LDAPWiki: Trust Model

Overview#

Trust Model defines the Trust Policy of a Community of Interest

Sole Source Trust Model [1]#

A Sole Source Trust Model is an Entity that acts as Identity Provider (IDP) and Relying Party (RP) for itself. Such an entity issues all identities that it recognizes, and only trusts identities that it has issued.

Pairwise Agreement Trust Model [1]#

Two entities want to trust identities issued by one another, but there is no outside governance or policy framework for them to do so. They negotiate a specific agreement that covers only the two of them. Each institution trusts the other to properly manage the identities that it issues.

Peer-to-peer Identity Trust Model [1]#

When no central Identity Provider (IDP) or governance agreement is present, participants assert their own identities and each individual decides who they trust and who they do not. Each participant is a peer with equal standing and each can communicate with anyone else in the network.

Three Party Trust Model [1]#

A trusted Identity Provider (IDP) provides identities to both the requester and Service Provider. In order to interact with one another, both must agree to trust the same Identity Provider (IDP)s.

Federation Trust Model [1]#

A single, standard contract defines a limited set of roles and technologies, allowing similar types of institution to trust identities issued by one another.

Mesh Federations - These share a common legal agreement at the contract that creates permissible interoperability.
Technical Federations - These share a common technical hub responsible for making the interoperability happen.
Inter-Federation Federations - This is what happens when one federation actually inter-operates with another federation.

Four-Party Trust Model [1]#

A four-party Trust Model provides a comprehensive set of interlocking legal contracts that detail roles, responsibilities, and technical methods. In order to take part in the network, each party must agree to one of the contracts in a given framework. Identity Provider (IDP) specialize in providing support for particular roles. This is often used within the Payment Network

Centralized Token Issuance, Distributed Enrollment Trust Model [1]#

A special case peer-to-peer network. Participants want to establish trusted identities that can be used securely for ongoing, high-value communication among organizations. A trusted, central provider issues identity tokens which are then enrolled independently by each Service Provider. Service Providers are not required to cooperate or accept one another’s enrollments.

Examples: The most common examples are RSA SecurID and SWIFT 3SKey. Hardware tokens are issued by a trusted provider, which are then used to authenticate individual identities.

Individual Contract Wrappers#

When providing information to a service, the requester also provides terms for how that information can be used. Service Providers agree to honor those terms in exchange for access to the data, and compliance is enforced through contract law. Terms might include an expiration date, limits on whether the data can be re-sold, or whether it can be used in aggregate form. This model is the mirror image of the Sole Source.

Open Trust Frameworks Trust Model#

A Trust Framework is a specification that describes a set of identity proofing, security, and privacy policies. The Trust Framework is authored by subject matter experts, and is written with the intent that compliance can be assessed. The framework also lists the qualifications that an assessor must have in order to judge compliance.

A Framework Listing Service Provides a publicly visible location where Trust Frameworks can be published and tracked. The listing service sets guidelines for acceptable frameworks and accredits assessors to verify that services implement the frameworks properly.!! More Information There might be more information for this subject on one of the following:

[#1] - Field Guide to Internet Trust Models - based on information obtained 2016-12-21