Difference between revisions of "Framework Profile"

From MgmtWiki
Jump to: navigation, search
(Full Title or Meme)
(Context)
 
(8 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
==Full Title or Meme==
 
==Full Title or Meme==
 
A common trust framework will need fine-grained specifications for applying common principles to specific vertical industry and horizontal community requirements.
 
A common trust framework will need fine-grained specifications for applying common principles to specific vertical industry and horizontal community requirements.
 +
==Context==
 +
As part of phase III of the [[IDEF]] a series of [https://wiki.idesg.org/wiki/index.php/Framework_Profiles Framework Profile]s in the Kantara Initiative will be created for vertical (health care, financial) and horizontal (vulnerable populations) areas. The first two are:
 +
#[https://wiki.idesg.org/wiki/index.php/Health_Care_Profile Health Care Profile]
 +
#[https://wiki.idesg.org/wiki/index.php/Financial_Profile Financial Profile]
 +
 +
==Problems==
 +
===Technology Short Comings===
 +
There are at least two identity challenges that need to be resolved before secure communications can be undertaken with web sites that have important personal information like health or financial information:
 +
# The identity of the web site itself is seldom clear. Some sites have urls that are easy to recognized, but many do not and even those that do are subject to spoofing by sites that deliberately try to confuse the user, often with alphabets that are very close to the Latin one we are familiar with. What the user needs is clear indication of who is responsible for the web site in a way that is easy for them to understand.
 +
# Documents that are delivered from health and financial sites very often is delivered by some site other that the one that created the information as is responsible for it. So it is important to package the information and display the owner of the information in a way that is easy for the user to understand. For example; in health care a variety of health care providers (primary care physician, lab) and data controllers (Epic, etc.) are involved in provisioning patient information. When data is displayed to the user, it is seldom clear where the data originated and who controls access to the data. These need to be clear if the patient is a exercise their right to ultimate control of the information.
 +
Both of these issues are known and solutions are being explored. These use case are built with the understanding that these problems will be fixed in the near term.
  
 
==Solution==
 
==Solution==
The information on [[Framework Profile]]s is being tracked on [https://wiki.idesg.org/wiki/index.php/Framework_Profiles this Kantara IDEF wiki site]].
+
*The operational assumption is that the IDEF baseline functional requirements will serve as a common trust framework.
 +
*The information on [[Framework Profile]]s is being tracked on [https://wiki.idesg.org/wiki/index.php/Framework_Profiles this Kantara IDEF wiki site]].
 +
==Reference==
 +
 
 +
[[Category:Glossary]]
 +
[[Category:Profile]]

Latest revision as of 09:13, 3 May 2019

Full Title or Meme

A common trust framework will need fine-grained specifications for applying common principles to specific vertical industry and horizontal community requirements.

Context

As part of phase III of the IDEF a series of Framework Profiles in the Kantara Initiative will be created for vertical (health care, financial) and horizontal (vulnerable populations) areas. The first two are:

  1. Health Care Profile
  2. Financial Profile

Problems

Technology Short Comings

There are at least two identity challenges that need to be resolved before secure communications can be undertaken with web sites that have important personal information like health or financial information:

  1. The identity of the web site itself is seldom clear. Some sites have urls that are easy to recognized, but many do not and even those that do are subject to spoofing by sites that deliberately try to confuse the user, often with alphabets that are very close to the Latin one we are familiar with. What the user needs is clear indication of who is responsible for the web site in a way that is easy for them to understand.
  2. Documents that are delivered from health and financial sites very often is delivered by some site other that the one that created the information as is responsible for it. So it is important to package the information and display the owner of the information in a way that is easy for the user to understand. For example; in health care a variety of health care providers (primary care physician, lab) and data controllers (Epic, etc.) are involved in provisioning patient information. When data is displayed to the user, it is seldom clear where the data originated and who controls access to the data. These need to be clear if the patient is a exercise their right to ultimate control of the information.

Both of these issues are known and solutions are being explored. These use case are built with the understanding that these problems will be fixed in the near term.

Solution

  • The operational assumption is that the IDEF baseline functional requirements will serve as a common trust framework.
  • The information on Framework Profiles is being tracked on this Kantara IDEF wiki site].

Reference