Difference between revisions of "Trust Vector"
From MgmtWiki
| Line 10: | Line 10: | ||
==Solutions== | ==Solutions== | ||
| + | The [[Trust Vector]] consisting of the following claims is typically sent together with contextual information in a form that can be processed by a [[Fraud Detection]] service. | ||
| + | # User claims | ||
| + | ## User assertions | ||
| + | ## User stipulations (typically [[User Consent]] to privacy regulations, but also other user preferences) | ||
| + | ## User [[Point of Presence]] claims (such as the [[FICO U2F]] specification details) | ||
| + | ## Inline Validations (preformed by [[Trusted Third Parties]] and included in the submission from the user) | ||
| + | ## Online Validations (performed by [[Trusted Third Parties]] at the request of the [[Relying Party]] | ||
| + | # Local context | ||
| + | ## User behavior at the local site now and in the past | ||
| + | ## Value or risk as determined by the [[Relying Party]] | ||
==References== | ==References== | ||
Revision as of 11:39, 10 August 2018
Full Title or Meme
A collection of Authentication results or Attribute Validations presented to an Authorization Service to control access to a resource, typically digital but possibly physical.
Context
Internet Relying Parties need to perform Knowledge-based functions to determine if the current request by a User should result in Authorization of access.
Problems
- Many large ecommerce sites are already performing this function, but for obvious reasons do not like to let that fact be known.
- If attackers where to understand the process in full detail, they would know how to subvert it.
Solutions
The Trust Vector consisting of the following claims is typically sent together with contextual information in a form that can be processed by a Fraud Detection service.
- User claims
- User assertions
- User stipulations (typically User Consent to privacy regulations, but also other user preferences)
- User Point of Presence claims (such as the FICO U2F specification details)
- Inline Validations (preformed by Trusted Third Parties and included in the submission from the user)
- Online Validations (performed by Trusted Third Parties at the request of the Relying Party
- Local context
- User behavior at the local site now and in the past
- Value or risk as determined by the Relying Party
