Elements of a Trust Framework

Document Sample
Elements of a Trust Framework Powered By Docstoc
					Elements of a Trust Framework

       A Conceptual Model
         By Jeff Stollman
           12 JAN 2011
A problem well-stated is a
 problem half solved.
  – Charles Kettering, inventor (1876-1958)
TRUST AND TRUST FRAMEWORKS
                                     Definitions
• TRUST
  – Willingness (of a party) to engage in a particular transaction
  – firm belief in the reliability, truth, or ability of a counterparty to live up
    to its commitment
      –   firm belief in the reliability, truth, or ability of someone or something (OED)

• TRUST ELEMENT
  – A performance commitment by a single party (Object) to a second
    single party (Subject) that engenders the trust of the Subject in the
    performance of the Object.
      • Trust Elements are uni-directional.

• TRUST FRAMEWORK
  – A set of verifiable commitments from the various parties of a
    transaction to the other parties. These commitments necessarily
    include
      • Controls (including regulatory and contractual obligations) to help ensure
        commitments are delivered
                    The Laws of Trust
1.   For each trust element, there can be trust relationships between
     each pair of parties
2.   Trust relationships are binary
     –   i.e., each relationship involves only two parties
3.   Trust relationships are uni-directional
     –   i.e., trust flows only one way in each relationship
     –   Mutual trust between two parties requires two relationships
4.   Trust is not uniform.
     –   i.e., trust that exists for one transaction may not exist for another
5.   Trust is not personal.
     –   i.e., trust applies to each commitment a party makes separately
6.   The potential number of trust relationships in a Trust Framework
     is the number of permutations (not combinations) of the parties.
     –   Not all permutations will be valid for each Trust Element.
  Further Defining a Trust Framework
• A network of trust relationships (Trust
  Elements) among all parties to a transaction
  that addresses the assurances needed by each
  of them to trust the other relevant parties for
  each relevant Trust Element.
  – It is indivisible.
     • If all trust relationships are not addressed there is the
       possibility that insufficient trust will exist to facilitate
       the transaction. Therefore,
  – A viable Trust Framework must be comprehensive.
Trust Framework Problem Space*
                                   Informed
               Identity             Consent
                                                   Sharing
               Proofing                             Limits
                          Credential
      Credential          Authentica           Retenti
       Issuance              tion                 on
                                                Limits           Minimi
                                                                 zation
   Attribute                                   Ability
   Proofing                   Security           to
                                               Correct           Reputa
                                                                  tion
     Durable         Timely         Business
     Notice          Notice         Processes
                                                         Availability
                                       Tools
                Com-
                plete
                                               Oversight                * Partial listing of
                Notice         Robust                                   Trust Elements
                              Processes
PRIVACY FRAMEWORKS
    Defining a Privacy Framework
• A Privacy Framework is a logical subset of the Trust
  Elements in a Trust Framework.
   – It is not all-inclusive of the Trust Elements in the Trust
     Framework.
   – The selection of Trust Elements to be included in the
     subset is not critical.
      • Good selection can yield more valuable benefits sooner.
   – It is critical that the Privacy Framework be supplemented
     by other subsets of the Trust Framework.
   – The value of the Privacy Framework is enhanced as the
     supplemental frameworks approach the totality of the
     Trust Framework.
 Current approaches to Creating a Privacy Framework A
 Org A                                     Informed
Approach                                    Consent
                       Identity                            Sharing
                       Proofing                             Limits
                                  Credential
              Credential          Authentica           Retenti
               Issuance              tion                 on
                                                        Limits           Minimi
                                                                         zation
           Attribute                                   Ability
           Proofing                   Security           to
                                                       Correct           Reputa
                                                                          tion
             Durable         Timely         Business
             Notice          Notice         Processes
                                                                 Availability
                                               Tools
                        Com-
                        plete
                                                       Oversight
                        Notice         Robust
                                      Processes
 Current approaches to Creating a Privacy Framework B
 Org B                                     Informed
Approach                                    Consent
                       Identity                            Sharing
                       Proofing                             Limits
                                  Credential
              Credential          Authentica           Retenti
               Issuance              tion                 on
                                                        Limits           Minimi
                                                                         zation
           Attribute                                   Ability
           Proofing                   Security           to
                                                       Correct           Reputa
                                                                          tion
             Durable         Timely         Business
             Notice          Notice         Processes
                                                                 Availability
                                               Tools
                        Com-
                        plete
                                                       Oversight
                        Notice         Robust
                                      Processes
                                 US Fair Credit Reporting Act
                         US DOC Dynamic Privacy Framework (2010)
                             US FTC Proposed Framework (2010)
Anna Slomovic’s Matrix




