Taxonomy / BoK Link Collection

Taxonomy/ BoK Link Collection

 

an (unsorted) list of wiki/ glossaries/ standards dealing with Identity Stuff

 

 

 Short Nameshort description / abstractReleasetaggingPubliclink
 Universal Declaration of human rights

The Universal Declaration of Human Rights (UDHR) is a milestone document in the history of human rights. Drafted by representatives with different legal and cultural backgrounds from all regions of the world, the Declaration was proclaimed by the United Nations General Assembly in Paris on 10 December 1948 as a common standard of achievements for all peoples and all nations. It sets out, for the first time, fundamental human rights to be universally protected and it has been translated into over 500 languages.

19481210DeclarationXhttp://www.un.org/en/universal-declaration-human-rights/
 A typology of Privacy

Despite the difficulty of capturing the nature and boundaries of privacy, it is important to conceptualize it. Some scholars develop unitary theories of privacy in the form of a unified conceptual core; others offer classifications of privacy that make meaningful distinctions between different types of privacy. ...

Because of the comprehensive and large-scale comparative nature of the analysis, this paper offers a fundamental contribution to the theoretical literature on privacy.

20160324AcademicPaperXhttps://papers.ssrn.com/sol3/Delivery.cfm/SSRN_ID2951649_code63732.pdf?abstractid=2754043&mirid=1&type=2
 Internet Security Glossary, Version 2

This Glossary provides definitions, abbreviations, and explanations of terminology for information system security. The 334 pages of entries offer recommendations to improve the comprehensibility of written material that is generated in the Internet Standards Process. The recommendations follow the principles that such writing should (a) use the same term or definition whenever the same concept is mentioned; (b) use terms in their plainest, dictionary sense; (c) use terms that are already well-established in open publications; and (d) avoid terms that either favor a particular vendor or favor a particular technology or mechanism over other, competing techniques that already exist or could be developed.

20070801RFCXhttps://tools.ietf.org/html/rfc4949
 

WebOfTrust

Identity Crisis: Clearer Identity through Correlation

 

The term “identity” is a challenge. Both laypeople and experts struggle to communicate clearly about it. The term has numerous rich and useful meanings. That same flexibility and expressivity also makes it easy to misunderstand subtle nuances and often leads to ideological debate rather than understanding and applications. We compensate with adjectives, creating new phrases like “digital identity” or “legal identity”, but we often still speak past each other. We regularly refer to “identities” as things that are assigned to us or that we own, things we control or present, instead of using more rigorous terms such as “identifiers” or “credentials”. This fluidity often confuses because, at its core, identity is an emergent phenomenon that doesn’t have an existence independent of the observer.

 

 

20160823WhitepaperXhttps://github.com/WebOfTrustInfo/ID2020DesignWorkshop/blob/master/final-documents/identity-crisis.pdf
 

WebOfTrust

Physician patient relationship

Address whether there is a place in health IT and/or healthcare related research for the technology [1]; Together, physicians and patients steer treatment and are responsible for the vast majority of decisions, and therefore expenditures, in healthcare. Yet the technology that mediates the physician- patient relationship today is not directly purchased or controlled by either the physicians or the patients. Electronic health records and health information exchange technology are sold as strategic assets to institutions — typically very large businesses, that currently have incentives to maximize institutional growth. We seek a better balance of institutional needs  with the needs of physicians and patients.

20160823WhitepaperXhttps://github.com/WebOfTrustInfo/ID2020DesignWorkshop/blob/master/final-documents/physician-patient-relationship.pdf
 

WebOfTrust

protecting digital identities in developing countries

People in many parts of the developing world have little or no infrastructure for well-regulated government and commercial processes.  This creates a pressing need for a safe place to store important personal data needed to access financial, insurance, education and  healthcare services. A universal digital identity system would underpin information assurance through verifiable and reliable data that can be presented when required. This paper presents a strong use case for a self-sovereign identity system with verifiable information and user-controllable release.

20160823WhitepaperXhttps://github.com/WebOfTrustInfo/ID2020DesignWorkshop/blob/master/final-documents/protecting-digital-identities-in-developing-countries.pdf
 

WebOfTrust

requirements for dids

Respect Network is conducting a research project for the U.S. Department of Homeland Security, HSHQDC-16-C-00061, to analyze the applicability of blockchain technologies to a decentralized identifier system. Our thesis is that blockchains, or more generically distributed ledgers, are a potentially powerful new tool for “identity roots” — the starting points for an Internet identity. However  “blockchain identity” may not fully address the core security and privacy principles needed in a complete identity system. In this case  DIDs — Decentralized Identifiers rooted on a distributed ledger — may end up being a foundational building block for higher level identity management solutions.

