New claim verification method proposal
1 view
Skip to first unread message
Semantic Web Trust Portal
Aug 10, 2010, 2:48:59 AM8/10/10
to ICF Community List
Hi everyone,
The Interidy Identity Provider application [1], which has been
developed by Safelayer Secure Communications and is built upon the
modules of the Eclipse Higgins project [2], generates managed
information cards and acts as a provider of identity attributes.
This user-centric application clearly distinguishes between verified
and non-verified identity attributes, and in particular, users are
able to import verified attributes from trusted sources, such as X.509
digital certificates.
The Information Card Foundation wiki already describes a set of
verification methods used to verify claims [3], but we think that they
still fall short. In fact, the COPPA Rules –that are mentioned in that
very section of the wiki– also refer to digital certificates that use
public key technology as a method to obtain verifiable parental
consent, and therefore, verified claims.
So far, Safelayer uses its own URI to state this verification method,
but we suggest that valid qualified digital certificates [4] are also
accepted by the ICF as a new attributes verification method.
Method Name/Year-Month: qualified-certificate/2010-06
Description: The identity attribute included in the digital
certificate matches the identity attribute provided.
Status: Draft
URI: http://schemas.informationcard.net/@ics/verification-method/qualified-certificate/2010-06
We welcome your opinion and your suggestions about this issue.
Regards,
sw...@safelayer.com
[1] http://sandbox.safelayer.com/en/prototypes/1/449
[2] http://www.eclipse.org/higgins/
[4] http://wiki.informationcard.net/index.php/Claim_Catalog?#Verification_Methods
[4] http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31999L0093:EN:HTML
The Interidy Identity Provider application [1], which has been
developed by Safelayer Secure Communications and is built upon the
modules of the Eclipse Higgins project [2], generates managed
information cards and acts as a provider of identity attributes.
This user-centric application clearly distinguishes between verified
and non-verified identity attributes, and in particular, users are
able to import verified attributes from trusted sources, such as X.509
digital certificates.
The Information Card Foundation wiki already describes a set of
verification methods used to verify claims [3], but we think that they
still fall short. In fact, the COPPA Rules –that are mentioned in that
very section of the wiki– also refer to digital certificates that use
public key technology as a method to obtain verifiable parental
consent, and therefore, verified claims.
So far, Safelayer uses its own URI to state this verification method,
but we suggest that valid qualified digital certificates [4] are also
accepted by the ICF as a new attributes verification method.
Method Name/Year-Month: qualified-certificate/2010-06
Description: The identity attribute included in the digital
certificate matches the identity attribute provided.
Status: Draft
URI: http://schemas.informationcard.net/@ics/verification-method/qualified-certificate/2010-06
We welcome your opinion and your suggestions about this issue.
Regards,
sw...@safelayer.com
[1] http://sandbox.safelayer.com/en/prototypes/1/449
[2] http://www.eclipse.org/higgins/
[4] http://wiki.informationcard.net/index.php/Claim_Catalog?#Verification_Methods
[4] http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31999L0093:EN:HTML
Reply all
Reply to author
Forward
0 new messages