Difference between revisions of "Trusted Identifier"
From MgmtWiki
(→Solutions) |
(→Solutions) |
||
| Line 14: | Line 14: | ||
#That [[Identity]] statement MAY be accessed at multiple locations that are locale specific for language or other purposes. | #That [[Identity]] statement MAY be accessed at multiple locations that are locale specific for language or other purposes. | ||
#That [[Entity]] will have a standard [[URN]] of the form TID:framework:LUID, where the framework will represent a set of rules that the [[Entity]] agrees to follow in all of its online transactions. | #That [[Entity]] will have a standard [[URN]] of the form TID:framework:LUID, where the framework will represent a set of rules that the [[Entity]] agrees to follow in all of its online transactions. | ||
| + | |||
| + | Contents of site at the [[URL]] for the [[Trusted Identifier]]. | ||
| + | {|border="1" padding="2" width="799px" | ||
| + | | Level || Name || Typical use|| User Experience | ||
| + | |- | ||
| + | |1|| Identifier || URN || TID:framework:LUID | ||
| + | |- | ||
| + | |2 || List of required user attributes || Internet of Things || bgcolor="SkyBlue"|Room temperature or video surveillance | ||
| + | |- | ||
| + | |3 || List of requested user attribute || Accessing Web Sites || represents a normal maximum list (not necessarly all | ||
| + | |- | ||
| + | |4 || Privacy policy || URL || DOI or URN | ||
| + | |- | ||
| + | | 5 || Terns of use || URL || DOI or URN | ||
| + | |- | ||
| + | | 6 || Signature Type|| fixed list|| bgcolor="SkyBlue"|RSA2048 (for example) | ||
| + | |- | ||
| + | | 7 ||Signature ||hex value|| bgcolor="SkyBlue"|134bbead23d908e0a3221bc | ||
| + | |} | ||
==References== | ==References== | ||
Revision as of 13:31, 4 December 2018
Full Title or Meme
A Trusted Identifier is deployed by Entities that wish to be known on the internet for who they are in the real world.
Context
- As a part of having a Trusted Identity in Cyberspace a series of Framework Profiles have been created to allow digital Entities to give users a statement about the policies that they support.
Problems
- See the wiki page on Trusted Location for a list of the ways that a URL can be spoof to see why it is a bad idea to expect users to get a Trusted Identifier from a URL.
- EV Certs were introduced to give user's good knowledge of who was behind a web site. They didn't work out as planned as shown on the EV Cert wiki page.
Solutions
- Every real world Entity, be it a legal Entity or a legal name, like a Brand will have one place on the web for making an Identity statement.
- That Identity statement MUST be accessed by a URL at a well-known location in a relevant domain.
- That Identity statement MAY be accessed at multiple locations that are locale specific for language or other purposes.
- That Entity will have a standard URN of the form TID:framework:LUID, where the framework will represent a set of rules that the Entity agrees to follow in all of its online transactions.
Contents of site at the URL for the Trusted Identifier.
| Level | Name | Typical use | User Experience |
| 1 | Identifier | URN | TID:framework:LUID |
| 2 | List of required user attributes | Internet of Things | Room temperature or video surveillance |
| 3 | List of requested user attribute | Accessing Web Sites | represents a normal maximum list (not necessarly all |
| 4 | Privacy policy | URL | DOI or URN |
| 5 | Terns of use | URL | DOI or URN |
| 6 | Signature Type | fixed list | RSA2048 (for example) |
| 7 | Signature | hex value | 134bbead23d908e0a3221bc |
References
- The wiki page Trusted Location describes a solution to the problem on not knowing the trustworthiness or intent of a web page that is displayed on a user's browser window.
