1 / 6

IDESG Functional Model

This draft document outlines the functional model proposed by the Identity Ecosystem Steering Group (IDESG), focusing on identity proofing, authentication, and claims service providers. It delves into the roles of principals, relying parties, and intermediaries, emphasizing a secure, resilient, and privacy-enhancing approach. Key principles include voluntary participation, user control over attributes, and the importance of interoperability through standard protocols. The document also discusses the potential for using double blinding to protect the identities of users while accessing services, promoting a modern and cost-effective identity ecosystem.

johnda
Télécharger la présentation

IDESG Functional Model

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IDESG Functional Model Draft for consideration

  2. IDESG FUNCTIONAL MODEL (maybe) Claims Service Providers T R U S T Register Identity Proofing Policy Bind Credential To Identity Authenticate Authentication Identity Binding Trust Frameworks Attribute Provision Obtain Attributes Set Policy Assessment Intermediary - Double Blinding Principals Accreditation Request Services Establish Identity Relying Party Relying Party

  3. Functional Roles • Principals • Relying Parties • Claims Service Providers* • Identity Proofing • Authentication • Identity Binding • Attribute Provision • Intermediary • Double Blinding * NSTIC uses Credential Service Provider, OIDX Identity Service Provider

  4. Claims Service Provider Models • Full Service • All services • May be obtained via 3rd parties • Identity Provider • Registration and Credential Authority • No attribute provision • Registration Authority only • Identity Proofing • RP may subsume this role (e.g. banking ID systems) • Attribute Provider only

  5. NSTIC Principles and the Model • Privacy Enhancing and Voluntary • Principals choose which CSPs to use • Principals set policy on attribute release • Double Blinding provided by Intermediary • Secure and Resilient • Implicit • Interoperable • All functional roles may be distributed using standard protocols and trust frameworks • Cost Effective and Easy to Use • Implicitly hopeful!

  6. Sources • NSTIC Note:AnIdentity Ecosystem Functional Model for the Modern Market • Basic functions: identity proofing, authentication, binding • “intermediary layers can also be used to render the operations between participants blind” • SecureKey Concierge: “Your Sign-In Partner [service provider] won’t know which government service [relying party] you’re accessing and the government won’t know which Sign-In Partner you’re using” • Public Key Infrastructure (PKI) • Separation of Registration and Certificate (binding) authorities • Privacy by Design and the Emerging Personal Data Ecosystem, Ann Cavoukian • “Individuals control their own data [attributes].” • OpenID Connect (not just identity) • Claims Provider: “Server that can return Claims about an Entity” • Claim: “Piece of information asserted about an Entity”

More Related