Kantara trust frameworks 2016 05-08

Trust Frameworks Explained (in 20 minutes or less)

Andrew Hughes AndrewHughes3000@gmail.com

KantaraInitiative.org

About the Kantara Initiative

2

What is Kantara? Non-profit founded in 2009. Comprises 60+ Leading Organizations, hundreds of Participants,

Enterprise & Governments. Connects the best of business, Government, Research & Education. Develops Innovations and Programs developing trustworthy on-line

experiences.

Do you recognize our members?

Kantara’s Values Trust

Operating Accreditation, Approval & Certification programs Privacy

Developing privacy respecting solutions. Security

Developing high security solutions and practices Community

Bridging technology and policy requirements

WHAT IS A DIGITAL TRUST FRAMEWORK?

Explaining Digital Trust Frameworks in 20 minutes or less

Fun and Exciting!

What is a Digital Identity Trust Framework?

“Digital Identity”• Identity: A reference or designation used to

distinguish a unique and particular individual, organization or device.

• Trusted Digital Identity: ‘a trusted electronic representation of who I am.’

“Framework”• Digital Identity Trust Frameworks define

the ‘rules of the road’ for interactions between organizations when handling identity, authentication and authorization. Often, these Frameworks form the basis of agreements and contracts.

Free provincial flags for Canada Day!

Resident?

Alice

Apply & Authorize information release

Ask Alice to Get Proof

Tell Telco to Give Proof

A=5 years

Alice gets a free flag!

Why does this work? Festival and a group of Telcos both comply with a Digital Trust

Framework

• UMA protocol is used to make it possible for Alice to authorize electronic information release from one org to another

Did it work before? Kinda

Previously, Festival had to contract with every Telco and configure themselves differently for each one

Festival had to keep track of new Telcos Festival had to adapt to meet each Telco’s technical

requirement Festival had to agree to different terms & lawyer fees

were rising

A reason for a framework?

To make negotiating agreements easier

How?

Framework

Contracts and Agreements

StandardsRegulationsLaws

Framework Profile

Contracts The program negotiates contracts with every

information source Policies, business processes, standards, operating

practices, formats

OR The program requires conformance to Trust

Framework Profile Negotiation burden lowered

Some Details

Digital Trust Framework Elements

Roles & Responsibilities

Digital Trust Framework Elements

Business functions & Expected Processes

Digital Trust Framework Elements

Processes & Criteria (proof of ‘sameness’ and ‘equivalency’)

Digital Trust Framework Elements

Library of Profiles

Tools and Rules Technical protocols Software / servers Cryptography Communication

protocols Standards

Policies for proof of

identity; ‘Levels’ of certainty

Privacy policy Operations practices Designated authorities

The Future Possibilities Model contract clauses Automation for contracts Addition of new roles, responsibilities, business

functions Build a library of framework profiles

Now what?Join us in innovating and verifying trusted identity solutions for the world Kantara Initiative members include global experts from industry and

government in the fields: Identity assurance Privacy Security Policy Information systems assessment

Join. Innovate. Trust. Visit.:

KantaraInitiative.org

Join. Innovate. Trust.General Inquiries: support@kantarainitiative.org

AndrewHughes3000@gmail.comJohn@Wunderlich.ca