Difference between revisions of "Verified Claim"

From MgmtWiki
Jump to: navigation, search
(Created page with "==Full Title or Meme== A statement by or about a Subject is a claim. If there is some corroboration of the claim, it is called a Validated or Verified Claim. A collec...")
 
(Context)
 
(10 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
==Full Title or Meme==
 
==Full Title or Meme==
A statement by or about a [[Subject]] is a claim. If there is some corroboration of the claim, it is called a Validated or [[Verified Claim]].
+
A statement (or collection of data) by or about a [[Subject]] is a claim. If the claim is [[Corroborated]], it is called a [[Validated]] or [[Verified Claim]].
 
 
A collection of [[Attribute]]s and other information about a user that are used in [[Authorization]] of access to a [[Resource]].
 
  
 
==Context==
 
==Context==
*The English word [[Claim]] means to call our for, or to publish, pretty much the same meaning as the Latin word ''clamare''.<ref>Walther W. Skeat, An Etyological Dication of the English Language. Oxford (1882)</ref>
+
* Any site can host data about a [[Subject]] and even offer to sell that data to others. Several problems are associated with that exchange:
* The [https://tools.ietf.org/html/rfc7519#section-2 JWT spec] defines it as "A piece of information asserted about a subject. A claim is represented as a name/value pair consisting of a Claim Name and a Claim Value."
+
# The data may be false through negligence, incompetence or out-right fraud.
 +
# The site that contains the data may have no right to share that data with others.
 +
# A claim represents a data item without much context. Adding context to that data can create [[Verified Information]] which can have great value.
 +
* A [[Verified Claim]] is one use of [[Verified Information]] limited to what is specific to [[Attribute]]s about [[Subject]]s, either real-world or fully digital.
  
 
==Solution==
 
==Solution==
Line 16: Line 17:
 
# The [[Web Site]] will evaluate the [[Verified Claim]]s and determine whether to authorize access to the resource.
 
# The [[Web Site]] will evaluate the [[Verified Claim]]s and determine whether to authorize access to the resource.
 
# Optionally the [[Web Site]] will request additional claims to meet the needs to authorize access.
 
# Optionally the [[Web Site]] will request additional claims to meet the needs to authorize access.
 
 
  
 
* In computer networking a variety of statements can be made by a user to acquire authorized access to a resource.
 
* In computer networking a variety of statements can be made by a user to acquire authorized access to a resource.
 
* The distinction as to [[Authentication]], who a user is, versus [[Authorization]], or what that user is permitted to do, is no longer helpful.
 
* The distinction as to [[Authentication]], who a user is, versus [[Authorization]], or what that user is permitted to do, is no longer helpful.
* NIST has recognized that there are multiple metrics for the quality of statements about a user in their third update to SP 800-63
+
* NIST has recognized that there are multiple metrics for the [[Assurance]] of statements about a user in their third update to SP 800-63-B
* [[Claim]]s can be highly detailed, do to data fields, or a collection of fields, like the [[User]] address, this can be overwhelming if presented for [[User Consent]]. Some protocols, like [[OpenID Connect]] provide for aggregated collections of claims that OpenID calls '''[[Scope]]'''.<ref>Nat Sakimura ''Scopes and Claims in OpenID Connect'' https://nat.sakimura.org/2012/01/26/scopes-and-claims-in-openid-connect/</ref>
 
  
 
==References==
 
==References==
 
[[Category:Glossary]]
 
[[Category:Glossary]]
 
[[Category:Authentication]]
 
[[Category:Authentication]]
[[Category:Authorization]]
+
[[Category:Trust]]

Latest revision as of 08:11, 2 November 2019

Full Title or Meme

A statement (or collection of data) by or about a Subject is a claim. If the claim is Corroborated, it is called a Validated or Verified Claim.

Context

  • Any site can host data about a Subject and even offer to sell that data to others. Several problems are associated with that exchange:
  1. The data may be false through negligence, incompetence or out-right fraud.
  2. The site that contains the data may have no right to share that data with others.
  3. A claim represents a data item without much context. Adding context to that data can create Verified Information which can have great value.

Solution

Claims typically go through a series of steps, for example:

  1. A User will go to a Web Site hosting a Resource that the user wants to access.
  2. The Web Site will send a scope to a User asking for Claims to authorize access.
  3. The User Agent should know, a priori, where to send the Claims for verification.
  4. The Verified Claims will be collected and forwarded to the Web Site.
  5. The Web Site will evaluate the Verified Claims and determine whether to authorize access to the resource.
  6. Optionally the Web Site will request additional claims to meet the needs to authorize access.
  • In computer networking a variety of statements can be made by a user to acquire authorized access to a resource.
  • The distinction as to Authentication, who a user is, versus Authorization, or what that user is permitted to do, is no longer helpful.
  • NIST has recognized that there are multiple metrics for the Assurance of statements about a user in their third update to SP 800-63-B

References