The OIX Guide to Trust Frameworks is designed to provide an expert view on what a good trust framework might look like, by detailing its salient components: the principles, content, roles and responsibilities.
The guide provides comprehensive, practitioner informed descriptions along with real-world examples of all the potential components in a trust framework by defining it within the following context:
- User services (e.g. Consent, multiplicity, ID creation etc.)
- Organisational services (e.g. User access, ID Assurance, Liability, SLAs etc.)
- Trust rules (e.g. Proofing, authentication, assurance etc.)
- General rules (e.g. MI, audit, fraud controls etc.)
- Security and Technical Requirements
- Governance (e.g. Certification, enrolment, operations etc.)
Additionally, it defines and details the roles and responsibilities within a framework, outlining the functions, input and outputs of each party within the framework. This is critical for potential new entrants to determine how they can participate, contribute to, or derive the most benefit from a trust framework.
The guide is intended to provide a clear, jargon-free guide to trusted identity and attributes for both users and organisations, in line with the OIX mission to present the human end of identity as opposed to a solely technical viewpoint. To this end, the guide is technology agnostic providing the neutrality to allow providers of trust frameworks to implement frameworks in accordance with their own specific technical needs.
It will allow regulators to comprehend the relevance of trust frameworks when defining appropriate regulations for areas such as anti-money laundering.
The identity community uses a plethora of specialist terminology. In order to try and standardise the vernacular OIX has created a separate Glossary of Identity Terms, including common synonyms.
How will the guide be developed?
During the course of 2020 this guide will link to further, more detailed, reference guides on the previously mentioned topics. These reference guides will detail what needs to be accomplished in order to deliver the high-level contents and what considerations need to be given to ensure the success and interoperability of any resulting scheme.