Framework for Emergency Response Official (ERO) Authentication and Authorization Infrastructure

摘要

The purpose of an identity system is to enable individuals to be distinguished from each other in a trustworthy manner. The process of distinguishing one person within a group of people is referred to as identification. The process of repetitively affirming the identity of a specific person is termed authentication. A capability to reliably authenticate individuals at different times and in different places allows information to be attributed to each individual in a correspondingly trustworthy manner. This attribution of additional information (in addition to those required for asserting the identity) forms the basis for authorization of that individual to perform certain tasks. The collection of information used for authentication and subsequently for authorization is called credentials. Jurisdictions, through the issuance of credentials, thus can grant and convey recognition of various levels of capability or authority to be exercised by the individual. If there exists an infrastructure for secure exchange of credentials and creation of trust in these credentials, it provides the capability to establish mutual trust and by extension a circle of trust. In this document we describe a framework for establishing such an infrastructure for authentication and authorization of Emergency Response officials (ERO) who respond to various types of man-made and natural disasters. We refer to this infrastructure using the acronym ERO-AA that stands for Emergency Response Official Authentication and Authorization.