Framework Profile

From MgmtWiki
Jump to: navigation, search

Full Title or Meme

A common trust framework will need fine-grained specifications for applying common principles to specific vertical industry and horizontal community requirements.

Context

As part of phase III of the IDEF a series of profiles will be created for vertical (health care, financial) and horizontal (vulnerable populations) areas. The first two are:

  1. Health Care Profile
  2. Financial Profile

Problems

Technology Short Comings

There are at least two identity challenges that need to be resolved before secure communications can be undertaken with web sites that have important personal information like health or financial information:

  1. The identity of the web site itself is seldom clear. Some sites have urls that are easy to recognized, but many do not and even those that do are subject to spoofing by sites that deliberately try to confuse the user, often with alphabets that are very close to the Latin one we are familiar with. What the user needs is clear indication of who is responsible for the web site in a way that is easy for them to understand.
  2. Documents that are delivered from health and financial sites very often is delivered by some site other that the one that created the information as is responsible for it. So it is important to package the information and display the owner of the information in a way that is easy for the user to understand. For example; in health care a variety of health care providers (primary care physician, lab) and data controllers (Epic, etc.) are involved in provisioning patient information. When data is displayed to the user, it is seldom clear where the data originated and who controls access to the data. These need to be clear if the patient is a exercise their right to ultimate control of the information.

Both of these issues are known and solutions are being explored. These use case are built with the understanding that these problems will be fixed in the near term.

Solution

  • The operational assumption is that the IDEF baseline functional requirements will serve as a common trust framework.
  • The information on Framework Profiles is being tracked on this Kantara IDEF wiki site].

Reference