I would suggest this live in the FIWG. I also agree with Rainer’s second bullet, but also suggest that an RFC-3647 like credential policy is needed as a part of the larger Framework. I am, in fact, in the process of developing same for SAFE-BioPharma as we add non-PKI credentials to our identity management scheme. As we move forward we will be offering both PKI and non-PKI credentials to our Subscribers in the biopharmaceutical and healthcare industries.

Rich Furr

Head Global Regulatory Affairs and Compliance

New Office: 980-236-7576

Cell: 201-220-0160

From: wg-fi-bounces@kantarainitiative.org [mailto:wg-fi-bounces@kantarainitiative.org] On Behalf Of Rainer Hörbe
Sent: Monday, March 14, 2011 8:09 AM
To: FI WG; dg-bctf@kantarainitiative.org; Kantara Leadership Council Kantara
Cc: Curry Patrick
Subject: [WG-FI] PKI vs Non-PKI based trust models

John, Patrick and I had a discussion about the pros and cons of federation models based on credentials versus assertions. The attached document is a preliminary result with conclusions like

PKI and non-PKI federation models need to be combined in most cases at higher LoA
To implement a federation an RFC 3647-style policy is insufficient; A more complete Trust Framework is needed
Whereas the Higher Education sector favors brokered trust, e-Government and Industry prefer the PKI approach. But it is not a question of one way or the other.

Request for feedback:

I wonder where this discussion should be homed. FIWG, BCTF and TFMM are related, and it is also an extrakantarian issue. Any interest to take over this discussion?

- Rainer