kantara trust frameworks 2016 05-08
TRANSCRIPT
Trust Frameworks Explained (in 20 minutes or less)
Andrew Hughes [email protected]
KantaraInitiative.org
About the Kantara Initiative
2
What is Kantara? Non-profit founded in 2009. Comprises 60+ Leading Organizations, hundreds of Participants,
Enterprise & Governments. Connects the best of business, Government, Research & Education. Develops Innovations and Programs developing trustworthy on-line
experiences.
Do you recognize our members?
Kantara’s Values Trust
Operating Accreditation, Approval & Certification programs Privacy
Developing privacy respecting solutions. Security
Developing high security solutions and practices Community
Bridging technology and policy requirements
WHAT IS A DIGITAL TRUST FRAMEWORK?
Explaining Digital Trust Frameworks in 20 minutes or less
Fun and Exciting!
What is a Digital Identity Trust Framework?
“Digital Identity”• Identity: A reference or designation used to
distinguish a unique and particular individual, organization or device.
• Trusted Digital Identity: ‘a trusted electronic representation of who I am.’
“Framework”• Digital Identity Trust Frameworks define
the ‘rules of the road’ for interactions between organizations when handling identity, authentication and authorization. Often, these Frameworks form the basis of agreements and contracts.
Free provincial flags for Canada Day!
Resident?
Alice
Apply & Authorize information release
Ask Alice to Get Proof
Tell Telco to Give Proof
A=5 years
Alice gets a free flag!
Why does this work? Festival and a group of Telcos both comply with a Digital Trust
Framework
• UMA protocol is used to make it possible for Alice to authorize electronic information release from one org to another
Did it work before? Kinda
Previously, Festival had to contract with every Telco and configure themselves differently for each one
Festival had to keep track of new Telcos Festival had to adapt to meet each Telco’s technical
requirement Festival had to agree to different terms & lawyer fees
were rising
A reason for a framework?
To make negotiating agreements easier
How?
Framework
Contracts and Agreements
StandardsRegulationsLaws
Framework Profile
Contracts The program negotiates contracts with every
information source Policies, business processes, standards, operating
practices, formats
OR The program requires conformance to Trust
Framework Profile Negotiation burden lowered
Some Details
Digital Trust Framework Elements
Roles & Responsibilities
Digital Trust Framework Elements
Business functions & Expected Processes
Digital Trust Framework Elements
Processes & Criteria (proof of ‘sameness’ and ‘equivalency’)
Digital Trust Framework Elements
Library of Profiles
Tools and Rules Technical protocols Software / servers Cryptography Communication
protocols Standards
Policies for proof of
identity; ‘Levels’ of certainty
Privacy policy Operations practices Designated authorities
The Future Possibilities Model contract clauses Automation for contracts Addition of new roles, responsibilities, business
functions Build a library of framework profiles
Now what?Join us in innovating and verifying trusted identity solutions for the world Kantara Initiative members include global experts from industry and
government in the fields: Identity assurance Privacy Security Policy Information systems assessment
Join. Innovate. Trust. Visit.:
KantaraInitiative.org
