1 / 28

What Is an Identity Trust Framework Addressing the Legal and Structural Challenges

Many Transactions Involve Trust Frameworks. Credit card trust frameworkACH electronic funds transfer trust frameworkPrivacy (e.g., TRUSTe trustmark)The are a set of specs and rules and legal obligations that address a specific element or issue of importance to the transactionWe are addressing

bryanne
Download Presentation

What Is an Identity Trust Framework Addressing the Legal and Structural Challenges

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. What Is an Identity Trust Framework? Addressing the Legal and Structural Challenges Thomas J. Smedinghoff Wildman, Harrold, Allen & Dixon LLP Chicago Chair, ABA Identity Management Legal Task Force

    2. Many Transactions Involve Trust Frameworks Credit card trust framework ACH electronic funds transfer trust framework Privacy (e.g., TRUSTe trustmark) The are a set of specs and rules and legal obligations that address a specific element or issue of importance to the transaction We are addressing an identity trust framework

    3. The Threshold Problem We’re not all talking about the same thing What does “identity trust framework” mean to you? Consider some examples of definitions . . .

    4. 4 Much Disagreement Re What a Trust Framework Is FICAM: processes and controls for determining an identity provider’s compliance to OMB M-04-04 Levels of Assurance ISO 29115 Draft: a set of requirements and enforcement mechanisms for parties exchanging identity information Kantara: a complete set of contracts, regulations or commitments that enable participating actors to rely on certain assertions by other actors to fulfill their information security requirements OIX: a certification program that enables a party who accepts a digital identity credential (called the relying party) to trust the identity, security, and privacy policies of the party who issues the credential (called the identity service provider) and vice versa. OITF Model: a set of technical, operational, and legal requirements and enforcement mechanisms for parties exchanging identity information

    5. 5 Much Disagreement Re What a Trust Framework Is NSTIC 4/15/2011 Final: The Identity Ecosystem Framework is the overarching set of interoperability standards, risk models, privacy and liability policies, requirements, and accountability mechanisms that structure the Identity Ecosystem. A Trust Framework is developed by a community whose members have similar goals and perspectives. It defines the rights and responsibilities of that community’s participants in the Identity Ecosystem; specifies the policies and standards specific to the community; and defines the community-specific processes and procedures that provide assurance. . . . In order to be a part of the Identity Ecosystem, all trust frameworks must still meet the baseline standards established by the Identity Ecosystem Framework.

    6. 6 But In All Cases, the Goal Is . . . Building an identity system that actually works E.g., the plane actually flies Building an identity system that participants trust – i.e., are willing to participate in and rely on E.g., we are all willing to fly on the plane – we’re confident that it will get us there safely, comfortably, on-time, etc. For both of these goals, we need to address all of the relevant risks in an acceptable manner

More Related