I forgot to address the second part - general acceptability of LoA framework.
There are environments where they operate sometime by consensus rather than bilateral agreements e.g. healthcare. While Healthcare does has some bilateral agreements, there are so many potential relationships it is impractical to set up all you may need. The last thing you would want is for access to an out of town ER patients record to be blocked because if the lack of a bilateral agreement. Within any organization, there are ad-hoc communications which happen where you have not yet established a relationship. If you don't accept some form of LoA with basic policy, then those communications would be forced to be implicitly level 1. Equally if you organization is to against accepting a LoA, you could just use level 1 - which practically is the same thing. I was not thinking we would map LoA scales. The challenge for Plasma is get consensus for a specific LoA scale that we could all adopt for basic policy. It will likely be like UN treaty negotiation where nobody is relay happy with the outcome but it's something that you can live with. Trevor -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Fitch, Scott C Sent: Tuesday, October 25, 2011 11:56 AM To: [email protected] Subject: [plasma] Levels of assurance Is it necessary to require levels of assurance in the Basic Policy requirements? I definitely think it's appropriate for Advanced Policies. But I wonder whether including levels of assurance in Basic Policies will impede adoption. Also, the fact that there are multiple LOA frameworks out there makes it difficult to meet the requirement to NOT require a priori bilateral agreements between the sender and recipient for Basic Policies. If the sender and recipient use different LOA scales, then some type of prior agreement must be in place to map the two scales. I don't think plasma wants to get into the business of creating a standard LOA mapping for interoperability. -Scott _______________________________________________ plasma mailing list [email protected] https://www.ietf.org/mailman/listinfo/plasma _______________________________________________ plasma mailing list [email protected] https://www.ietf.org/mailman/listinfo/plasma
