|
|
|
|
|
| Before service providers can gain access to user data collected within a particular realm, they must become participating members of that realm. This participation is the result of three primary steps: getting a public key from a major Public Key Infrastructure (PKI) provider, negotiating with the realm for active certification, and then installing Talisman technology itself. |
|
|
|
| Talisman makes extensive use of digital certifications to support its decentralized security model. Digital certificates in turn depend upon public-key encryption technology, as provided by PKI vendors such as Verisign and Equifax. Participating in Talisman requires that service providers acquire a public key from one of the many major PKI vendors. |
|
|
|
|
Negotiate for Active Certification
|
|
|
|
| Before a service provider can access a realm’s personal data, the provider must first obtain active certification from that realm’s provider. In general, certification is the mark a realm places upon a service provider to designate that provider as qualified to access that realm’s data. However, in Talisman, certification is active, meaning it is much more than just a visual seal of approval. A service provider’s active certification is codified into the data retrieval process, such that revocation of that certification imposes immediate, technical barriers to that service provider’s ability to use the realm’s data. In this way, realms have the “teeth” necessary to enforce privacy protection policies and require acceptable conduct by the service providers. |
|
| Once the public key is obtained (encapsulated into a digital certificate signed by the globally-recognized PKI vendor), the service provider must contact the realm and request certification. The exact requirements of the realm provider will vary widely between the various realms: a “favorite pizza toppings” realm might have very few constraints and little in the way of due diligence, while a medical patient data realm would perform extensive background checks to ensure trustworthiness. Some realms might require nothing more than an email address, while others might require contractual obligations and annual payments. Regardless, the output of this process is a digital certificate (called the certification seal), signed by the realm’s public key. This certificate authorizes the service provider to access some portion of the realm’s data. For more on how digital certificates are used by Talisman, see Appendix A: Certificate Based Security Model. |
|
|
|
|
Install Talisman Technology
|
|
|
|
| The final step to taking part in the realm’s network of participating service providers is actually integrating the technology into the service provider’s infrastructure. Talisman will be based upon openly published and certified standards. As such, the service provider would implement software selected from among a number of competing vendors of Talisman technology, evaluating such characteristics as cost, support, ease of integration, performance, and security. |
|
|
|
|