Well, so far no feedback at all, I will start with : *Identification* *'*The process by which an *identities'* information is *gathered* and *verified* for accuracy' The /Identification Section/ contains general concepts used to describe the nature of digital assets that are, or are used to establish (and remove) links to objects in the real world which do have either directly or indirectly a relationship to a human being. [Further descriptions, eg mention 'Joiner' and 'Leaver' concepts.] The four sublevels * Identities o digital|social|online|philosophical identities, entities: Describe identities and its many facets, PII,... * Gathering/ Providing o how these informations are collected and aggregated o claims, attributes, relations, self-provided, stolen,.... o ethics * Verification o verified and non-verified data and its use o Trust Levels * Process? Privacy? I am not sure about the fourth sublevel, maybe someone has a better idea? Thorsten On 12.12.2016 21:52, Thorsten H. Niebuhr [WedaCon GmbH] wrote:

Hi (BoKkers) Group,

during todays meeting (minutes here https://kantarainitiative.org/confluence/pages/viewpage.action?pageId=854925...) we decided to discuss the Toplevels and each of their 4 sublevels in more detail. To speed up the process and by triggering the group, I will create 4 Mailthreads for each toplevel to be used for discussion.

Each of these Mailthread should, *best by next monday*

* have *found a 'leader'* who will take responsibility for the discussion * have found *4 sublevels* (so 4 areas that can be used to further sort processes, terms, knowledge,etc)*within the given toplevel* * have seen a *great level of discussion*

For sure the most important part here is to find someone who will lead and drive the discussion, or is even willing to take over one of the areas on his/her own. So if you can spent 1-2 hrs of your available time, it would be much appreciated!

The _first mailthread is the one you are reading here right now_, the others will be 'Management', 'Authentication', 'Authorization'.

Thnks for your contribution

Thorsten Niebuhr

...

Hi all,

During todays meeting (minutes here https://kantarainitiative.org/confluence/pages/viewpage.action?pageId=854925...) we discussed further refinements for the Dart- Board-Model, especially on the 'upper layer' which deals with Identity Management topics only, while relying on the lower three layers for operation,implementation,planning.

Our next goal is to 'slice the cake', to find sublevels to the four TopLevels we decided to start with so far. The sublevels mentioned below (in green) are just examples.

The best case scenario for this would be to find four generic terms within each of the TopLevels.

* Identification Processes around validating identities (digital or physical) and as the 'entry'/'leave' point on a given domain.This does NOT deal with Authentication! o Proof/Verification o Register o De-Register o Data Portability (Transfer) * Management Processes around the management of Identity Data o Enrollment o Dis-Enrollment o Privacy o Federation * Authorization Processes related to Authorization o ... o ... o ... o ... * Authentication Processes related to Authentication o

o ... o ... o ...

Finally, to check the validity of the model, we will investigate typical IAM-Topics if we are able to find appropriate paths to describe the given topic in the model.

here is a quick example on how I think this model could be applied (example used: 'Identity Provider')

* Function of an 'Identity Provider' o Needs to offer functions from 'Identification' to + *validate* a given Identity against real or other digital data + Following *Process* ABC + using *technology* XYZ + ...further definitions on the *lower* layers (Operations, implementations,planning) + (do we need to add a*layer for legal* aspects?) o Management + ... o Authorization + ... o Authentication + ...

So the Task (especially for those who gave their commitment to the BoK/Taxonomy) is to

* Find propper sublevels as described above * exercise typical usecases from the IDM World against the model

Thanks in advance,

for the BoK-Subgroup

Thorsten

--

http://www.wedacon.net

Thorsten H. Niebuhr tniebuhr@wedacon.net / tniebuhr@wedacon.de mailto:tniebuhr@wedacon.net

WedaCon Informationstechnologien GmbH Office: +49 (251) 399 678-22 Fax: +49 (251) 399 678-50 Mobile: +49 (174) 991 257 4 Kroegerweg 29 D-48155 Muenster http://www.wedacon.net

Amtsgericht Muenster HRB 6115 USt.-ID: DE216758544 StNr.: 336/5775/1487 Geschaeftsfuehrender Gesellschafter: Thorsten H. Niebuhr

_______________________________________________ DG-IDPro mailing list DG-IDPro@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/dg-idpro

_______________________________________________ DG-IDPro mailing list DG-IDPro@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/dg-idpro

