Define and publish a high-level guide for a Trust Frameworks through analysis of the ways this has been done to date across different regional trust frameworks.
Considerations:
- What should the framework contain?
- What Roles are there within the framework?
- How can it be governed? (existing paper on oversight authorities)
- What are the key consumer and relying party principles that must be supported?
- What is the role of a Trustmark in communicating the framework to consumers and relying parties?
- A Glossary is required that can be used for all OIX papers and guides going forward.
Focus Areas:
Overall Trust Framework elements layer design. (Required for OIX Guide)
- What are the key layers? Particularly for Interoperability.
- How should the layers be grouped?
- What rules, policies and procedures might be required at each layer.
Trust Framework roles (Required for OIX Directory)
- Participating Roles and how they interoperate.
- How different roles may often be played by one actor. Examples of this in different geographies.
- Operational roles for those running trust frameworks and schemes.
- Who sets and who is subject to each policy and procedure.
- How might contracts / legal agreements be structured for those participating in the framework
Consumer and Relying Party Principles
- Simple plain language principles.
- Why these 2 parties needs should dictate ALL principles that the framework will need to follow
- Principles precedents: Consumer, Relying Party, Scheme.
- What obligations should each role in the ecosystem should have to support each principle.
TrustMark Guide
- What should a Trustmark convey to the user and relying party to support the principles.
- Should (or how should) a trustmark convey the level of trust a users ID has attained?
- Should there be single Trustmark in each nation / region?
The following organisations are contributing to this working group:
Blockpass, Consult Hyperian, DCMS, UK Cabinet Office, DWP, Etive, IAG, ID Crowd, Idemia, IdenTrust, Innovate Identity, Lexis Nexis, Microsoft, Miracl, Mvine, NatWest Group, Open Identity Foundation, Pinsent Masons, Sopra Steria, tScheme, Yoti.