Difference between revisions of "Federated Ecosystem"
(→Problems) |
(→References) |
||
(49 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
==Full Title or Meme== | ==Full Title or Meme== | ||
− | A sub-set of sentient and non-sentient components | + | A sub-set of sentient and non-sentient components that interact among themselves to increase the information content of the local environment. |
==Context== | ==Context== | ||
− | *The most current paradigm for digital [[Ecosystem]]s is the internet taken together with the definitions and components maintained by [https://www.icann.org/ ICANN], for example the [[Domain Name System]] which servers as the root for all [[URL]]s used on the internet. | + | *The most current paradigm for digital [[Ecosystem]]s is the internet taken together with the definitions and components maintained by [https://www.icann.org/ ICANN], for example the [[Domain Name System]] which servers as the root for all [[URL]]s used on the internet and as the basis for [[Web Site Identity]]. |
**As originally envisioned the [[URL]] obtained with a name lookup that started with the ICAN root server would result in an [[Identifier]] in [[ASCII]] that was human-readable. | **As originally envisioned the [[URL]] obtained with a name lookup that started with the ICAN root server would result in an [[Identifier]] in [[ASCII]] that was human-readable. | ||
**As the internet expanded beyond its original basis in ARPANET, the new languages and cultures turned to the [[Identifier]]s returned by the name lookup into something that was easy to spoof.<ref name="newman">Lily Hay Newman, ''SNEAKY EXPLOIT ALLOWS PHISHING ATTACKS FROM SITES THAT LOOK SECURE.'' (2017-04-18) https://www.wired.com/2017/04/sneaky-exploit-allows-phishing-attacks-sites-look-secure/</ref> | **As the internet expanded beyond its original basis in ARPANET, the new languages and cultures turned to the [[Identifier]]s returned by the name lookup into something that was easy to spoof.<ref name="newman">Lily Hay Newman, ''SNEAKY EXPLOIT ALLOWS PHISHING ATTACKS FROM SITES THAT LOOK SECURE.'' (2017-04-18) https://www.wired.com/2017/04/sneaky-exploit-allows-phishing-attacks-sites-look-secure/</ref> | ||
Line 10: | Line 10: | ||
# '''.com''' name server will provide a link to the company.com domain which gets an [[Enterprise]] server which hosts a collection of servers controlled by the [[Enterprise]]. | # '''.com''' name server will provide a link to the company.com domain which gets an [[Enterprise]] server which hosts a collection of servers controlled by the [[Enterprise]]. | ||
# '''company.com''' server will provide a link to one particular server (perhaps one of many) that can services a request. | # '''company.com''' server will provide a link to one particular server (perhaps one of many) that can services a request. | ||
− | # '''endpoint.company.com''' can initiate further navigation based on the contents of the [[URL]] as needed. | + | # '''endpoint.company.com''' can initiate further navigation based on the contents of the [[URL]] as needed by the company's own DNS resolution service. |
+ | * Other efforts to create a globally unique naming scheme are the CCITT X.400 names and the DOI document names. Neither are curated in any meaningful way. | ||
* There are (at least) two ways to look at a [[Federated Ecosystem]]: | * There are (at least) two ways to look at a [[Federated Ecosystem]]: | ||
# This page is primarily about open [[Web Site]]s including: [[Relying Party]], [[Identifier or Attribute Provider]] and [[Trusted Third Party]]. | # This page is primarily about open [[Web Site]]s including: [[Relying Party]], [[Identifier or Attribute Provider]] and [[Trusted Third Party]]. | ||
Line 16: | Line 17: | ||
==Problems== | ==Problems== | ||
− | + | So how can a [[User]] know enough about a [[Web Site]] to make a trust decision about it. | |
*As noted above<ref name="newman" /> the [[URL]] has failed in its goal to be human-readable as it was pulled in other directions. | *As noted above<ref name="newman" /> the [[URL]] has failed in its goal to be human-readable as it was pulled in other directions. | ||
− | *Google has tried multiple times to replace the URL with some other [[Identifier]]<ref> | + | *Google has tried multiple times to replace the URL with some other [[Identifier]]<ref>Barry Schwartz, ''Google Tests Replacing URL With Site Name In Search Results; Again.'' (2013-10-21) Search Engine Land https://searchengineland.com/google-tests-replacing-url-with-site-name-in-search-results-again-174663</ref> without much success. |
