<meta charset="UTF-8">
<meta name="robots" content="noindex,nofollow" />
<link rel="shortcut icon" type="image/x-icon" href="/wiki/images/favicon.ico" />
<link rel="icon" type="image/x-icon" href="/wiki/images/favicon.ico" />

<pre>
!!! Overview
[{$pagename}] is a [Trust Framework] which attempts to &quot;build&quot; [Trust] by defining the rights and responsibilities of that community's participants within that community's [Identity Ecosystem].


[{$pagename}] are the &quot;rules&quot; or [Policies|Policy] for [Federated Identity Management] and the organizations that agree to follow such rules and participate are known as an [Identity Federation].


!! [{$pagename}] Policies 
[{$pagename}] is the set of rules and [Policies|Policy] that govern how the [Identity Federation] members will operate and interact, including:
* Conducting [Federated Identity Management] responsibilities
* Sharing [Digital Identity] information
* Using [Digital Identity] [data] that has been shared with them
* Protecting and securing [Digital Identity] [data]
* Performing specific roles within the [Identity Federation]
* Managing liability and [legal] issues.
[{$pagename}] serve as the basis for the multilateral agreements among all of a federation’s members that enable the [trust] and [governance] of a [Identity Federation]’s operations. 


!! [National Strategy for Trusted Identities in Cyberspace] Definition
[{$pagename}] are developed by a community whose members have similar goals and perspectives. A trust framework defines:
* the rights and responsibilities of that [community]'s participants
* specifies the policies and standards specific to the [community]
* defines the [community]-specific processes and procedures that provide assurance.

A [{$pagename}] should address the level of risk associated with the transaction types of its participants; for example, for regulated industries, it could incorporate the requirements particular to that industry. 

Different [{$pagename}] can exist within the [Identity Ecosystem], and communities of interest can tailor trust frameworks to meet their particular needs. In order to be a part of the [Identity Ecosystem], all trust frameworks must still meet the baseline standards established by the [Identity Ecosystem Framework].

!! A possible Direction.[1]
An [{$pagename}] is the [governance] structure for a specific [Identity Ecosystem] consisting of two major areas:
* the Technical and Operational Specifications that have been developed:
** to define requirements for the proper operation of the identity system (i.e., so that it works),
** to define the roles and operational responsibilities of participants
** to provide adequate assurance regarding the accuracy, integrity, privacy and security of its processes and data (i.e., so that it is trustworthy); and 
* the [Legal] Rules that govern the identity system and that:
** regulate the content of the Technical and Operational Specifications, 
** make the Technical and Operational Specifications legally binding on and enforceable against the participants
** define and govern the legal rights, responsibilities, and liabilities of the participants of the identity system.

! [Examples] of [{$pagename}]
Although there is conflicting views on what a [{$pagename}] is, these are some commonly used industry [Examples]:
* [FICAM]:  processes and controls for determining an identity provider’s compliance to OMB [M-04-04 Level of Assurance (LOA)]
* [ISO 29115] Draft:  a set of requirements and enforcement mechanisms for parties exchanging identity information
* [Kantara Trust Framework]: a complete set of contracts, regulations or commitments that enable participating actors to rely on certain assertions by other actors to fulfill their information security requirements 
* [OIX|Open Identity Exchange]: a certification program that enables a party who accepts a digital identity credential (called the relying party) to trust the identity, security, and privacy policies of the party who issues the credential (called the identity service provider) and vice versa.
* [OITF] Model: a set of technical, operational, and legal requirements and enforcement mechanisms for parties exchanging identity information    
* [NATE]
* [DirectTrust]
* [SAFE-BioPharma] 
* [CertiPath]
* [IdenTrust]
* [InCommon]


!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [What Is an Identity Trust Framework? Addressing the Legal and Structural Challenges|http://apps.americanbar.org/dch/thedl.cfm?filename=/CL320041/newsletterpubs/4-Trust-Framework-and-Liability-Overview.ppt|target='_blank'] - based on data observed:2015-05-18
* [#2] - [Developing Trust Frameworks to Support Identity Federations|https://csrc.nist.gov/csrc/media/publications/nistir/8149/draft/documents/nistir_8149_draft.pdf|target='_blank'] - based on information obtained 2018-09-02- 



















</pre>