Hi everyone - a quick note from today's call Next call: January 9 2017 We discussed the taxonomy sub-levels of 'identification' and came up with: *Identification (Initial)* - Identities - digital|social|online|philosophical identities, entities: Describe identities and its many facets, PII,... - Gathering/ Providing - how these informations are collected and aggregated - claims, attributes, relations, self-provided, stolen,.... - ethics - Verification - verified and non-verified data and its use - Trust Levels - Uniqueness in a population - Information Recording (other wording: DataStorage, RecordCreation, .....) - Security - Protection - Privacy - Retention - Lifetime Still to be bashed around, of course, but we settled on thinking about this segment as practices related to 'Initial Identification'. Stu Lincoln will take on the 'Management' segment over the next couple weeks Andrew Hughes will take on 'Authentication' and 'Authorization' - but would be very happy to *hand off one or both to YOU who are reading this right now* :) We discussed the point of doing a 'dart board' or 'layer' approach - essentially that this layer could/should be added or recognized in any ICT / IT / IM / ITSM management framework or architectural framework that exists for you and your clients. We probably all feel that 'identity' is not addressed fully & this is a way to add the relevant topics at the right time for your circumstances. So - onwards! andrew. *Andrew Hughes *CISM CISSP Independent Consultant *In Turn Information Management Consulting* o +1 650.209.7542 m +1 250.888.9474 1249 Palmer Road, Victoria, BC V8P 2H8 AndrewHughes3000@gmail.com ca.linkedin.com/pub/andrew-hughes/a/58/682/ *Identity Management | IT Governance | Information Security * On Sat, Dec 17, 2016 at 8:23 AM, Ken Dagg wrote:

Thorsten,

Very interesting. I've been lurking on the group but unable to participate.

For the Identities sub level: would a better label be Information as the whole topic is about identities? Could sub topics be attributes (in the data modelling world I would have said entities) and sources?

For the fourth sub level would the label Protection work? Sub topics could be privacy and security. Does the concept of context, the situation in which the information is, or will be, used fit in this area? Or should it be somewhere else or a level unto itself?

Ken

On Sat, Dec 17, 2016 at 10:08 AM Thorsten H. Niebuhr [WedaCon GmbH] < tniebuhr@wedacon.net> wrote:

...

Well, so far no feedback at all, I will start with :

*Identification*

*'*The process by which an *identities'* information is

*gathered* and *verified* for accuracy'

The *Identification Section* contains general concepts used

to describe the nature of digital assets that are, or are used to

establish (and remove) links to objects in the real world which do

have either directly or indirectly a relationship to a human

being.

[Further descriptions, eg mention 'Joiner' and 'Leaver'

concepts.]

The four sublevels

- Identities

- digital|social|online|philosophical identities, entities:

Describe identities and its many facets, PII,...

- Gathering/ Providing

- how these informations are collected and aggregated

- claims, attributes, relations, self-provided, stolen,....

- ethics

- Verification

- verified and non-verified data and its use

- Trust Levels

- Process? Privacy?

I am not sure about the fourth sublevel, maybe someone has a

better idea?

Thorsten

On 12.12.2016 21:52, Thorsten H.

Niebuhr [WedaCon GmbH] wrote:

Hi (BoKkers) Group,

during todays meeting (minutes here https://kantarainitiative.org/confluence/pages/viewpage.action?pageId=854925... )

we decided to discuss the Toplevels and each of their 4

sublevels in more detail. To speed up the process and by

triggering the group, I will create 4 Mailthreads for each

toplevel to be used for discussion.

Each of these Mailthread should, *best by next monday*

- have *found a 'leader'* who will take responsibility

for the discussion

- have found *4 sublevels* (so 4 areas that can be used

to further sort processes, terms, knowledge,etc)

* within the given toplevel*

- have seen a *great level of discussion*

For sure the most important part here is to find someone who

will lead and drive the discussion, or is even willing to take

over one of the areas on his/her own. So if you can spent 1-2

hrs of your available time, it would be much appreciated!

The

*first mailthread is the one you are reading here right now*, the others will be 'Management', 'Authentication',

'Authorization'.

Thnks for your contribution

Thorsten Niebuhr

Hi all,

During todays meeting (minutes here https://kantarainitiative.org/confluence/pages/viewpage.action?pageId=854925... )

we discussed further refinements for the Dart- Board-Model,

especially on the 'upper layer' which deals with Identity

Management topics only, while relying on the lower three

layers for operation,implementation,planning.

