scc ide trust & functional model for ide standards identification g. whitehead january/february...
TRANSCRIPT
SCCIDE TRUST & Functional Model
for
IDE Standards Identification
G. WhiteheadJanuary/February 2013
2
IDE Functional & Trust Model - Work Summary
• IDE Levels & Chain of Trust Identified• Evidence of Trustworthiness Model Developed• End User Trust Policy/Criteria Sources Identified• Types of Assurances (to show Trustworthiness) Identified• IDE Processes & Systems Identified & Studied• Need for “Assurance Standards” Analyzed• Awareness of Standards Availability Developed• Standards Adoption/Adaptation Criteria Studied• Template for Standards Evaluation/Disposition
Created
3
Standards at the Systems & Processes Level of Trust
4
IDE Trust Model
5
Online: Banking Dating Socializing Gambling Lotteries Shopping Auctions Discovery Help And………………………..
Trust Policies & Criteria Come From End Users:
6
Potential User Group
7
Evidence of Trust Required by RP’s or End Users
8
Trustworthiness will Come From Delivery of:
• Privacy Assurance• Entity Identity Assurance• Entity Suitability Assurance (if provided)
• Entity Authentication Assurance• Security Assurance of Assurance Providers• IDE System & Processes – Security Assurance• IDE – Integrity Assurance (no breaches of trust)
• IDE Transparency Assurance• Recourse Assurance (ability to litigate assurance failures)
• Quality Assurance
9
Entity Trust Levels
10
11
12
Standards at the Systems & Processes Level of Trust
Root of Trust Standard Requirements & Availability
14
15
Template for Standards Evaluation & Disposition
16
17
18
19