...
What was not explained under use cases was how the iSHARE and the Scheme Owner-role provide a trust framework. The Scheme Owner-role is fulfilled by the legal entity that governs the iSHARE Scheme and its participant network. It is this Scheme Owner that decides whether a party is admitted to the iSHARE network. To be admitted, this party must sign an To be admitted, a must first be admitted to the Scheme by a Scheme Administror and must then sign an accession agreement with the Scheme Owner. The fact that every legal entity fulfilling a role in the iSHARE Scheme agrees to the scheme rules - as proven by its agreement with the Scheme Owner - creates trust between parties in the iSHARE network. This is why the following depiction of the iSHARE framework, showing the mandatory relation between the Scheme Owner and every other role, can be called the trust framework:
...
Zooming in on the latter, four types of information are recognised that are needed to facilitate identification, authentication and authorization:
- Entitlement info: information indicating what Entitled Parties are entitled to what (parts of) services;
- Delegation info: information indicating which (parts of) an Entitled Party's rights (as registered at the Service Provider or the Authorization Registry) are delegated to a Service Consumer;
- Authorization info: information indicating which Human Service Consumers are authorized to act on a Service Conumer's behalf;
- Identity info: information about a Human Service Consumer's identity (only applicable in H2M use cases).
...