Our next goal is to 'slice the cake', to find sublevels to the four TopLevels we decided to start with so

far. The sublevels mentioned below (in green) are just

examples.

The best case scenario for this would be to find four generic

terms within each of the TopLevels.

- Identification

Processes around validating identities (digital or physical)

and as the 'entry'/'leave' point on a given domain.This does

NOT deal with Authentication!

- Proof/Verification

- Register

- De-Register

- Data Portability (Transfer)

- Management

Processes around the management of Identity Data

- Enrollment

- Dis-Enrollment

- Privacy

- Federation

- Authorization

Processes related to Authorization

- ...

- ...

- ...

- ...

- Authentication

Processes related to Authentication

-

- ...

- ...

- ...

Finally, to check the validity of the model, we will

investigate typical IAM-Topics if we are able to find

appropriate paths to describe the given topic in the model.

here is a quick example on how I think this model could be

applied (example used: 'Identity Provider')

- Function of an 'Identity Provider'

- Needs to offer functions from 'Identification' to

- *validate* a given Identity against real or other

digital data

- Following *Process* ABC

- using *technology* XYZ

- ...further definitions on the *lower* layers

(Operations, implementations,planning)

- (do we need to add a* layer for legal* aspects?)

- Management

- ...

- Authorization

- ...

- Authentication

- ...

So the Task (especially for those who gave their commitment

to the BoK/Taxonomy) is to

- Find propper sublevels as described above

- exercise typical usecases from the IDM World against the

model

Thanks in advance,

for the BoK-Subgroup

Thorsten

--

http://www.wedacon.net

Thorsten H. Niebuhr

tniebuhr@wedacon.net /

tniebuhr@wedacon.de

WedaCon

Informationstechnologien GmbH

Office: +49 (251) 399 678-22 <+49%20251%2039967822>

Fax:

+49 (251) 399 678-50 <+49%20251%2039967850>

Mobile:

+49 (174) 991 257 4 <+49%20174%209912574>

Kroegerweg 29 D-48155 Muenster

http://www.wedacon.net

Amtsgericht Muenster HRB 6115

USt.-ID: DE216758544

StNr.: 336/5775/1487

Geschaeftsfuehrender

Gesellschafter: Thorsten H. Niebuhr

_______________________________________________

DG-IDPro mailing list

DG-IDPro@kantarainitiative.org

http://kantarainitiative.org/mailman/listinfo/dg-idpro

_______________________________________________

DG-IDPro mailing list

DG-IDPro@kantarainitiative.org

http://kantarainitiative.org/mailman/listinfo/dg-idpro

_______________________________________________

DG-IDPro mailing list

DG-IDPro@kantarainitiative.org

http://kantarainitiative.org/mailman/listinfo/dg-idpro

--

Kenneth Dagg Independent Consultant Identification and Authentication 613-825-2091 <(613)%20825-2091> kendaggtbs@gmail.com

_______________________________________________ DG-IDPro mailing list DG-IDPro@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/dg-idpro

Apologies I am delayed in my travels today so I am not going to be able to connect. Thanks Stu On Thu, Jan 5, 2017 at 10:09 AM Thorsten H. Niebuhr [WedaCon GmbH] < tniebuhr@wedacon.net> wrote:

Hi All,

I am sorry: I have lost the participants list from the last call in december, the minutes are here https://kantarainitiative.org/confluence/x/VIMYBQ.

To ease collaboration (some have slack, some dont, some can access kantara confluence, some dont), I have created a page on board.net (no login, the link is the 'secret' and the cookie your identity)

If you edit the page, please make sure to add your name to the pad (which will assign you a color that is used to highlight your contributions)

https://board.net/p/IDPro-Bokkers

*So we cant make it more easy to collaborate and participate, lets go!*

@all from the IDPro List: the BoKkers subgroup is desperatly looking for contributors, so feel free to join us

Thanks,

Thorsten

On 19.12.2016 18:55, Andrew Hughes wrote:

Hi everyone - a quick note from today's call

Next call: January 9 2017

We discussed the taxonomy sub-levels of 'identification' and came up with:

*Identification (Initial)*

- Identities - digital|social|online|philosophical identities, entities: Describe identities and its many facets, PII,... - Gathering/ Providing - how these informations are collected and aggregated - claims, attributes, relations, self-provided, stolen,.... - ethics - Verification - verified and non-verified data and its use - Trust Levels - Uniqueness in a population - Information Recording (other wording: DataStorage, RecordCreation, .....) - Security - Protection - Privacy - Retention - Lifetime

Still to be bashed around, of course, but we settled on thinking about this segment as practices related to 'Initial Identification'.