 

20160823WhitepaperXhttps://github.com/WebOfTrustInfo/ID2020DesignWorkshop/blob/master/final-documents/requirements-for-dids.pdf
 

WebOfTrust

smarter signatures

Technologies like the Web of Trust and PKI lay the foundation for identity on the internet: they map a human persona to a cryptographic construct that is represented by a public key and protected by a private key. Digital signatures are fundamental to these digital identities and have been widely used in a variety of applications. They’re the heart of SSH, the foundation of certificates, and the core of newer  technologies like blockchain. However, today’s simplistic signatures are just the start; they can be improved, to create more powerful and more complex signatures that can truly be better and smarter. Now is the time to begin experimenting with these possibilities.

 

20160823WhitepaperXhttps://github.com/WebOfTrustInfo/ID2020DesignWorkshop/blob/master/final-documents/smarter-signatures.pdf
 IDCommonsThe Identity Landscape is a community project to create a shared living "map" of the Internet identity space -- the projects, technologies, and standards that are coming together to create an interoperable identity layer for the Internet.20120913CollectionXhttp://wiki.idcommons.net/Identity_Landscape
 Hitachi IDThis vendor has a nice glossary about terms and concepts within IAM Landscape 

Vendor

Glossary

Xhttps://hitachi-id.com/resource/iam-concepts/
 IDM Solutions Review

another glossary on IDM terms:

'Having a hard time keeping up with Identity Management jargon? We’ve got you covered. Solutions Review’s A to Z Identity Management glossary has definitions for over 50 of the most popular Identity Management terms and acronyms.'

 CommercialXhttps://solutionsreview.com/identity-management/identity-management-glossary/
 Field Guide to IdentityThe Field Guide to Identity: Identifiers, Attributes, Names and More. Part 1 Intro + What is Identity by Kaliya Hamlin20141211Blogxhttps://identitywoman.net/the-field-guide-to-identity-identifiers-attributes-names-and-more/
 old GreeksThe old Greeks view on Identity, Entity, Ontology and other stuff WikipediaX

https://en.wikipedia.org/wiki/Entity

https://en.wikipedia.org/wiki/Ontology

 ISO/IEC 24760:1To address the need to efficiently and effectively implement systems that make identity-based decisions, ISO/IEC 24760 specifies a framework for the issuance, administration, and use of data that serves to characterize individuals, organizations or information technology components which operate on behalf of individuals or organizations.2011standardXhttps://www.iso.org/obp/ui/#iso:std:iso-iec:24760:-1:ed-1:v1:en
 IDESGList of documents used for the IDESG Taxonomies (basically the same idea on what we do here). Many sublinkages Non-profit orgXhttps://wiki.idesg.org/wiki/index.php?title=Taxonomy
 CMMThe capability maturity model WikipediaXhttps://en.wikipedia.org/wiki/Capability_Maturity_Model
 EU-GDPREU General data protection regulation legalXhttp://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2016.119.01.0089.01.ENG&toc=OJ:L:2016:119:TOC
 ISO/IEC 29115:2011

This Recommendation | International Standard provides a framework for entity authentication assurance. Assurance within this Recommendation | International Standard refers to the confidence placed in all of the processes, management activities, and technologies used to establish and manage the identity of an entity for use in authentication transactions.

 standardXhttps://www.oasis-open.org/committees/download.php/44751/285-17Attach1.pdf
 

NIST- Digital Identity Guidelines

SP 800-63-3

These guidelines provide technical requirements for Federal agencies implementing digital identity services and are not intended to constrain the development or use of standards outside of this purpose. The guidelines cover identity proofing and authentication of users (such as employees, contractors, or private individuals) interacting with government IT systems over open networks. They define technical requirements in each of the areas of identity proofing, registration, authenticators, management processes, authentication protocols and related assertions. This publication supersedes NIST SP 800-63-1 and SP 800-63-2.20170331guidelinesXhttps://pages.nist.gov/800-63-3/sp800-63-3.html
 

