Trust Frameworks - what is needed is trust.


Image001

If a trust framework for an digital identity systems is a “certification” program that enables a party who accepts a digital identity credential (relying party) to trust the identity, security, and privacy policies of the party who issues the credential (identity provider) and vice versa.

Then the purpose of the Trust Framework is to define a simple set of principles and rules to which all members of a digital trust network agree so that they may then share identity and personal data with a high degree of confidence that it will be safe and only used as authorized.

Using the Five Principles of the Respect Trust Framework from http://connect.me/c/trust member should be able to agree to uphold these 5 principles when they use services:

Promise

Members promise to respect the right of every other member to control their identity and personal data.

Permission

Members agree that all sharing of identity and personal data and sending of communications will be by permission, and to be honest and direct about the purpose(s) for which permission is sought.

Protection

Members agree to provide reasonable protection for the privacy and security of identity and personal data shared with that member.

Portability

Members agree to ensure the portability of the identity and personal data shared with that member by another member.

Proof

Members agree to participate in a peer-to-peer socially-verified reputation system that protects all members, and to not engage in any practices intended to game or subvert this reputation system.

But assumes

Only you decide who your personal data is shared with for what purpose

Your data will not being used without your permission

You can always take your data with you and never be “locked in”…..

And therefore Trust needs trust and these need time not certificates….