Stu Lincoln will take on the 'Management' segment over the next couple weeks Andrew Hughes will take on 'Authentication' and 'Authorization' - but would be very happy to *hand off one or both to YOU who are reading this right now* :)

We discussed the point of doing a 'dart board' or 'layer' approach - essentially that this layer could/should be added or recognized in any ICT / IT / IM / ITSM management framework or architectural framework that exists for you and your clients. We probably all feel that 'identity' is not addressed fully & this is a way to add the relevant topics at the right time for your circumstances.

So - onwards!

andrew.

*Andrew Hughes *CISM CISSP Independent Consultant *In Turn Information Management Consulting*

o +1 650.209.7542 <(650)%20209-7542> m +1 250.888.9474 <(250)%20888-9474> 1249 Palmer Road, Victoria, BC V8P 2H8 AndrewHughes3000@gmail.com ca.linkedin.com/pub/andrew-hughes/a/58/682/ *Identity Management | IT Governance | Information Security *

On Sat, Dec 17, 2016 at 8:23 AM, Ken Dagg wrote:

Thorsten,

Very interesting. I've been lurking on the group but unable to participate.

For the Identities sub level: would a better label be Information as the whole topic is about identities? Could sub topics be attributes (in the data modelling world I would have said entities) and sources?

For the fourth sub level would the label Protection work? Sub topics could be privacy and security. Does the concept of context, the situation in which the information is, or will be, used fit in this area? Or should it be somewhere else or a level unto itself?

Ken

On Sat, Dec 17, 2016 at 10:08 AM Thorsten H. Niebuhr [WedaCon GmbH] < tniebuhr@wedacon.net> wrote:

Well, so far no feedback at all, I will start with :

*Identification*

*'*The process by which an *identities'* information is

*gathered* and *verified* for accuracy'

The *Identification Section* contains general concepts used

to describe the nature of digital assets that are, or are used to

establish (and remove) links to objects in the real world which do

have either directly or indirectly a relationship to a human

being.

[Further descriptions, eg mention 'Joiner' and 'Leaver'

concepts.]

The four sublevels

- Identities

- digital|social|online|philosophical identities, entities:

Describe identities and its many facets, PII,...

- Gathering/ Providing

- how these informations are collected and aggregated

- claims, attributes, relations, self-provided, stolen,....

- ethics

- Verification

- verified and non-verified data and its use

- Trust Levels

- Process? Privacy?

I am not sure about the fourth sublevel, maybe someone has a

better idea?

Thorsten

On 12.12.2016 21:52, Thorsten H.

Niebuhr [WedaCon GmbH] wrote:

Hi (BoKkers) Group,

during todays meeting (minutes here https://kantarainitiative.org/confluence/pages/viewpage.action?pageId=854925... )

we decided to discuss the Toplevels and each of their 4

sublevels in more detail. To speed up the process and by

triggering the group, I will create 4 Mailthreads for each

toplevel to be used for discussion.

Each of these Mailthread should, *best by next monday*

- have *found a 'leader'* who will take responsibility

for the discussion

- have found *4 sublevels* (so 4 areas that can be used

to further sort processes, terms, knowledge,etc)

* within the given toplevel*

- have seen a *great level of discussion*

For sure the most important part here is to find someone who

will lead and drive the discussion, or is even willing to take

over one of the areas on his/her own. So if you can spent 1-2

hrs of your available time, it would be much appreciated!

The

*first mailthread is the one you are reading here right now*, the others will be 'Management', 'Authentication',

'Authorization'.

Thnks for your contribution

Thorsten Niebuhr

Hi all,

During todays meeting (minutes here https://kantarainitiative.org/confluence/pages/viewpage.action?pageId=854925... )

we discussed further refinements for the Dart- Board-Model,

especially on the 'upper layer' which deals with Identity

Management topics only, while relying on the lower three

layers for operation,implementation,planning.

Our next goal is to 'slice the cake', to find sublevels to the four TopLevels we decided to start with so

far. The sublevels mentioned below (in green) are just

examples.

The best case scenario for this would be to find four generic

terms within each of the TopLevels.

- Identification

Processes around validating identities (digital or physical)

and as the 'entry'/'leave' point on a given domain.This does

NOT deal with Authentication!