                              Uses and Obligations Framework
                                  APEC Privacy Framework
                                                                        X

                                                                                 X



                                                                                                                   X

                                                                                                                                            X

                                                                                                                                                              X

                                                                                                                                                                           X

                                                                                                                                                                                    X

                                                                                                                                                                                                 X

                                                                                                                                                                                                              X

                                                                                                                                                                                                                             X

                                                                                                                                                                                                                                           X



                                                                                                                                                                                                                                                                      X




                          Japan Personal Information Protection Act
                                                                        X

                                                                                 X



                                                                                                                   X

                                                                                                                                            X

                                                                                                                                                              X

                                                                                                                                                                           X

                                                                                                                                                                                    X

                                                                                                                                                                                                 X

                                                                                                                                                                                                              X

                                                                                                                                                                                                                             X

                                                                                                                                                                                                                                           X




                            Australian Naitonal Privacy Principles
                                                                        X

                                                                                 X



                                                                                                                   X

                                                                                                                                            X

                                                                                                                                                              X

                                                                                                                                                                           X

                                                                                                                                                                                    X

                                                                                                                                                                                                 X

                                                                                                                                                                                                              X




                                                                                                                                                                                                                                                                      X
                                US-EU Safe Harbor Principles
                                                                        X

                                                                                 X




                                                                                                                                            X

                                                                                                                                                              X

                                                                                                                                                                           X

                                                                                                                                                                                    X

                                                                                                                                                                                                 X

                                                                                                                                                                                                              X


                          US FTC Fair Information Practice Principles
                                                                        X

                                                                                 X




                                                                                                                                                                           X

                                                                                                                                                                                    X

                                                                                                                                                                                                 X

                                                                                                                                                                                                              X

                                                                                                                                                                                                                             X
                                           PIPEDA
                         Canadian Standards Association Privacy Code
                                                                        X

                                                                                 X



                                                                                                                   X

                                                                                                                                            X

                                                                                                                                                              X

                                                                                                                                                                           X

                                                                                                                                                                                    X

                                                                                                                                                                                                 X

                                                                                                                                                                                                              X

                                                                                                                                                                                                                             X

                                                                                                                                                                                                                                           X



                                                                                                                                                                                                                                                                      X
                             US Health Insurance Portability And
                                                                        X

                                                                                 X

                                                                                           X



                                                                                                                                            X

                                                                                                                                                              X

                                                                                                                                                                           X

                                                                                                                                                                                    X

                                                                                                                                                                                                 X



                                                                                                                                                                                                                             X




                                                                                                                                                                                                                                                                      X
                                     Accountability Act
                                                                        X

                                                                                 X



                                                                                                                   X

                                                                                                                                            X



                                                                                                                                                                           X

                                                                                                                                                                                    X

                                                                                                                                                                                                 X

                                                                                                                                                                                                              X

                                                                                                                                                                                                                             X

                                                                                                                                                                                                                                           X



                                                                                                                                                                                                                                                                      X



                                                                                                                                                                                                                                                                                                            X
                                 EU Data Protection Directive
                           UN Guidelines Concerning Cmputerized



                                                                        X

                                                                                 X



                                                                                                                   X

                                                                                                                                            X



                                                                                                                                                                           X

                                                                                                                                                                                    X

                                                                                                                                                                                                 X

                                                                                                                                                                                                              X

                                                                                                                                                                                                                             X




                                                                                                                                                                                                                                                                      X
                                       Personal Data
                                   OECD Privacy Guidelines




                                                                        X

                                                                                 X

                                                                                           X

                                                                                                                   X

                                                                                                                                            X



                                                                                                                                                                           X

                                                                                                                                                                                    X

                                                                                                                                                                                                 X

                                                                                                                                                                                                              X



                                                                                                                                                                                                                                           X



                                                                                                                                                                                                                                                                      X
                                   The Privacy Act of 1974




                                                                        X

                                                                                 X

                                                                                           X

                                                                                                                   X

                                                                                                                                            X

                                                                                                                                                              X

                                                                                                                                                                           X

                                                                                                                                                                                    X

                                                                                                                                                                                                 X

                                                                                                                                                                                                              X




                                                                                                                                                                                                                                                                      X

                                                                                                                                                                                                                                                                                 Crisis/Breach Management
                                                                                                                   Collection Limitations
                                                                                           Purpose Specification



                                                                                                                                            Use Limitations




                                                                                                                                                                                                                                                                                                            Proportionality
                                                                                                                                                                                                                                           Accountability
                                                                                                                                                                                                                             Enforcement
                                                                                                                                                                                                              Data Quality
                                                                                                                                                                                                 Safeguards
                                                                                                                                                                                    Correction
                                                                                                                                                              Disclosure