− | *Google is exploring yet other methods to replace the URL<ref>Lily Hay Newman, ''Google Want to Kill the URL.'' Wired https://www.wired.com/story/google-wants-to-kill-the-url/</ref> which makes this a very auspicious time to look at a federated [[Trust]] model. | + | *Google is exploring yet other methods to replace the URL<ref>Lily Hay Newman, ''Google Want to Kill the URL.'' Wired (2018-09-04) https://www.wired.com/story/google-wants-to-kill-the-url/</ref> which makes this a very auspicious time to look at a federated [[Trust]] model. |
+ | ===Should Everyone have Equal Access=== | ||
+ | *It has been an article of faith among the internet partisans that the internet was a unique opportunity to give everyone an equal voice. | ||
+ | *It now seems clear that the real-word decision is -- NO, not everyone deserves an equal voice, some voices are just too hate-filled and violence provoking.<ref>Kate Conger +1, ''Twitter, Citing Harassment, Bars Agitator and His Website.'' (2018-09-07) New York Times p. B1ff</ref> | ||
+ | *In the business world arbiters of [[Trust]] have evolved like E-Bay and Angie's list that seek to rate business based on crowd-sourcing of recommendations. | ||
+ | *All metrics for [[Trust]] are susceptible to manipulation by businesses, both well-meaning and outright fraud. | ||
+ | *Hiding of the metrics for [[Trust]] engender fear, for example Google has been fined and called to account by governments around the world over its search alorithms.<ref>Daisuke Wakabayasi, ''Googles Secrets Revealed (Sort of)'' (2018-09-06) New York Times P. B1ff</ref> | ||
+ | *The inescapable decision seems to be that publicly accessible, [[Validated]] [[Identifier]]s are required for a safe experience on the web. | ||
+ | |||
+ | ===How have Businesses been Rated in the Real-World=== | ||
+ | *Dun and Bradstreet have been rating the creditworthiness of businesses since 1800's and stabled the [https://en.wikipedia.org/wiki/Data_Universal_Numbering_System DUNS number] in 1963, anyone can ask for one. | ||
+ | *The [https://en.wikipedia.org/wiki/International_Suppliers_Network International Suppliers Network] is a system which logs and tracks vendors. Major companies such as General Motors often use the ISN to establish the "trustworthy" status of a new vendor. The ISN also allows companies to import a validated version of a vendor's details directly into their own procurement system. | ||
+ | *The [https://en.wikipedia.org/wiki/Commercial_and_Government_Entity_code CAGE code] is required for doing business with the US Government agencies like the DoD as well as NATO members. | ||
+ | *DBAs (doing business as) create a special problem as they are the branding of the service as opposed to the legal entity offering the service. | ||
+ | **And it is the [[Brand]] that is known and trusted by consumers. No consumer would desire to by groceries from Mondelēz International, but they all do. | ||
+ | **[[Brand]]s have legal status, often international legal status. The problem with using brands is the high barrier to entry that it would place on new businesses. | ||
+ | |||
+ | ===How have [[Web Site]]s been Rated so far=== | ||
+ | *The Google Chrome browser started the effort to force all web sites to have a TLS Cert and encrypted channel to be judged safe. That is working fairly well. | ||
*[[EV Cert]]s were established with a view to solve this problem, but have failed for reason noted on that page. | *[[EV Cert]]s were established with a view to solve this problem, but have failed for reason noted on that page. | ||
+ | *DNS take-downs have been a regular feature of the internet since at least 2013 when Microsoft blocked an entire NDS server <ref>Steve Ragan, ''Takedown of No-IP by Microsoft impacts 1.8M customers.'' (2014-07-14) CSO https://www.csoonline.com/article/2449827/business-continuity/takedown-of-no-ip-by-microsoft-impacts-1-8m-customers.html</ref> | ||
==Solutions== | ==Solutions== | ||
Line 30: | Line 50: | ||
#It is possible that further branching can occur after the first. | #It is possible that further branching can occur after the first. | ||
− | ===Trust Principles=== | + | ===User Trust Principles=== |
