I would suggest this live in the FIWG. I also agree with Rainer's second bullet, but also suggest that an RFC-3647 like credential policy is needed as a part of the larger Framework. I am, in fact, in the process of developing same for SAFE-BioPharma as we add non-PKI credentials to our identity management scheme. As we move forward we will be offering both PKI and non-PKI credentials to our Subscribers in the biopharmaceutical and healthcare industries. Rich Furr Head Global Regulatory Affairs and Compliance New Office: 980-236-7576 Cell: 201-220-0160 From: wg-fi-bounces@kantarainitiative.org [mailto:wg-fi-bounces@kantarainitiative.org] On Behalf Of Rainer Hörbe Sent: Monday, March 14, 2011 8:09 AM To: FI WG; dg-bctf@kantarainitiative.org; Kantara Leadership Council Kantara Cc: Curry Patrick Subject: [WG-FI] PKI vs Non-PKI based trust models John, Patrick and I had a discussion about the pros and cons of federation models based on credentials versus assertions. The attached document is a preliminary result with conclusions like * PKI and non-PKI federation models need to be combined in most cases at higher LoA * To implement a federation an RFC 3647-style policy is insufficient; A more complete Trust Framework is needed * Whereas the Higher Education sector favors brokered trust, e-Government and Industry prefer the PKI approach. But it is not a question of one way or the other. Request for feedback: I wonder where this discussion should be homed. FIWG, BCTF and TFMM are related, and it is also an extrakantarian issue. Any interest to take over this discussion? - Rainer