- Proof/Verification

- Register

- De-Register

- Data Portability (Transfer)

- Management

Processes around the management of Identity Data

- Enrollment

- Dis-Enrollment

- Privacy

- Federation

- Authorization

Processes related to Authorization

- ...

- ...

- ...

- ...

- Authentication

Processes related to Authentication

-

- ...

- ...

- ...

Finally, to check the validity of the model, we will

investigate typical IAM-Topics if we are able to find

appropriate paths to describe the given topic in the model.

here is a quick example on how I think this model could be

applied (example used: 'Identity Provider')

- Function of an 'Identity Provider'

- Needs to offer functions from 'Identification' to

- *validate* a given Identity against real or other

digital data

- Following *Process* ABC

- using *technology* XYZ

- ...further definitions on the *lower* layers

(Operations, implementations,planning)

- (do we need to add a* layer for legal* aspects?)

- Management

- ...

- Authorization

- ...

- Authentication

- ...

So the Task (especially for those who gave their commitment

to the BoK/Taxonomy) is to

- Find propper sublevels as described above

- exercise typical usecases from the IDM World against the

model

Thanks in advance,

for the BoK-Subgroup

Thorsten

--

http://www.wedacon.net

Thorsten H. Niebuhr

tniebuhr@wedacon.net /

tniebuhr@wedacon.de

WedaCon

Informationstechnologien GmbH

Office: +49 (251) 399 678-22 <+49%20251%2039967822>

Fax:

+49 (251) 399 678-50 <+49%20251%2039967850>

Mobile:

+49 (174) 991 257 4 <+49%20174%209912574>

Kroegerweg 29 D-48155 Muenster

http://www.wedacon.net

Amtsgericht Muenster HRB 6115

USt.-ID: DE216758544

StNr.: 336/5775/1487

Geschaeftsfuehrender

Gesellschafter: Thorsten H. Niebuhr

_______________________________________________

DG-IDPro mailing list DG-IDPro@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/dg-idpro

_______________________________________________

DG-IDPro mailing list DG-IDPro@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/dg-idpro

_______________________________________________ DG-IDPro mailing list DG-IDPro@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/dg-idpro

-- Kenneth Dagg Independent Consultant Identification and Authentication 613-825-2091 <%28613%29%20825-2091> kendaggtbs@gmail.com _______________________________________________ DG-IDPro mailing list DG-IDPro@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/dg-idpro

_______________________________________________ DG-IDPro mailing list DG-IDPro@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/dg-idpro

I do apologize but I am going to be out again today in the air. I will follow up before the week is out with my action item from the last call last year. Thanks Stu On Mon, Jan 9, 2017 at 4:52 AM Thorsten H. Niebuhr [WedaCon GmbH] < tniebuhr@wedacon.net> wrote:

Hi All,

got a hint from Andrew Hughes. that the tool (board.net) does not fully work with Safari/IE. So my approach to limit the collaboration boundaries just produced a new one, sorry for that...

I think we should invest a few minutes in the today's call to finally agree on the collaboration-tool to be used (mail, kantara-wiki, slack or...).

Unfortunately, I can not attend today's call, but Andrew Hughes already declared his availability for stand-in (thank you, Andrew!)

Thx,

Thorsten

On 05.01.2017 16:08, Thorsten H. Niebuhr [WedaCon GmbH] wrote:

Hi All,

I am sorry: I have lost the participants list from the last call in december, the minutes are here https://kantarainitiative.org/confluence/x/VIMYBQ.

To ease collaboration (some have slack, some dont, some can access kantara confluence, some dont), I have created a page on board.net (no login, the link is the 'secret' and the cookie your identity)

If you edit the page, please make sure to add your name to the pad (which will assign you a color that is used to highlight your contributions)

https://board.net/p/IDPro-Bokkers

*So we cant make it more easy to collaborate and participate, lets go!*

@all from the IDPro List: the BoKkers subgroup is desperatly looking for contributors, so feel free to join us

Thanks,

Thorsten

On 19.12.2016 18:55, Andrew Hughes wrote:

Hi everyone - a quick note from today's call

Next call: January 9 2017

We discussed the taxonomy sub-levels of 'identification' and came up with:

*Identification (Initial)*

- Identities - digital|social|online|philosophical identities, entities: Describe identities and its many facets, PII,... - Gathering/ Providing - how these informations are collected and aggregated - claims, attributes, relations, self-provided, stolen,.... - ethics - Verification - verified and non-verified data and its use - Trust Levels - Uniqueness in a population - Information Recording (other wording: DataStorage, RecordCreation, .....) - Security - Protection - Privacy - Retention - Lifetime

Still to be bashed around, of course, but we settled on thinking about this segment as practices related to 'Initial Identification'.