*The [[User]] must be able to set a level of [[Assurance]] that any site proffered, either on search, or on some other [[Web Site]] will meet that [[Assurance]] level. (eg. [[COPPA]] sites only) | *The [[User]] must be able to set a level of [[Assurance]] that any site proffered, either on search, or on some other [[Web Site]] will meet that [[Assurance]] level. (eg. [[COPPA]] sites only) | ||
+ | ** The [[Privacy]] expectations should be part of that assurance, for example is [https://wiki.idesg.org/wiki/index.php/Do_Not_Track#Context Do Not Track] honored. | ||
*The user must be able to search for a named [[Entity]]'s [[Web Site]] in a manner that will provide only relevant [[Assurance|assured]] links and not links to competitors or malicious sites. | *The user must be able to search for a named [[Entity]]'s [[Web Site]] in a manner that will provide only relevant [[Assurance|assured]] links and not links to competitors or malicious sites. | ||
+ | |||
+ | ===Web Site Trust Principles=== | ||
+ | *[[Relying Party|Relying Parties]] that host a collection of controlled [[Resource]]s will have assurance levels set for each [[Resource]], lets look as some use cases: | ||
+ | ** Resource A is fine with the BFR self assessment that states the intent of [[Identifier or Attribute Provider|IAP]] of the user is to be in conformance, perhaps to schedule an office visit. | ||
+ | ** Resource B requires that the [[Identifier or Attribute Provider|IAP]] of the user is in health care conformance as it is [[User Private Information]]. | ||
+ | *** If the [[Claim]]s from the user are insufficient, the [[Relying Party]] should have the obligation to inform the user how to acquire the needed claims. | ||
===Trust Hierarchy=== | ===Trust Hierarchy=== | ||
The following is a hypothetical trust hierarchy for the health care framework (profile). Each descendant branch is limited by all of the frameworks above it. In other words, the limitations on the [[Entity]] only get more stringent. | The following is a hypothetical trust hierarchy for the health care framework (profile). Each descendant branch is limited by all of the frameworks above it. In other words, the limitations on the [[Entity]] only get more stringent. | ||
− | # | + | #[[Baseline Functional Requirements]] with self-assessment. |
+ | ##[[Baseline Functional Requirements]] with certified audit. | ||
##United States Health care framework. | ##United States Health care framework. | ||
###Hospitals | ###Hospitals | ||
Line 50: | Line 78: | ||
###Pharmacies | ###Pharmacies | ||
###Labs | ###Labs | ||
+ | ##US High trust Financial framework | ||
+ | ##[https://www.oixnet.org/registry/minors-trust-framework/ Minor's Trust Framework] | ||
It should be clear that individual [[Entity|entities]] have more than one role and so be at more than one node on the tree. The Pharmacy may also be an authorized seller of alcohol registered under some state authority. For any interaction with a user it will be important that the role is clear. What is not clear is how the user should know about the difference between Bartell's the prescription filler and Bartell's the liquor merchant. And it must be clear that the [[User Experience]] is the primary metric. | It should be clear that individual [[Entity|entities]] have more than one role and so be at more than one node on the tree. The Pharmacy may also be an authorized seller of alcohol registered under some state authority. For any interaction with a user it will be important that the role is clear. What is not clear is how the user should know about the difference between Bartell's the prescription filler and Bartell's the liquor merchant. And it must be clear that the [[User Experience]] is the primary metric. | ||
+ | |||
+ | ===Governmental Solutions=== | ||
+ | * US [[NSTIC]] | ||
+ | * Canadian [https://diacc.ca/principles/ Digital Identity Ecosystem Principles] from the [https://diacc.ca/ Digital ID & Authentication Council of Canada (DIACC) ] | ||
==References== | ==References== | ||
Line 58: | Line 92: | ||
[[Category:Glossary]] | [[Category:Glossary]] | ||
[[Category:Identity]] | [[Category:Identity]] | ||
+ | [[Category:Identifier]] |
Latest revision as of 17:25, 24 May 2019
Full Title or Meme
A sub-set of sentient and non-sentient components that interact among themselves to increase the information content of the local environment.
