Web Blog_blogentry_220815_1


Identity Trust Framework#

A legal definition.[1] A Trust Framework is the governance structure for a specific identity system consisting of:
  • the Technical and Operational Specifications that have been developed –
    • to define requirements for the proper operation of the identity system (i.e., so that it works),
    • to define the roles and operational responsibilities of participants, and
    • to provide adequate assurance regarding the accuracy, integrity, privacy and security of its processes and data (i.e., so that it is trustworthy); and
  • the Legal Rules that govern the identity system and that --
    • regulate the content of the Technical and Operational Specifications,
    • make the Technical and Operational Specifications legally binding on and enforceable against the participants, and
    • define and govern the legal rights, responsibilities, and liabilities of the participants of the identity system.

Examples of Identity Trust Framework#

These are Examples with no regard to the compliance to anything else:
  • FICAM: processes and controls for determining an identity provider’s compliance to OMB M-04-04 Levels of Assurance
  • ISO 29115 Draft: a set of requirements and enforcement mechanisms for parties exchanging identity information
  • Kantara: a complete set of contracts, regulations or commitments that enable participating actors to rely on certain assertions by other actors to fulfill their information security requirements
  • OIX: a certification program that enables a party who accepts a digital identity credential (called the relying party) to trust the identity, security, and privacy policies of the party who issues the credential (called the identity service provider) and vice versa.
  • OITF Model: a set of technical, operational, and legal requirements and enforcement mechanisms for parties exchanging identity information
  • NATE
  • DirectTrust

NSTIC 4/15/2011 Final#

The Identity Ecosystem Framework is the overarching set of interoperability standards, risk models, privacy and liability policies, requirements, and accountability mechanisms that structure the Identity Ecosystem.

A Trust Framework is developed by a community whose members have similar goals and perspectives. It defines the rights and responsibilities of that community’s participants in the Identity Ecosystem; specifies the policies and standards specific to the community; and defines the community-specific processes and procedures that provide assurance. . . . In order to be a part of the Identity Ecosystem, all trust frameworks must still meet the baseline standards established by the Identity Ecosystem Framework.

Examples of complete Trust Frameworks might include

More Information#

There might be more information for this subject on one of the following: ...nobody
  • [#1] - - based on data observed:2015-05-18