                                                                                                                                                                                                                                                                      Openness
                                                                                 Consent




                                                                                                                                                                                                                                                            Redress
                                                                                                                                                                           Access
                                                                        Notice
SPECIFYING THE TRUST
FRAMEWORK
  Classifying Trust Elements*
• Identity proofing                             • Informed consent
• Credential                                    • Ability to fix
  Issuance                                      • Selective
• Credential                                      disclosure
  Authentication
                        Identity     Privacy




                      Notification   Controls

• Intent                                        • Technical tools
• Procedures                                    • Business
• Breech                                          Processes
  Notification
                                                      *Partial listing
           A Trust Framework is a
             System of Systems
• Systems within the Trust Framework include:
   –   Identity Framework
   –   Privacy Framework
   –   Notification Framework
   –   Controls Framework
• Are there other systems left out?
   – E.g., Data integrity Framework
        • IdPs and APs assuring that data used for vetting is current and
          accurate
        • IdPs and APs assuring that data provided to RPs is current and
          accurate
        • Subjects having the ability to review and correct their information
    Elements of an Identity Framework*
•   Identity proofing
•   Attribute proofing
•   Credential generation
•   Credential issuance
•   Credential lifecycle management


• *Example listing
Elements of a Privacy Framework*
•   Informed consent
•   Restrictions on collection
•   Restrictions on use
•   Restrictions on how/to whom it is distributed
•   Retention limits (minimum and maximum)
•   Maintain accuracy
•   Ability to correct
•   Protection of data

• *Example listing
Elements of a Notification Framework*
•   Timely presentation
•   Informed Consent
•   What is collected
•   Why its collected
•   How it is used
•   How it is stored
•   Data retention
•   How/to whom it is distributed
•   Remedies

• *Example listing
    Elements of a Controls Framework*
•   Secure network communication
•   Secure storage
•   Secure disposal
•   Staff vetting
•   Intra-organization business-process exposure
•   Inter-organization business-process exposure
•   Third-party verification
•   Process monitoring
•   Management oversight
•   Remedies

• *Example Listing
ROLES
   Parties in a Trust Framework 1
• Primary roles
  – Those who actual conduct the transaction
     •   Subject
     •   Identity Provider
     •   Attribute Provider
     •   Relying Party (Service Provider)
   Parties in a Trust Framework 2
• Secondary roles
  – Additional/alternate parties to the primary roles
    who may/may not be involved in a particular
    transaction
     •   Subject Delegate    •Registration Authority
     •   Entity              •Verifier
     •   Entity Agent        •Credential Issuer
     •   Entity Delegate     •Subscriber
     •   ISP
          – For each Party
   Parties in a Trust Framework 3
• Tertiary roles
  – Those who provide enforcement of and remedies
    to agreements among the primary and secondary
    roles
     •   Trust Framework Provider
     •   Federation Operator
     •   Assessor
     •   Regional legal system
     •   Referee
           Roles of the Parties
• The role of any party can change – even within
  the conduct of a single transaction. E.g.,
  – An IdP may also be a Credential Provider
  – A Federation Operator may also act as an Assessor
  – An RP may be a Subject in having its identity
    verified by Subject, IdP, or AP.
  – An RP who sells something to Subject A, may then
    become an AP vouching for Subject A’s conduct in
    the prior sale (e.g., paid on time)
        Example Trust Elements
• Identity       • Comprehensiveness of process used to verify
                   that a Subject is who he/she/it represents itself
  Proofing         to be to Object
• Credential     • Robustness (resistance to counterfeiting) of
                   process of credential issuance to Subject by
  Issuance         Object
• Data           • Extent of risk imposed on Subject through the
  Collection 1     data collected by Object