Context
- The most current paradigm for digital Ecosystems is the internet taken together with the definitions and components maintained by ICANN, for example the Domain Name System which servers as the root for all URLs used on the internet and as the basis for Web Site Identity.
- As originally envisioned the URL obtained with a name lookup that started with the ICAN root server would result in an Identifier in ASCII that was human-readable.
- As the internet expanded beyond its original basis in ARPANET, the new languages and cultures turned to the Identifiers returned by the name lookup into something that was easy to spoof.[1]
- The domain name was defined to be extensible, for example endpoint.company.com can be converted to an IP address by the following steps:
- ICANN root server will provided a link to the .com domain, which can be considered as a federation of business sites.
- .com name server will provide a link to the company.com domain which gets an Enterprise server which hosts a collection of servers controlled by the Enterprise.
- company.com server will provide a link to one particular server (perhaps one of many) that can services a request.
- endpoint.company.com can initiate further navigation based on the contents of the URL as needed by the company's own DNS resolution service.
- Other efforts to create a globally unique naming scheme are the CCITT X.400 names and the DOI document names. Neither are curated in any meaningful way.
- There are (at least) two ways to look at a Federated Ecosystem:
- This page is primarily about open Web Sites including: Relying Party, Identifier or Attribute Provider and Trusted Third Party.
- The NIST Public Working Group on Federated Cloud (PWGFC) includes the User which is appropriate for closed systems, like citizens of a country, or employees of a company
Problems
So how can a User know enough about a Web Site to make a trust decision about it.
- As noted above[1] the URL has failed in its goal to be human-readable as it was pulled in other directions.
- Google has tried multiple times to replace the URL with some other Identifier[2] without much success.
- Google is exploring yet other methods to replace the URL[3] which makes this a very auspicious time to look at a federated Trust model.
Should Everyone have Equal Access
- It has been an article of faith among the internet partisans that the internet was a unique opportunity to give everyone an equal voice.
- It now seems clear that the real-word decision is -- NO, not everyone deserves an equal voice, some voices are just too hate-filled and violence provoking.[4]
- In the business world arbiters of Trust have evolved like E-Bay and Angie's list that seek to rate business based on crowd-sourcing of recommendations.
- All metrics for Trust are susceptible to manipulation by businesses, both well-meaning and outright fraud.
- Hiding of the metrics for Trust engender fear, for example Google has been fined and called to account by governments around the world over its search alorithms.[5]
- The inescapable decision seems to be that publicly accessible, Validated Identifiers are required for a safe experience on the web.
How have Businesses been Rated in the Real-World
- Dun and Bradstreet have been rating the creditworthiness of businesses since 1800's and stabled the DUNS number in 1963, anyone can ask for one.
- The International Suppliers Network is a system which logs and tracks vendors. Major companies such as General Motors often use the ISN to establish the "trustworthy" status of a new vendor. The ISN also allows companies to import a validated version of a vendor's details directly into their own procurement system.
- The CAGE code is required for doing business with the US Government agencies like the DoD as well as NATO members.
- DBAs (doing business as) create a special problem as they are the branding of the service as opposed to the legal entity offering the service.
- And it is the Brand that is known and trusted by consumers. No consumer would desire to by groceries from Mondelēz International, but they all do.
- Brands have legal status, often international legal status. The problem with using brands is the high barrier to entry that it would place on new businesses.
How have Web Sites been Rated so far
- The Google Chrome browser started the effort to force all web sites to have a TLS Cert and encrypted channel to be judged safe. That is working fairly well.
- EV Certs were established with a view to solve this problem, but have failed for reason noted on that page.
