[KI-LC] [WG-FI] PKI vs Non-PKI based trust models

Rich Furr rfurr at safe-biopharma.org
Mon Mar 14 09:29:11 EDT 2011

I would suggest this live in the FIWG.  I  also agree with Rainer's second bullet, but also suggest that an RFC-3647 like credential policy is needed as a part of the larger Framework.  I am, in fact, in the process of developing same for SAFE-BioPharma as we add non-PKI credentials to our identity management scheme.  As we move forward we will be offering both PKI and non-PKI credentials to our Subscribers in the biopharmaceutical and healthcare industries.

Rich Furr
Head Global Regulatory Affairs and Compliance
New Office:  980-236-7576
Cell: 201-220-0160

From: wg-fi-bounces at kantarainitiative.org [mailto:wg-fi-bounces at kantarainitiative.org] On Behalf Of Rainer Hörbe
Sent: Monday, March 14, 2011 8:09 AM
To: FI WG; dg-bctf at kantarainitiative.org; Kantara Leadership Council Kantara
Cc: Curry Patrick
Subject: [WG-FI] PKI vs Non-PKI based trust models

John, Patrick and I had a discussion about the pros and cons of federation models based on credentials versus assertions. The attached document is a preliminary result with conclusions like

 *   PKI and non-PKI federation models need to be combined in most cases at higher LoA
 *   To implement a federation an RFC 3647-style policy is insufficient; A more complete Trust Framework is needed
 *   Whereas the Higher Education sector favors brokered trust, e-Government and Industry prefer the PKI approach. But it is not a question of one way or the other.

Request for feedback:
I wonder where this discussion should be homed. FIWG, BCTF and TFMM are related, and it is also an extrakantarian issue. Any interest to take over this discussion?

- Rainer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://kantarainitiative.org/pipermail/lc/attachments/20110314/5a1dd6a0/attachment-0001.html 

More information about the LC mailing list