[ID4me Governance] ID4me verified identities framework

Matthias Pfeifer | dotBERLIN GmbH & Co. KG pfeifer at dot.berlin
Tue Aug 27 13:32:35 UTC 2019


> > Il 26 agosto 2019 10:58 Marcos Sanz <sanz at denic.de> ha scritto:
> >
> > Ok, yes please, let's change the name. Detlef already made some
> > suggestions that follow eIDAS nomenclature, I don't know what could be
> > best, but CA is just misleading.
> Ok, we definitely want to change the name. However, first we need to be
> sure that we like the model, i.e. that we want to have this kind of third
> parties auditing our operators that want to provide verified identities, and
> that we want the ID4me association to look for these parties and decide who
> they are. The concept came from the ID4me association's board, but we
> could get back to them and say "we don't like it" - the problem then becomes
> how do we take care of the case in which someone just establishes their own
> agent and/or authority and starts to issue identity tokens stating that the
> data were verified even if they weren't.

[>] I like the model. Just for clarification on an meta level - the role of the not-called-so-CA
have to be managed by an entitiy like an eID provider in order to fullfill the requirements for verified Identities.
If I dig it right then this model looks to me like an interface for entities with different methods of verification (NPA, Video Ident etc..). So this might open a very attractive Door for all those parties and further business.

Best, Matthias

> > > It's also true that, to make that digital badge automatically
> > > verifiable
> > by relying parties, and unless someone has better ideas,
> > > we have to set up a chain of trust of (X.509?) certificates, so that
> > > a
> > relying party can verify that the badge is signed by
> >
> > That's what I wanted to have out of the governance paper, but since we
> > are at it I think X509 wouldn't be the appropriate technology:
> For me, whatever the technical group wants is fine. I used the example of
> certificates because I thought that otherwise no one would understand what
> we meant, but I can just revise the language in the draft to make it an
> abstract "chain of trust" without reference to any technology.
> Ciao,
> --
>  Vittorio Bertola
> Head of Policy & Innovation
> Cell:	 +39 348 7015022
> Direct Chat:	 vittorio.bertola (https://chat.open-
> xchange.com/direct/vittorio.bertola)
> Email:	 vittorio.bertola at open-xchange.com
> Twitter: @openexchange (http://twitter.com/openexchange) - Facebook:
> OpenXchange (https://www.facebook.com/OpenXchange) - Web:
> www.open-xchange.com (http://www.open-xchange.com)
> 	 Open-Xchange AG, Hohenzollernring 72, 50672 Cologne, District
> Court Cologne HRB 95366 Managing Board: Rafael Laguna de la Vera, Carsten
> Dirks, Michael Knapstein, Stephan Martin Chairman of the Board: Richard
> Seibt European Office:
> Open-Xchange GmbH, Olper Huette 5f, D-57462 Olpe, Germany, District
> Court Siegen, HRB 8718 Managing Director: Frank Hoberg US Office:
> Open-Xchange. Inc., 530 Lytton Avenue, Palo Alto, CA 94301, USA
> Confidentiality Warning: This message and any attachments are intended
> only for the use of the intended recipient(s), are confidential, and may be
> privileged. If you are not the intended recipient, you are hereby notified that
> any review, retransmission, conversion to hard copy, copying, circulation or
> other use of this message and any attachments is strictly prohibited. If you
> are not the intended recipient, please notify the sender immediately by
> return e-mail, and delete this message and any attachments from your
> system.
> _______________________________________________
> Governance_wg mailing list
> Governance_wg at lists.id4me.org
> https://lists.id4me.org/cgi-bin/mailman/listinfo/governance_wg

More information about the Governance_wg mailing list