAWG is custodian of, that you see here (IAF 1400)
Look at the lists in section 4 and 5 of this
Section 4: COMMON ORGANIZATIONAL SERVICE ASSESSMENT CRITERIA
Enterprise and Service Maturity ..................................................................
Notices and User Information/Agreements ..................................................
Information Security Management ...............................................................
Security-relevant Event (Audit) Records......................................................
Operational infrastructure ............................................................................
External Services and Components ..............................................................
Secure Communications
Section 5: OPERATIONAL SERVICE ASSESSMENT CRITERIA.......................................
Credential Operating Environment ..............................................
Credential Issuing..........................................................................
Credential Renewal and Re-issuing...............................................
Credential Revocation...................................................................
Credential Status Management....................................................
Credential Verification/Authentication
We also have the discussion/list in the IETF about the Vectors of Trust which we should refer to

The trust vectors so far are (flip-sided as risk vectors thanks to Scott Shorter!):

Identity proofing/Identity theft
Credential Strength//Credential compromise
Assertion strength/Assertion subversion
Operational management/?

And we have some basic security requirements from the likes of ISO 27001/27002
  • No labels