Full Title or Meme
Within the context of establishing and maintaining a Trusted Identity in Cyberspace different digital entities will need to exchange information in a machine readable format. These exchanges can be represented as a Network Protocol on the way that the data flows among the various entities, or as an Application Program Interface for how one entity exposes the protocol to the network. This page is about the later.
There are three broad areas of sharing that occur in the maintenance of an Identity Ecosystem: credentials, grants and Information Sharing. In the case of credentialing, there is a huge asymmetry between the manner in which a web provider is expected to share credential versus an individual Subject, that teaches us to separate the types of API into these four categories:
- Federation or credential sharing and verification among web providers,
- Authentication or credential sharing and Assurance from an individual.
- Granting of consent by a Subject to a web site to act in its behalf, or as a fiduciary of the subject's property.
- Information Sharing including the reporting of information held by a web site on behalf of a Subject.
How can a Subject trust a web site with only that part of its personal information as is required to acquire access to the resources of the web site.
- Kantara Federation Interoperability Work Group has published a SAML version of metadata exchange.
- OpenID Connect
- NIST 800-63-3
This effort requires a taxonomy of types of information to be shared, which is now available from several sources.
- No work is currently underway in granting consent beyond that buried in the Open ID Connect specification.
- Kantara Consent Receipt is now available in an implementer's draft.
This area would require a taxonomy of data types to be shared; for example the diagnostic codes used in health care.