Stu Lincoln will take on the 'Management' segment over the next couple weeks Andrew Hughes will take on 'Authentication' and 'Authorization' - but would be very happy to *hand off one or both to YOU who are reading this right now* :)

We discussed the point of doing a 'dart board' or 'layer' approach - essentially that this layer could/should be added or recognized in any ICT / IT / IM / ITSM management framework or architectural framework that exists for you and your clients. We probably all feel that 'identity' is not addressed fully & this is a way to add the relevant topics at the right time for your circumstances.

So - onwards!

andrew.

*Andrew Hughes *CISM CISSP Independent Consultant *In Turn Information Management Consulting*

o +1 650.209.7542 <(650)%20209-7542> m +1 250.888.9474 <(250)%20888-9474> 1249 Palmer Road, Victoria, BC V8P 2H8 AndrewHughes3000@gmail.com ca.linkedin.com/pub/andrew-hughes/a/58/682/ *Identity Management | IT Governance | Information Security *

On Sat, Dec 17, 2016 at 8:23 AM, Ken Dagg wrote:

Thorsten,

Very interesting. I've been lurking on the group but unable to participate.

For the Identities sub level: would a better label be Information as the whole topic is about identities? Could sub topics be attributes (in the data modelling world I would have said entities) and sources?

For the fourth sub level would the label Protection work? Sub topics could be privacy and security. Does the concept of context, the situation in which the information is, or will be, used fit in this area? Or should it be somewhere else or a level unto itself?

Ken

On Sat, Dec 17, 2016 at 10:08 AM Thorsten H. Niebuhr [WedaCon GmbH] < tniebuhr@wedacon.net> wrote:

Well, so far no feedback at all, I will start with :

*Identification*

*'*The process by which an *identities'* information is

*gathered* and *verified* for accuracy'

The *Identification Section* contains general concepts used

to describe the nature of digital assets that are, or are used to

establish (and remove) links to objects in the real world which do

have either directly or indirectly a relationship to a human

being.

[Further descriptions, eg mention 'Joiner' and 'Leaver'

concepts.]

The four sublevels

- Identities

- digital|social|online|philosophical identities, entities:

Describe identities and its many facets, PII,...

- Gathering/ Providing

- how these informations are collected and aggregated

- claims, attributes, relations, self-provided, stolen,....

- ethics

- Verification

- verified and non-verified data and its use

- Trust Levels

- Process? Privacy?

I am not sure about the fourth sublevel, maybe someone has a

better idea?

Thorsten

On 12.12.2016 21:52, Thorsten H.

Niebuhr [WedaCon GmbH] wrote:

Hi (BoKkers) Group,

during todays meeting (minutes here https://kantarainitiative.org/confluence/pages/viewpage.action?pageId=854925... )

we decided to discuss the Toplevels and each of their 4

sublevels in more detail. To speed up the process and by

triggering the group, I will create 4 Mailthreads for each

toplevel to be used for discussion.

Each of these Mailthread should, *best by next monday*

- have *found a 'leader'* who will take responsibility

for the discussion

- have found *4 sublevels* (so 4 areas that can be used

to further sort processes, terms, knowledge,etc)

* within the given toplevel*

- have seen a *great level of discussion*

For sure the most important part here is to find someone who

will lead and drive the discussion, or is even willing to take

over one of the areas on his/her own. So if you can spent 1-2

hrs of your available time, it would be much appreciated!

The

*first mailthread is the one you are reading here right now*, the others will be 'Management', 'Authentication',

'Authorization'.

Thnks for your contribution

Thorsten Niebuhr

Hi all,

During todays meeting (minutes here https://kantarainitiative.org/confluence/pages/viewpage.action?pageId=854925... )

we discussed further refinements for the Dart- Board-Model,

especially on the 'upper layer' which deals with Identity

Management topics only, while relying on the lower three

layers for operation,implementation,planning.

Our next goal is to 'slice the cake', to find sublevels to the four TopLevels we decided to start with so

far. The sublevels mentioned below (in green) are just

examples.

The best case scenario for this would be to find four generic

terms within each of the TopLevels.

