[ID4me Governance] Trust framework

Vittorio Bertola vittorio.bertola at open-xchange.com
Thu Oct 4 10:42:58 UTC 2018


> Il 4 ottobre 2018 alle 11.12 Thomas Keller <thomas.keller at 1und1.de> ha scritto:
> 
> 
>     Hi again,
> 
>      
> 
>     Seems like I need to work on my Google docs skills a bit ;)
> 
>      
> 
>     I hope this link finally works
> 
>      
> 
>     https://docs.google.com/presentation/d/1cy3N-OjqpTpypvdv2CWv439QXTk7y2t0ZVyR7-AAid8/edit?usp=sharing
> 
Ok, here are some comments.

The general concept is fine, also I think it's fine to limit the association's activity to authorities and validators and let each authority deal with their agent; it makes the system thinner and more effective especially in the startup phase. I would like to hear other comments, though; especially, in the ICANN model the "registrars" are accredited by the central organization, while we wouldn't be doing the same here, so I am wondering whether there is any reason that we can give for this difference when we will be asked.

I would find a different word/acronym to define the levels of accreditation, as "LoA" in the identity world is generally used to identify the standardized levels of assurance on the end user's identity. Maybe just "accreditation level". Also, I think we can agree that it will be up to each relying party to decide what to do with the accreditation level of the authority/validator used by the final user.

I assume that the interaction models you enumerate are just meant to be descriptive, i.e. we are not limiting the possible relationships or the possible mergers of the various roles into a single company - right?

The next question would be how to make this happen in practice. There is not much work involved in maintaining a database of companies, but there is a lot of work involved in actually auditing them to give them higher accreditation levels. I have no familiarity with setting up this kind of business, so I am wondering how do you do it - do you subcontract the actual verification to specialized third parties? Who bears the cost? Is it included with the membership fee, or would it be unrelated to membership and paid separately by each applicant?

Ciao,
-- 
Vittorio Bertola | Head of Policy & Innovation, Open-Xchange
vittorio.bertola at open-xchange.com mailto:vittorio.bertola at open-xchange.com
Office @ Via Treviso 12, 10144 Torino, Italy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.id4me.org/pipermail/governance_wg/attachments/20181004/ba029258/attachment.html>


More information about the Governance_wg mailing list