Difference between revisions of "Verified Claim"
From MgmtWiki
(Created page with "==Full Title or Meme== A statement by or about a Subject is a claim. If there is some corroboration of the claim, it is called a Validated or Verified Claim. A collec...") |
(→Context) |
||
(10 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
==Full Title or Meme== | ==Full Title or Meme== | ||
− | A statement by or about a [[Subject]] is a claim. If | + | A statement (or collection of data) by or about a [[Subject]] is a claim. If the claim is [[Corroborated]], it is called a [[Validated]] or [[Verified Claim]]. |
− | |||
− | |||
==Context== | ==Context== | ||
− | * | + | * Any site can host data about a [[Subject]] and even offer to sell that data to others. Several problems are associated with that exchange: |
− | + | # The data may be false through negligence, incompetence or out-right fraud. | |
+ | # The site that contains the data may have no right to share that data with others. | ||
+ | # A claim represents a data item without much context. Adding context to that data can create [[Verified Information]] which can have great value. | ||
+ | * A [[Verified Claim]] is one use of [[Verified Information]] limited to what is specific to [[Attribute]]s about [[Subject]]s, either real-world or fully digital. | ||
==Solution== | ==Solution== | ||
Line 16: | Line 17: | ||
# The [[Web Site]] will evaluate the [[Verified Claim]]s and determine whether to authorize access to the resource. | # The [[Web Site]] will evaluate the [[Verified Claim]]s and determine whether to authorize access to the resource. | ||
# Optionally the [[Web Site]] will request additional claims to meet the needs to authorize access. | # Optionally the [[Web Site]] will request additional claims to meet the needs to authorize access. | ||
− | |||
− | |||
* In computer networking a variety of statements can be made by a user to acquire authorized access to a resource. | * In computer networking a variety of statements can be made by a user to acquire authorized access to a resource. | ||
* The distinction as to [[Authentication]], who a user is, versus [[Authorization]], or what that user is permitted to do, is no longer helpful. | * The distinction as to [[Authentication]], who a user is, versus [[Authorization]], or what that user is permitted to do, is no longer helpful. | ||
− | * NIST has recognized that there are multiple metrics for the | + | * NIST has recognized that there are multiple metrics for the [[Assurance]] of statements about a user in their third update to SP 800-63-B |
− | |||
==References== | ==References== | ||
[[Category:Glossary]] | [[Category:Glossary]] | ||
[[Category:Authentication]] | [[Category:Authentication]] | ||
− | [[Category: | + | [[Category:Trust]] |
Latest revision as of 08:11, 2 November 2019
Full Title or Meme
A statement (or collection of data) by or about a Subject is a claim. If the claim is Corroborated, it is called a Validated or Verified Claim.
Context
- Any site can host data about a Subject and even offer to sell that data to others. Several problems are associated with that exchange:
- The data may be false through negligence, incompetence or out-right fraud.
- The site that contains the data may have no right to share that data with others.
- A claim represents a data item without much context. Adding context to that data can create Verified Information which can have great value.
- A Verified Claim is one use of Verified Information limited to what is specific to Attributes about Subjects, either real-world or fully digital.
Solution
Claims typically go through a series of steps, for example:
- A User will go to a Web Site hosting a Resource that the user wants to access.
- The Web Site will send a scope to a User asking for Claims to authorize access.
- The User Agent should know, a priori, where to send the Claims for verification.
- The Verified Claims will be collected and forwarded to the Web Site.
- The Web Site will evaluate the Verified Claims and determine whether to authorize access to the resource.
- Optionally the Web Site will request additional claims to meet the needs to authorize access.
- In computer networking a variety of statements can be made by a user to acquire authorized access to a resource.
- The distinction as to Authentication, who a user is, versus Authorization, or what that user is permitted to do, is no longer helpful.
- NIST has recognized that there are multiple metrics for the Assurance of statements about a user in their third update to SP 800-63-B