- Identification

Processes around validating identities (digital or physical)

and as the 'entry'/'leave' point on a given domain.This does

NOT deal with Authentication!

- Proof/Verification

- Register

- De-Register

- Data Portability (Transfer)

- Management

Processes around the management of Identity Data

- Enrollment

- Dis-Enrollment

- Privacy

- Federation

- Authorization

Processes related to Authorization

- ...

- ...

- ...

- ...

- Authentication

Processes related to Authentication

-

- ...

- ...

- ...

Finally, to check the validity of the model, we will

investigate typical IAM-Topics if we are able to find

appropriate paths to describe the given topic in the model.

here is a quick example on how I think this model could be

applied (example used: 'Identity Provider')

- Function of an 'Identity Provider'

- Needs to offer functions from 'Identification' to

- *validate* a given Identity against real or other

digital data

- Following *Process* ABC

- using *technology* XYZ

- ...further definitions on the *lower* layers

(Operations, implementations,planning)

- (do we need to add a* layer for legal* aspects?)

- Management

- ...

- Authorization

- ...

- Authentication

- ...

So the Task (especially for those who gave their commitment

to the BoK/Taxonomy) is to

- Find propper sublevels as described above

- exercise typical usecases from the IDM World against the

model

Thanks in advance,

for the BoK-Subgroup

Thorsten

--

http://www.wedacon.net

Thorsten H. Niebuhr

tniebuhr@wedacon.net /

tniebuhr@wedacon.de

WedaCon

Informationstechnologien GmbH

Office: +49 (251) 399 678-22 <+49%20251%2039967822>

Fax:

+49 (251) 399 678-50 <+49%20251%2039967850>

Mobile:

+49 (174) 991 257 4 <+49%20174%209912574>

Kroegerweg 29 D-48155 Muenster

http://www.wedacon.net

Amtsgericht Muenster HRB 6115

USt.-ID: DE216758544

StNr.: 336/5775/1487

Geschaeftsfuehrender

Gesellschafter: Thorsten H. Niebuhr

_______________________________________________

DG-IDPro mailing list DG-IDPro@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/dg-idpro

_______________________________________________

DG-IDPro mailing list DG-IDPro@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/dg-idpro

_______________________________________________ DG-IDPro mailing list DG-IDPro@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/dg-idpro

-- Kenneth Dagg Independent Consultant Identification and Authentication 613-825-2091 <%28613%29%20825-2091> kendaggtbs@gmail.com _______________________________________________ DG-IDPro mailing list DG-IDPro@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/dg-idpro

_______________________________________________ DG-IDPro mailing listDG-IDPro@kantarainitiative.orghttp://kantarainitiative.org/mailman/listinfo/dg-idpro

_______________________________________________ DG-IDPro mailing list DG-IDPro@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/dg-idpro

Hi Kaliya, thanks for sharing this, just did a quick scan: I hope I find the time in the next couple of days to read it (lot of stuff!). Personally, I often try to find references and link to 'identity' with the good old greek philosophers and their early views on the nature on reality (Entities), see https://en.wikipedia.org/wiki/Ontology and https://en.wikipedia.org/wiki/Entity As I said: havent read your artcles yet, maybe you have references to those concepts as well. I will also put your articles on the confluence page (https://kantarainitiative.org/confluence/x/T4IYBQ) Again, thx for the contribution, much appreciated T. On 20.12.2016 03:14, Kaliya Identity Woman wrote:

it may help to think of identity as a whole as a process rather then a "thing"

I wrote a field guide around a bunch of these things - to understand different types of identifiers, names and attributes.

feel free to use it as a reference - preferably with some credit. https://identitywoman.net/the-field-guide-to-identity-identifiers-attributes...

On Sat, Dec 17, 2016 at 7:08 AM, Thorsten H. Niebuhr [WedaCon GmbH] mailto:tniebuhr@wedacon.net> wrote:

Well, so far no feedback at all, I will start with :

*Identification*

*'*The process by which an *identities'* information is *gathered* and *verified* for accuracy'

The /Identification Section/ contains general concepts used to describe the nature of digital assets that are, or are used to establish (and remove) links to objects in the real world which do have either directly or indirectly a relationship to a human being.

[Further descriptions, eg mention 'Joiner' and 'Leaver' concepts.]

