Open ID Connect Flows and Levels of Assurance (W3H)

Session Topic: Open ID Connect Flows and Levels of Assurance (W3H)

Convener: John Biccum

Notes-taker(s): Dave Sanford

Tags for the session - technology discussed/ideas considered: 

Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:

Rick started indicating that as the world is digital, we replicated too much of the physical model - it doesn't fit. The model he articulated includes:

1) External Entities - which includes:

Relying parties

Identity Providers

Medical

Business

Work/Employer

Collaboration

Entertainment/Games

... Government

2) Rules of Engagement interface layer which involves:

- user managed access

- provider managed access

- industry self-regulation

3) About me is the avatar with includes:

- identity and authorization

- reputation

- personas

- personal data ecosystem, creates collaborative info,

some of this is observable data (mostly not controlled by me)

- personal (dear diary)

- transactional

The data stewardship of this avatar managed data should be shared responsibility with me. The avatar is a platform that uses the services of the external entities, they should in general not retain information unecessary for registration of the transaction.

The model relies largely on industry self-regulation (exchange rules might be from the National Information Exchange Model (NIEM).