Vectors of Trust
RFC 8485
Document | Type |
RFC - Proposed Standard
(October 2018; No errata)
Was draft-richer-vectors-of-trust (individual in sec area)
|
|
---|---|---|---|
Authors | Justin Richer , Leif Johansson | ||
Last updated | 2018-10-12 | ||
Stream | IETF | ||
Formats | plain text html pdf htmlized bibtex | ||
Reviews | |||
Stream | WG state | (None) | |
Document shepherd | Sean Turner | ||
Shepherd write-up | Show (last changed 2018-03-18) | ||
IESG | IESG state | RFC 8485 (Proposed Standard) | |
Consensus Boilerplate | Yes | ||
Telechat date | |||
Responsible AD | Benjamin Kaduk | ||
Send notices to | (None) | ||
IANA | IANA review state | Version Changed - Review Needed | |
IANA action state | RFC-Ed-Ack |
Internet Engineering Task Force (IETF) J. Richer, Ed. Request for Comments: 8485 Bespoke Engineering Category: Standards Track L. Johansson ISSN: 2070-1721 Swedish University Network October 2018 Vectors of Trust Abstract This document defines a mechanism for describing and signaling several aspects of a digital identity transaction and its participants. These aspects are used to determine the amount of trust to be placed in that transaction. Status of This Memo This is an Internet Standards Track document. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 7841. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at https://www.rfc-editor.org/info/rfc8485. Copyright Notice Copyright (c) 2018 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Richer & Johansson Standards Track [Page 1] RFC 8485 Vectors of Trust October 2018 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 4 1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 4 1.3. Identity Model . . . . . . . . . . . . . . . . . . . . . 5 1.4. Component Architecture . . . . . . . . . . . . . . . . . 6 2. Component Dimension Definitions . . . . . . . . . . . . . . . 6 2.1. Identity Proofing (P) . . . . . . . . . . . . . . . . . . 7 2.2. Primary Credential Usage (C) . . . . . . . . . . . . . . 8 2.3. Primary Credential Management (M) . . . . . . . . . . . . 8 2.4. Assertion Presentation (A) . . . . . . . . . . . . . . . 8 3. Communicating Vector Values to RPs . . . . . . . . . . . . . 9 3.1. On-the-Wire Representation . . . . . . . . . . . . . . . 10 3.2. In OpenID Connect . . . . . . . . . . . . . . . . . . . . 11 4. Requesting Vector Values . . . . . . . . . . . . . . . . . . 11 4.1. In OpenID Connect . . . . . . . . . . . . . . . . . . . . 12 5. Trustmarks . . . . . . . . . . . . . . . . . . . . . . . . . 12 6. Defining New Vector Values . . . . . . . . . . . . . . . . . 13 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 14 7.1. Vector of Trust Components Registry . . . . . . . . . . . 14 7.1.1. Registration Template . . . . . . . . . . . . . . . . 14 7.1.2. Initial Registry Contents . . . . . . . . . . . . . . 15 7.2. Addition to the OAuth Parameters Registry . . . . . . . . 15 7.3. Additions to JWT Claims Registry . . . . . . . . . . . . 16 7.4. Additions to OAuth Token Introspection Response . . . . . 16 8. Security Considerations . . . . . . . . . . . . . . . . . . . 16 9. Privacy Considerations . . . . . . . . . . . . . . . . . . . 17 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 17 10.1. Normative References . . . . . . . . . . . . . . . . . . 17 10.2. Informative References . . . . . . . . . . . . . . . . . 18 Appendix A. Vectors of Trust Default Component Value Definitions 19 A.1. Identity Proofing . . . . . . . . . . . . . . . . . . . . 19 A.2. Primary Credential Usage . . . . . . . . . . . . . . . . 20 A.3. Primary Credential Management . . . . . . . . . . . . . . 20 A.4. Assertion Presentation . . . . . . . . . . . . . . . . . 21 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 21 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 21 Richer & Johansson Standards Track [Page 2] RFC 8485 Vectors of Trust October 2018 1. Introduction Methods for measuring trust in digital identity transactions haveShow full document text