Re: [trust-el] Groups - TrustEL Architecture v03.pdf uploaded

Andrew, et. al.,

Seeing TE in the ABAC context makes a great deal of sense to me, and using 800-162 as a framework looks like a viable way forward. I'm sure there are other standards-based frameworks out there but this will do quite satisfactorily. The real work to be done, I think, is in developing the algorithms necessary to fill out the "Resource Engages Previously-Determined Trust Elevation Process" box by implementing the model in the Third Deliverable, e.g., mitigates a previously unaddressed threat vector or increasing the risk mitigation of a previous method (emphasis on the former). As I see it, in addition to writing algorithms we need to develop a strawman model of how to pre-load threat vector mitigations, some approach to a metric for assessing increased mitigation strength and maybe a BAE-type repository of the two.

Peter

------------------------------------------------------------

Peter Alterman, Ph.D.

Chief Operating Officer
SAFE-BioPharma Association

cell: 301-943-7452

On Mon, Feb 2, 2015 at 11:24 AM, Andrew Hughes <andrewhughes3000@gmail.com> wrote:

Submitter's message
In support of the 4th Deliverable, this deck. I show how Trust Elevation can be represented as an extension to ABAC, what the flows could be, and start the deeper exploration of the TE Method Determiner and TE Method Repository (aka LOA Repository).
This leads to questions related to what it means to choose a TE Method & what information is required to make the best choice.

We intend to discuss this deck over a few TC meetings starting February 5 2015.
Happy reading!

-- Andrew Hughes

Document Name: TrustEL Architecture v03.pdf

Description
Intermediate deck that shows how TE could be expressed as a form of ABAC
Download Latest Revision
Public Download Link

Submitter: Andrew Hughes
Group: OASIS Electronic Identity Credential Trust Elevation Methods (Trust Elevation) TC
Folder: Working Documents
Date submitted: 2015-02-02 08:24:25

trust-el message