[ID4me Governance] Trust models for identity validation

Jörg Schweiger schweiger at denic.de
Sun Sep 23 03:58:43 UTC 2018


"Vittorio Bertola" <vittorio.bertola at open-xchange.com> wrote on 21.09.2018 
14:48:07:

> Von: "Vittorio Bertola" <vittorio.bertola at open-xchange.com>
> An: "Matthias Pfeifer | dotBERLIN GmbH & Co. KG" <pfeifer at dot.berlin>, 
"Jörg Schweiger" <schweiger at denic.de>
> Kopie: "ID4me Governance WG" <governance_wg at lists.id4me.org>
> Datum: 21.09.2018 14:48
> Betreff: Re: AW: [ID4me Governance] Trust models for identity validation
> 
> 
> 
> > Il 21 settembre 2018 alle 13.51 "Matthias Pfeifer | dotBERLIN GmbH & 
Co. KG" <pfeifer at dot.berlin> ha scritto:
> > 
> > 
> > Hello Jörg,
> > 
> > > I'd envision something like:
> > > 
> > > No restrictions on who validates a claim. Additionally, ID4me must 
be able to
> > > - "flag" if a a claim is validated or not
> > 
> > [>] What is, when we have a trustfully identity agent/provider (like a 
CA), we could treat all claims stored there as validated 
> and it's up to the user to choose such a identiy agent when he wishes to 
use validated claims. Could this become an reasonable model?

I'd favour a more fine granularity - for the sake of the user.

> 
> The relying party however cannot know so easily whether an agent is 
trusted or not


you are absolutely right on this.  How about a specific accreditation for 
such agents?

, so the agent should still sign all claims (we 
> could even provide a mode in which it is possible to sign all claims at 
once rather than have a signature for each of them).
> 
> The question that then follows is: could we say that all agents working 
with a specific authority are trusted as long as they sign
> their claims, implying that the authority has to check and validate each 
and every agent, or should authorities provide lists of 
> which agents should be considered trusted...?
> 
> Ciao
> -- 
> 
> Vittorio Bertola
> Head of Policy & Innovation
> 
> Cell:+39 348 7015022Skype:in-skype-ox at bertola.eu
> Email:vittorio.bertola at open-xchange.com
> 
> Twitter: [@openexchange](http://twitter.com/openexchange)- Facebook: 
[OpenXchange](https://www.facebook.com/OpenXchange)- Web: [
> www.open-xchange.com](http://www.open-xchange.com)
> Open-Xchange AG, Rollnerstr. 14, 90408 Nuremberg, District Court 
Nuremberg HRB 24738
> Managing Board: Rafael Laguna de la Vera, Carsten Dirks, Michael 
Knapstein, Stephan Martin 
> Chairman of the Board: Richard Seibt
> 
> European Office: 
> Open-Xchange GmbH, Olper Huette 5f, D-57462 Olpe, Germany, District 
Court Siegen, HRB 8718 
> Managing Director: Frank Hoberg
> 
> US Office: 
> Open-Xchange. Inc., 530 Lytton Avenue, Palo Alto, CA 94301, USA 
> 
> Confidentiality Warning: This message and any attachments are intended 
only for the use of the intended recipient(s), are 
> confidential, and may be privileged. If you are not the intended 
recipient, you are hereby notified that any review, 
> retransmission, conversion to hard copy, copying, circulation or other 
use of this message and any attachments is strictly 
> prohibited. If you are not the intended recipient, please notify the 
sender immediately by return e-mail, and delete this message 
> and any attachments from your system.



More information about the Governance_wg mailing list