SCC IDE TRUST & Functional Model for IDE Standards Identification

1. SCCIDE TRUST & Functional ModelforIDE Standards Identification G. Whitehead January/February 2013

2. IDE Functional & Trust Model - Work Summary • IDE Levels & Chain of Trust Identified • Evidence of Trustworthiness Model Developed • End User Trust Policy/Criteria Sources Identified • Types of Assurances (to show Trustworthiness) Identified • IDE Processes & Systems Identified & Studied • Need for “Assurance Standards” Analyzed • Awareness of Standards Availability Developed • Standards Adoption/Adaptation Criteria Studied • Template for Standards Evaluation/Disposition Created

3. Standards at the Systems & Processes Level of Trust

4. IDE Trust Model

5. Trust Policies & Criteria Come From End Users: • Online: • Banking • Dating • Socializing • Gambling • Lotteries • Shopping • Auctions • Discovery • Help • And………………………..

6. Potential User Group

7. Evidence of Trust Required by RP’s or End Users

8. Trustworthiness will Come From Delivery of: • Privacy Assurance • Entity Identity Assurance • Entity Suitability Assurance (if provided) • Entity Authentication Assurance • Security Assurance of Assurance Providers • IDE System & Processes – Security Assurance • IDE – Integrity Assurance (no breaches of trust) • IDE Transparency Assurance • Recourse Assurance (ability to litigate assurance failures) • Quality Assurance

9. Entity Trust Levels

12. Standards at the Systems & Processes Level of Trust

13. Root of Trust Standard Requirements & Availability

15. Template for Standards Evaluation & Disposition