Notice: This Wiki is now read only and edits are no longer possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.
Relying Party Security Policy
Revision as of 11:32, 5 October 2006 by Unnamed Poltroon (Talk)
Relying Party Security Policy
This is a page dedicated to a language to specify a token-request made by a relying party,i.e., to specify what information the user needs to supply to get access to some resource.
Language format: to be determined could be homegrown, use RDF so that it maps into data model. Similar language to request tokens from issuer. Also relates to WS-policy-constrains [1]
Elements that need to be expressed:
- type of i-card
- attribute
- issuer
- recipient
- in encrypted form (under what key)
- in committed form
- arbitrary statement over attributes (e.g., age < 18)
- logical formulas over terms (AND, OR)
- backing of statement (self-signed, passport checked, .....)
- data handling policy (privacy policy stating things like purpose, retention time etc)