[KI-LC] [WG-FI] PKI vs Non-PKI based trust models
rfurr at safe-biopharma.org
Mon Mar 14 09:29:11 EDT 2011
I would suggest this live in the FIWG. I also agree with Rainer's second bullet, but also suggest that an RFC-3647 like credential policy is needed as a part of the larger Framework. I am, in fact, in the process of developing same for SAFE-BioPharma as we add non-PKI credentials to our identity management scheme. As we move forward we will be offering both PKI and non-PKI credentials to our Subscribers in the biopharmaceutical and healthcare industries.
Head Global Regulatory Affairs and Compliance
New Office: 980-236-7576
From: wg-fi-bounces at kantarainitiative.org [mailto:wg-fi-bounces at kantarainitiative.org] On Behalf Of Rainer Hörbe
Sent: Monday, March 14, 2011 8:09 AM
To: FI WG; dg-bctf at kantarainitiative.org; Kantara Leadership Council Kantara
Cc: Curry Patrick
Subject: [WG-FI] PKI vs Non-PKI based trust models
John, Patrick and I had a discussion about the pros and cons of federation models based on credentials versus assertions. The attached document is a preliminary result with conclusions like
* PKI and non-PKI federation models need to be combined in most cases at higher LoA
* To implement a federation an RFC 3647-style policy is insufficient; A more complete Trust Framework is needed
* Whereas the Higher Education sector favors brokered trust, e-Government and Industry prefer the PKI approach. But it is not a question of one way or the other.
Request for feedback:
I wonder where this discussion should be homed. FIWG, BCTF and TFMM are related, and it is also an extrakantarian issue. Any interest to take over this discussion?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the LC