- DNS take-downs have been a regular feature of the internet since at least 2013 when Microsoft blocked an entire NDS server [6]
Solutions
- A Federated Ecosystem considers how to partition the solution into federations using the existing paradigm of the DNS, but starting from a source of Trust and maintaining that Trust as the federation Evolves.
- Unlike the priorities for the original ARPANET, we consider the primary purpose to be a Trusted Identity in Cyberspace.
- As a working hypothesis we will consider the use case where the federation creates Identifiers based on a new secure schema, it is to be expected that other use cases will be considered before a final paradigm shift is established to a fully Federated Ecosystem.
- The root of trust is a singleton, all federations must accept the baseline functional requirements.
- A variety of trust frameworks, or trust profiles, can be established, the base one is the self-assessment criteria.
- It is possible that further branching can occur after the first.
User Trust Principles
- The User must be able to set a level of Assurance that any site proffered, either on search, or on some other Web Site will meet that Assurance level. (eg. COPPA sites only)
- The Privacy expectations should be part of that assurance, for example is Do Not Track honored.
- The user must be able to search for a named Entity's Web Site in a manner that will provide only relevant assured links and not links to competitors or malicious sites.
Web Site Trust Principles
- Relying Parties that host a collection of controlled Resources will have assurance levels set for each Resource, lets look as some use cases:
- Resource A is fine with the BFR self assessment that states the intent of IAP of the user is to be in conformance, perhaps to schedule an office visit.
- Resource B requires that the IAP of the user is in health care conformance as it is User Private Information.
- If the Claims from the user are insufficient, the Relying Party should have the obligation to inform the user how to acquire the needed claims.
Trust Hierarchy
The following is a hypothetical trust hierarchy for the health care framework (profile). Each descendant branch is limited by all of the frameworks above it. In other words, the limitations on the Entity only get more stringent.
- Baseline Functional Requirements with self-assessment.
- Baseline Functional Requirements with certified audit.
- United States Health care framework.
- Hospitals
- ER
- Psyciatric
- Individuals
- First Responders on active duty
- Physicians
- Cardiaologist(perhaps this is an attribute and not a part of the taxonomy)
- Nurses
- Practitioners
- DEA licensed prescription writers (perhaps this is an attribute and not a part of the taxonomy)
- Pharmacies
- Labs
- Hospitals
- US High trust Financial framework
- Minor's Trust Framework
It should be clear that individual entities have more than one role and so be at more than one node on the tree. The Pharmacy may also be an authorized seller of alcohol registered under some state authority. For any interaction with a user it will be important that the role is clear. What is not clear is how the user should know about the difference between Bartell's the prescription filler and Bartell's the liquor merchant. And it must be clear that the User Experience is the primary metric.
Governmental Solutions
- US NSTIC
- Canadian Digital Identity Ecosystem Principles from the Digital ID & Authentication Council of Canada (DIACC)
References
- ↑ 1.0 1.1 Lily Hay Newman, SNEAKY EXPLOIT ALLOWS PHISHING ATTACKS FROM SITES THAT LOOK SECURE. (2017-04-18) https://www.wired.com/2017/04/sneaky-exploit-allows-phishing-attacks-sites-look-secure/
- ↑ Barry Schwartz, Google Tests Replacing URL With Site Name In Search Results; Again. (2013-10-21) Search Engine Land https://searchengineland.com/google-tests-replacing-url-with-site-name-in-search-results-again-174663
- ↑ Lily Hay Newman, Google Want to Kill the URL. Wired (2018-09-04) https://www.wired.com/story/google-wants-to-kill-the-url/
- ↑ Kate Conger +1, Twitter, Citing Harassment, Bars Agitator and His Website. (2018-09-07) New York Times p. B1ff
- ↑ Daisuke Wakabayasi, Googles Secrets Revealed (Sort of) (2018-09-06) New York Times P. B1ff
- ↑ Steve Ragan, Takedown of No-IP by Microsoft impacts 1.8M customers. (2014-07-14) CSO https://www.csoonline.com/article/2449827/business-continuity/takedown-of-no-ip-by-microsoft-impacts-1-8m-customers.html