• Data           • Extent to which Object collects only the
  Collection 2     minimum amount of data from Subject needed
                   to support transaction
• Data           • Ease with which Subject can exercise control
  Protection 3     over release of personal information by Object
    Matrix View of Trust Framework Map
                Trust      Subject   SUBJECT SUBJECT SUBJECT IdP     IdP   IdP   RP      RP         RP        AP      AP    AP
Trust Element Relationship Object    IdP       RP    AP      SUBJECT RP    AP    SUBJECT IdP        AP        SUBJECT IdP   RP
Identity Proofing                     Identity
Credential Issuance                   Identity
Attribute Proofing
Credibility
Credential Authentication            Identity
Availability                           NA         NA        NA                     NA          NA        NA
Data Collection 1                               Privacy
Data Collection 2                               Privacy
Data Protection 1                               Controls
Data Protection 2                               Controls
Data Protection 3                               Ctrl-Pri
Data Protection 4                               Controls
Data Protection 5                               Controls
Data Protection 6                               Controls
Notification 1                                   Notice    Notice
Notification 2                                   Notice    Notice
Notification 3                                   Notice    Notice
Notification 4                                   Notice    Notice
Notification 5                                   Notice    Notice
Consent                                         Privacy
User Controls 1
User Controls 2
Breach Response
              0
                                                  Roadmap Forward
                                        Subject   SUBJECT      SUBJECT          SUBJECT       IdP        IdP       IdP        RP         RP         RP         AP        AP          AP
                         Trust
Trust Element            Relationship   Object    IdP          RP               AP            SUBJECT    RP        AP         SUBJECT    IdP        AP         SUBJECT   IdP         RP
Identity Proofing                                   Identity

Credential Issuance                                 Identity

Attribute Proofing
Credibility
Credential Authentication                           Identity

Availability                                            NA            NA              NA            ?          ?         ?         NA          NA        NA         ?           ?         ?
Data Collection 1                                                   Privacy
Data Collection 2                                                   Privacy
Data Protection 1                                                Controls
Data Protection 2                                                Controls
Data Protection 3                                                   Ctrl-Priv
Data Protection 4                                                Controls
Data Protection 5                                                Controls
Data Protection 6                                                Controls
Data Protection 7                                                Controls
Notification 1                                                      Notice           Notice         NA                   NA        NA?         NA        NA?        NA         NA?
Notification 2                                                      Notice           Notice         NA                   NA        NA?         NA        NA?        NA         NA?
Notification 3                                                      Notice           Notice         NA                   NA        NA?         NA        NA?        NA         NA?
Notification 4                                                      Notice           Notice         NA                   NA        NA?         NA        NA?        NA         NA?
Notification 5                                                      Notice           Notice         NA                   NA        NA?         NA        NA?        NA         NA?
Consent                                                             Privacy
User Controls 1
User Controls 2
Breach Response                                                                                     NA                             NA                               NA
                     0
                   Conclusions
1. The Trust Framework problem is a System of
   Systems issue.
2. While in an ideal world all cells need to be complete
   for comprehensive trust, practical levels of trust can
   be obtained by specifying criteria for selective cells.
3. By attaining consensus on the map of the problem
   space (the trust elements and the roles), we can
   determine the appropriate categories for major
   subsystems (e.g., Identity, Privacy, Notification,
   Controls).
            Conclusions cont’d.
4. After attaining consensus, we can allocate the cells
   among the sub-systems to allow us to work in
   parallel to more rapidly build a coherent Trust
   Framework.
5. We can prioritize the order in which we address the
   cells to maximize our impact.
6. As long as we follow the map, we can shift cells from
   subsystem to subsystem and reprioritize the order
   without losing coherence.
                     Speculation
• It is commonly assumed that our Service Assessment Criteria
  must follow existing regulatory requirements.
• I suggest that this is not so.
• If we devise reasonable Service Assessment Criteria that
  afford multiple levels of assurance/protection for each
  subsystem, entities can seek certification at the level needed
  to meet both their business and regulatory requirements.
• Hopefully, the Criteria levels will afford enough parallelism
  with major regulations to make this achievable.
• If not, perhaps the maturity of our framework will prompt
  regulators to have the courage to update their codes,
  coalescing around a better mix of economy and protection.
BACKUP SLIDES
      Parties in a Trust Framework
Party                      Description
Trust Framework Provider   Sets the rules for operation of the trust framework; Accredits
                           assessors
Federation Operator        Operates identity federation in accordance with trust framework

Assessor                   Verifies compliance of various parties with the rules of the trust
                           framework
Subject                    Person to whom credential is issued;
                           Person who wishes to have access to a resource controlled by
                           relying party
Subject’s Delegate         Person who is authorized by Subject to act on behalf of Subject

Relying Party              Controls a resource that users wish to access
                           Determines attributes required for access to resources
Identity Provider          Verifies identity of Subjects as specified in the trust framework

Credential Provider        Issues credentials that meet criteria for content and technical
                           specifications as specified in the trust framework; Verifies
                           validity of credentials when requested by Relying Party
Attribute Provider         Verifies attributes associated with Subjects as specified in the
                           trust framework
                 Definitions 3
• IPSEITY
  – Your unique carbon life form
• ATTRIBUTE
  – Everything that is not Ipseity

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:0
posted:5/18/2013
language:English
pages:33