NIST- Digital Identity Guidelines

Enrollment and Identity Proofing

SP 800-63-3A
This document provides requirements for enrollment and identity proofing of subscribers that wish to gain access to resources at each Identity Assurance Level (IAL). The requirements detail the acceptability, validation, and verification of identity evidence that will be presented by an individual to support their claim of identity. This document also details the responsibilities of Credential Service Providers (CSPs) with respect to establishing and maintaining enrollment records and binding authenticators (either CSP-issued or subscriber-provided) to the enrollment record.20170331guidelinesXhttps://pages.nist.gov/800-63-3/sp800-63a.html
 

NIST- Digital Identity Guidelines

Authentication and Lifecycle Management

SP 800-63-3B
This document and its companion documents, [Special Publication (SP) 800-63-3], [SP 800-63A], and [SP 800-63C], provide technical guidelines to agencies for the implementation of digital authentication.20170331guidelinesXhttps://pages.nist.gov/800-63-3/sp800-63b.html
 

NIST- Digital Identity Guidelines

Federations and Assertions

SP 800-63-3C

This recommendation and its companion documents, [SP 800-63-3], [SP 800-63A], and [SP 800-63B], provide technical guidelines to credential service providers (CSPs) for the implementation of remote authentication.

This document, SP 800-63C, provides requirements to CSPs and relying parties (RPs) of federated identity systems. Federation allows a given CSP to provide authentication and (optionally) subscriber attributes to a number of separately administered RPs. Similarly, RPs may use more than one CSP.

20170331guidelinesXhttps://pages.nist.gov/800-63-3/sp800-63c.html
 

Vectors of Trust

This document defines a mechanism for describing and signaling several aspects that are used to calculate trust placed in a digital identity transaction.

20170403

Internet-Draft

Xhttps://tools.ietf.org/html/draft-richer-vectors-of-trust-05
 Terms and concepts relevant to identity management and trust services

This note contains the definition of a number of terms relevant for identity management and trust services. The terms are presented with a view to enabling discussions based on a common understanding of fundamental notions; they are not presented in order to suggest a discussion on legally binding definitions of those notions. Similarly, the terms are not intended to provide an indication on the scope of the future work of UNCITRAL in the field of identity management and trust services.

20170210WorkingGroup NotesXhttps://documents-dds-ny.un.org/doc/UNDOC/LTD/V17/008/31/PDF/V1700831.pdf?OpenElement
 Proposals from 55th session on Legal issues related to identity management and trust services 20170428WorkingGroup Proposalsx

55 th session, 24-28 April 2017, New York

A/CN.9/WG.IV/WP.140 - Annotated provisional agenda

A/CN.9/WG.IV/WP.140/Add.1 - Annotated provisional agenda

A/CN.9/WG.IV/WP.141 - Legal issues related to identity management and trust services - Proposal by the Russian Federation

A/CN.9/WG.IV/WP.142 - Contractual aspects of cloud computing

A/CN.9/WG.IV/WP.143 - Legal issues related to identity management and trust services - Terms and concepts relevant to identity management and trust services

A/CN.9/WG.IV/WP.144 - Legal issues related to identity management and trust services - Proposal by Austria, Belgium, France, Italy, the United Kingdom and the European Union

A/CN.9/WG.IV/WP.145 - Legal issues related to identity management and trust services - Proposal by the United States of America

A/CN.9/WG.IV/WP.146 - Legal issues related to identity management and trust services - Proposal by the United Kingdom of Great Britain and Northern Ireland

 

 

 


old, subject to be removed (still in history)

Wikis, Glossaries and and other collections

 

Related Standards

 

NameLinkComment
IDCommons, Standards Collection http://wiki.idcommons.net/ID_Related_Standards Not direct link to standards, but a list
ISO 24760-1 https://www.iso.org/obp/ui/#iso:std:iso-iec:24760:-1:ed-1:v1:en (preview)
ISO 24760-2  
ISO 29100  
Cobit general (lower layers)
Project Management PMBok general (lower layers)
CMMhttps://en.wikipedia.org/wiki/Capability_Maturity_Modelgeneral (lower layers)
EU GDPRhttp://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2016.119.01.0089.01.ENG&toc=OJ:L:2016:119:TOCSection 3 deals with 'Definitions'
ISO/IEC 29115:2011https://www.oasis-open.org/committees/download.php/44751/285-17Attach1.pdf