A Trust Framework is a specification that describes a set of identity proofing, security, and privacy policies. The framework is authored by subject matter experts, and is written with the intent that compliance can be assessed. The framework also lists the qualifications that an assessor must have in order to judge compliance. A Framework Listing […]
The Sole Source
This article is part of the PDEC Field Guide to Internet Trust Models. A Sole Source is an organization that acts as identity provider (IdP) and relying party (RP) for itself. This organization issues all identities that it recognizes, and only trusts identities that it has issued. An organization like this does not federate identities at all. […]
Internet Trust, Identity, and Making Sausage
One of the projects that Kaliya and I are working on is an update to our paper, “A Field Guide to Internet Trust Models“. The original was well received (we even won an award), and readers offered good feedback. In keeping with that spirit of community, we decided to publish the updates here as we […]
Solove and Hartzog: “The FTC and the New Common Law of Privacy”
Over on Bruce Schneier’s blog, he highlights an interesting new paper by Daniel Solove and Woodrow Hartzog. How did the FTC end up as the privacy watchdog, what are they watching, and how do we build it into a more robust framework? Abstract: One of the great ironies about information privacy law is that the […]