Requirements: Attestation

McGovern, James F (HTSC, IT) James.McGovern at thehartford.com
Thu Jan 18 17:01:51 UTC 2007 

Hopefully everyone is noodling the previously sent requirements on relationship and will reply back with their own thoughts. In the meantime, I figured I would also share the requirements for attestation:


*	At the high level, there are two ways that attestation can work:

*	The identity store of the user will contain not only a pointer to whomever attests that they are whom they say they are, but also a recording of timestamp that this attestation occured along with a digitally signed indicator that it occured. Likewise the attestation should have a defined start and end date along with specifying the relationship between the two parties. 

*	The identity store of the user will contain a pointer to the user whom they believe can vouch for them and contains an indicator of their relationship. On the attestors side, they have the option of either storing previous requests for attestation and their response and/or a pointer that defers attestation to a higher authority (redirection)

*	Attestation requires the ability to indicate the strength and liability of the assertion and may include the following components:

*	Validation of existence - Such as I know James, in context X (relationship) and assert that he is the capacity to do Z 

*	Surety - I take responsibility for any misrepresentations, falsities or concealment of information contained within whatever I sign based on relationship

*	Attestation should not transition over contexts. For example, I may know Johanne in both a work and home context. He should be able to separately and distinctly separate them with distinct characteristics.



*************************************************************************
This communication, including attachments, is
for the exclusive use of addressee and may contain proprietary,
confidential and/or privileged information.  If you are not the intended
recipient, any use, copying, disclosure, dissemination or distribution is
strictly prohibited.  If you are not the intended recipient, please notify
the sender immediately by return e-mail, delete this communication and
destroy all copies.
*************************************************************************

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20070118/67caeea7/attachment-0002.htm>

More information about the specs mailing list