<meta charset="UTF-8">
<meta name="robots" content="noindex,nofollow" />
<link rel="shortcut icon" type="image/x-icon" href="/wiki/images/favicon.ico" />
<link rel="icon" type="image/x-icon" href="/wiki/images/favicon.ico" />

<pre>
!!! Overview
[{$pagename}] defines the [Trust] [Policy] of a [Community of Interest]

!! Sole Source [{$pagename}] [1]
A Sole Source [{$pagename}] is an [Entity] that acts as [Identity Provider (IDP)] and [Relying Party] ([RP]) for itself. Such an [entity] issues all [identities|Digital Identity] that it recognizes, and only [trusts] [identities|Digital Identity] that it has issued.

!! Pairwise Agreement [{$pagename}] [1]
Two [entities] want to trust [identities|Digital Identity] issued by one another, but there is no outside [governance] or [policy] framework for them to do so. They negotiate a specific agreement that covers only the two of them. Each institution [trusts] the other to properly manage the [identities|Digital Identity] that it issues.

!! [Peer-to-peer] Identity [{$pagename}] [1]
When no central [Identity Provider (IDP)] or [governance] agreement is present, participants assert their own [identities|Digital Identity] and each individual decides who they [trust] and who they do not. Each participant is a peer with equal standing and each can communicate with anyone else in the network.

!! Three Party [{$pagename}] [1]
A trusted [Identity Provider (IDP)] provides [identities|Digital Identity] to both the requester and [Service Provider]. In order to interact with one another, both must agree to [trust] the same [Identity Provider (IDP)]s.

!! [Federation] [{$pagename}] [1]
A single, standard contract defines a limited set of roles and technologies, allowing similar types of institution to trust [identities|Digital Identity] issued by one another.
* Mesh [Federations] - These share a common legal agreement at the contract that creates permissible interoperability.
* Technical [Federations] - These share a common technical hub responsible for making the interoperability happen.
* Inter-Federation [Federations] - This is what happens when one [federation] actually inter-operates with another [federation].

!! Four-Party [{$pagename}] [1]
A four-party [{$pagename}] provides a comprehensive set of interlocking legal contracts that detail roles, responsibilities, and technical methods. In order to take part in the network, each party must agree to one of the contracts in a given framework. [Identity Provider (IDP)] specialize in providing support for particular roles. This is often used within the [Payment Network]

!! Centralized [Token] Issuance, Distributed Enrollment [{$pagename}] [1]
A special case [peer-to-peer] network. Participants want to establish trusted identities that can be used securely for ongoing, high-value communication among organizations. A [trusted|Trust], central provider issues identity [tokens] which are then enrolled independently by each [Service Provider]. [Service Providers] are __not__ required to cooperate or accept one another’s enrollments.

Examples: The most common examples are [RSA SecurID] and [SWIFT] [3SKey]. [Hardware tokens|Hard tokens] are issued by a [trusted|Trust] provider, which are then used to [authenticate] individual identities.

!! Individual Contract Wrappers
When providing information to a service, the requester also provides terms for how that information can be used. [Service Providers] agree to honor those terms in exchange for access to the data, and compliance is enforced through contract law. Terms might include an expiration date, limits on whether the data can be re-sold, or whether it can be used in aggregate form. This model is the mirror image of the Sole Source.

!! Open [Trust Frameworks] [{$pagename}]
A [Trust Framework] is a specification that describes a set of identity proofing, security, and privacy policies. The [Trust Framework] is authored by subject matter experts, and is written with the intent that [compliance] can be assessed. The framework also lists the qualifications that an assessor must have in order to judge compliance.

A Framework Listing Service Provides a publicly visible location where [Trust Frameworks] can be published and tracked. The listing service sets guidelines for acceptable frameworks and accredits assessors to verify that services implement the frameworks properly.!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [Field Guide to Internet Trust Models|https://identitywoman.net/topics/big-ideas/trust-framework/|target='_blank'] - based on information obtained 2016-12-21 
</pre>