The four sublevels

* Identities o digital|social|online|philosophical identities, entities: Describe identities and its many facets, PII,... * Gathering/ Providing o how these informations are collected and aggregated o claims, attributes, relations, self-provided, stolen,.... o ethics * Verification o verified and non-verified data and its use o Trust Levels * Process? Privacy?

I am not sure about the fourth sublevel, maybe someone has a better idea?

Thorsten

On 12.12.2016 21:52, Thorsten H. Niebuhr [WedaCon GmbH] wrote:

...

Hi (BoKkers) Group,

during todays meeting (minutes here https://kantarainitiative.org/confluence/pages/viewpage.action?pageId=854925...) we decided to discuss the Toplevels and each of their 4 sublevels in more detail. To speed up the process and by triggering the group, I will create 4 Mailthreads for each toplevel to be used for discussion.

Each of these Mailthread should, *best by next monday*

* have *found a 'leader'* who will take responsibility for the discussion * have found *4 sublevels* (so 4 areas that can be used to further sort processes, terms, knowledge,etc)*within the given toplevel* * have seen a *great level of discussion*

For sure the most important part here is to find someone who will lead and drive the discussion, or is even willing to take over one of the areas on his/her own. So if you can spent 1-2 hrs of your available time, it would be much appreciated!

The _first mailthread is the one you are reading here right now_, the others will be 'Management', 'Authentication', 'Authorization'.

Thnks for your contribution

Thorsten Niebuhr

...

Hi all,

During todays meeting (minutes here https://kantarainitiative.org/confluence/pages/viewpage.action?pageId=854925...) we discussed further refinements for the Dart- Board-Model, especially on the 'upper layer' which deals with Identity Management topics only, while relying on the lower three layers for operation,implementation,planning.

Our next goal is to 'slice the cake', to find sublevels to the four TopLevels we decided to start with so far. The sublevels mentioned below (in green) are just examples.

The best case scenario for this would be to find four generic terms within each of the TopLevels.

* Identification Processes around validating identities (digital or physical) and as the 'entry'/'leave' point on a given domain.This does NOT deal with Authentication! o Proof/Verification o Register o De-Register o Data Portability (Transfer) * Management Processes around the management of Identity Data o Enrollment o Dis-Enrollment o Privacy o Federation * Authorization Processes related to Authorization o ... o ... o ... o ... * Authentication Processes related to Authentication o

o ... o ... o ...

Finally, to check the validity of the model, we will investigate typical IAM-Topics if we are able to find appropriate paths to describe the given topic in the model.

here is a quick example on how I think this model could be applied (example used: 'Identity Provider')

* Function of an 'Identity Provider' o Needs to offer functions from 'Identification' to + *validate* a given Identity against real or other digital data + Following *Process* ABC + using *technology* XYZ + ...further definitions on the *lower* layers (Operations, implementations,planning) + (do we need to add a*layer for legal* aspects?) o Management + ... o Authorization + ... o Authentication + ...

So the Task (especially for those who gave their commitment to the BoK/Taxonomy) is to

* Find propper sublevels as described above * exercise typical usecases from the IDM World against the model

Thanks in advance,

for the BoK-Subgroup

Thorsten

--

http://www.wedacon.net

Thorsten H. Niebuhr tniebuhr@wedacon.net / tniebuhr@wedacon.de mailto:tniebuhr@wedacon.net

WedaCon Informationstechnologien GmbH Office: +49 (251) 399 678-22 tel:+49%20251%2039967822 Fax: +49 (251) 399 678-50 tel:+49%20251%2039967850 Mobile: +49 (174) 991 257 4 tel:+49%20174%209912574 Kroegerweg 29 D-48155 Muenster http://www.wedacon.net

Amtsgericht Muenster HRB 6115 USt.-ID: DE216758544 StNr.: 336/5775/1487 Geschaeftsfuehrender Gesellschafter: Thorsten H. Niebuhr

_______________________________________________ DG-IDPro mailing list DG-IDPro@kantarainitiative.org mailto:DG-IDPro@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/dg-idpro http://kantarainitiative.org/mailman/listinfo/dg-idpro

_______________________________________________ DG-IDPro mailing list DG-IDPro@kantarainitiative.org mailto:DG-IDPro@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/dg-idpro http://kantarainitiative.org/mailman/listinfo/dg-idpro

_______________________________________________ DG-IDPro mailing list DG-IDPro@kantarainitiative.org mailto:DG-IDPro@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/dg-idpro http://kantarainitiative.org/mailman/listinfo/dg-idpro