[ID4me Governance] Trust models for identity validation

Matthias Pfeifer | dotBERLIN GmbH & Co. KG pfeifer at dot.berlin
Fri Sep 21 11:51:56 UTC 2018


Hello Jörg,

> I'd envision something like:
> 
> No restrictions on who validates a claim. Additionally, ID4me must be able to
> - "flag" if a a claim is validated or not

[>] What is, when we have a trustfully identity agent/provider (like a CA), we could treat all claims stored there as validated and it's up to the user to choose such a identiy agent when he wishes to use validated claims. Could this become an reasonable model?

> - "refer" to or provide information about who validated
> - instigate a validation process

[>] Validation would be up to the a trustfully identity agent

Best, Matthias


> best
> 
> Jörg Schweiger
> 
> ________________________________
> Dr. Jörg Schweiger
> Mitglied des Vorstandes
> 
> 
> DENIC eG
> Kaiserstraße 75 - 77
> 60329 Frankfurt
> 
> E-Mail: schweiger at denic.de
> Tel: + 49 69 27 235 - 455
> Fax: + 49 69 27 235 - 457
> 
> PGP-Key-ID: EE3D7DBB
> Fingerprint: FB27 B134 78F1 0E0E EE43  B321 7CE8 0967 EE3D 7D
> 
> Sitz: Frankfurt am Main
> Eingetragen unter Nr. 770 im Genossenschaftsregister beim Amtsgericht
> Frankfurt am Main
> Vorstand: Helga Krüger, Martin Küchenthal, Andreas Musielak, Dr. Jörg
> Schweiger Vorsitzender des Aufsichtsrates: Thomas Keller
> 
> "Governance_wg" <governance_wg-bounces at lists.id4me.org> wrote on
> 19.09.2018 12:51:49:
> 
> > Von: "Vittorio Bertola" <vittorio.bertola at open-xchange.com>
> > An: "ID4me Governance WG" <governance_wg at lists.id4me.org>
> > Datum: 19.09.2018 12:52
> > Betreff: [ID4me Governance] Trust models for identity validation
> > Gesendet von: "Governance_wg" <governance_wg-
> bounces at lists.id4me.org>
> >
> > Hello all,
> >
> > as you know, ID4me was conceived as a "weak" identity system to
> facilitate the management and distribution of whatever information
> > the user wants to declare, indipendently from whether it is true or
> false - just like today's average web registration form.
> >
> > However, there have been discussions on the idea of providing
> > validated
> claims through ID4me, where "validated" means that someone
> > will vouch for the fact that those claims actually reflect the true
> offline values for the owner of the identity.
> >
> > Before we can work on a technical implementation, however, we have to
> > be
> sure of how this could work in terms of policy, and
> > especially in terms of trust models: who will be responsible for
> verifying the user's true identity? Should this be done by the
> > authorities, which could use this as a service differentiator, or by
> > the
> agents, or even by specialized third parties, or by a mix
> > of parties for different claim types? (e.g. the public property
> > registry
> can sign claims on properties but not on other things)
> > And how can a relying party decide whether a signed claim is trustable
> or not?
> 
> > This is a list of possible different models that I already shared with
> the Technical WG:
> > 1. the authority takes responsibility for validating claim values (they
> can then rely on other parties as they want, but they
> > assume responsibility for what they do)
> > 2. the agent takes responsibility for validating claim values (similar
> to above)
> > 3. claim values can be validated directly by any "validating party"
> acting as distributed claim supplier, but the ID4me
> > association takes responsibility for vetting validating parties
> > 4. claim values can be validated directly by any "validating party"
> acting as distributed claim supplier, but each authority takes
> > responsibility for vetting validating parties
> > 5. claim values can be validated directly by any "validating party"
> acting as distributed claim supplier, but each agent takes
> > responsibility for vetting validating parties
> > 6. no one takes responsibility for vetting validating parties and each
> relying party decides on its own which validating parties to trust
> > 7. no one takes responsibility for vetting validating parties, but a
> collective reputation exchange system (blacklists/whitelists
> > or something more refined) is built so that relying parties can use it
> to decide whether to trust a value
> >
> > We should possibly build a system that is flexible enough to accommodate
> multiple models, but first I would like to know if the
> > current "early" players have views or would like to have a role in this
> field, and which one. So please share your comments!
> >
> > Thanks
> > Ciao
> > --
> >
> > Vittorio Bertola
> > Head of Policy & Innovation
> >
> > Cell:
> >
> > +39 348 7015022
> >
> > Skype:
> >
> > in-skype-ox at bertola.eu
> >
> > Email:
> >
> > vittorio.bertola at open-xchange.com
> >
> > Twitter: @openexchange - Facebook: OpenXchange - Web:
> www.open-xchange.com
> >
> > [image removed]
> >
> > Open-Xchange AG, Rollnerstr. 14, 90408 Nuremberg, District Court
> Nuremberg HRB 24738
> > Managing Board: Rafael Laguna de la Vera, Carsten Dirks, Michael
> Knapstein, Stephan Martin
> > Chairman of the Board: Richard Seibt
> >
> > European Office:
> > Open-Xchange GmbH, Olper Huette 5f, D-57462 Olpe, Germany, District
> Court Siegen, HRB 8718
> > Managing Director: Frank Hoberg
> >
> > US Office:
> > Open-Xchange. Inc., 530 Lytton Avenue, Palo Alto, CA 94301, USA
> >
> > Confidentiality Warning: This message and any attachments are intended
> only for the use of the intended recipient(s), are
> > confidential, and may be privileged. If you are not the intended
> recipient, you are hereby notified that any review,
> > retransmission, conversion to hard copy, copying, circulation or other
> use of this message and any attachments is strictly
> > prohibited. If you are not the intended recipient, please notify the
> sender immediately by return e-mail, and delete this message
> > and any attachments from your system.
> >
> > _______________________________________________
> > Governance_wg mailing list
> > Governance_wg at lists.id4me.org
> > https://lists.id4me.org/cgi-bin/mailman/listinfo/governance_wg
> 
> _______________________________________________
> Governance_wg mailing list
> Governance_wg at lists.id4me.org
> https://lists.id4me.org/cgi-bin/mailman/listinfo/governance_wg


More information about the Governance_wg mailing list