(1) DG NAME (and any acronym or abbreviation of the name):
The DG name, acronym and abbreviation must not include trademarks not owned by the Organization, or content that is infringing, harmful, or inappropriate.
Identity Proofing and Verification Use Cases Discussion Group (IDPV Use Cases DG)
(2) DISCUSSION TOPIC/PURPOSE/MOTIVATION:
Please provide a clear statement of the topic, purpose and/or motivation for the formation of this DG.
The purpose of this DG is to gather use cases from organizations that perform or require identity assurance. The DG will create a Report containing the use cases, which will be processed into a format suitable for contribution into the ISO SC 27/WG 5 Study Period to collect and document Use Cases for an Identity Assurance Framework.
The contribution is expected to go via the Kantara Initiative Liaison and also, if appropriate, through the relevant Canadian National Standards Body committee (to be discussed in the DG).
The use cases are intended to be suitable for submission into the ISO SC 27/WG 5 Study Period as described below:
ISO SC 27/WG 5 “Identity management and privacy technologies” has opened a new Study Period to collect and document Use Cases for an Identity Assurance Framework with a scope of:
To compile a set of business use cases that require identity assurance, which can be analyzed to produce functional requirements for identity assurance. These functional requirements can inform the review of TS 29003 and the contents of a potential Identity assurance framework International Standard, and also inform the evolution of ISO/IEC 29115.
SC 27/WG 5 describes Identity Assurance as:
identity assurance is the term used to describe an assured process where:
An identity is established through verification of a set of identity attributes using acceptable evidence or validated systemically against an authoritative data source; then
This identity is bound to the entity.
The outcome of the process is one or more assured identifiers that can be used as the basis for authentication.
The process and the organization operating the process are assured in accordance with a defined policy that includes:
A governance body or authority;
A policy specification that is systemized in a process;
One or more organizations that operate the process;
The detection of policy violations, anomalies and indicators of compromise, and actions to address them;
One or more organizations that assure and enforce the process and the processing organizations.
NOTE: Identity assurance is related to, but not identical to, “Identity Verification” and “Identity Proofing”. Therefore, the DG will seek out use cases from organizations that perform identity verification or identity proofing, in anticipation of discovery of applicable use cases.
The DG wishes to engage organizations in a number of domains including:
ID Proofing and Verification services
Government registration agencies
Private sector registration agencies
Passport and Driving License issuers
Vendors of passport and ‘official’ credential issuance products and services
The ISO Study Period deadline for contributions is February 24, 2019.
Proposed DG Chair subject to confirmation by a vote of the DG Participants.
Proposed Chair: Andrew Hughes
Anticipated audience or users of the work.
ISO SC 27/WG 5 study period rapporteurs – to develop a report on use cases for an identity assurance framework
Performers and designers of identity verification or identity proofing processes – to confirm or discover use cases and study for process improvements (e.g. enrolment and registration business units)
Vendors of identity verification or identity proofing services – to confirm or discover use cases
Consumers/buyers of identity verification or identity proofing services – to gain understanding of the potential use cases
Developers of identity assurance, identity proofing and identity verification standards and the related evaluation criteria – to confirm or discover requirements and to ensure that proposed standards are achievable in practice
OpenID Foundation – OpenID Connect working groups – to inform OIDC advancements in identity verification areas
(5) COPYRIGHT POLICY:
Creative Commons Attribution-‐ShareAlike 3.0 Unported or another Organization approved Intellectual Property Rights Policy Option to cover any copyright material that may be produced as a result of DG Participants’ posts to the wiki or email archives.
Kantara Initiative IPR Option: Non-assert Covenant
Names, email addresses, and any constituent affiliations of at least the minimum set of proposers required to support forming the WG. At least 3 proposers must be listed. At least 2 of the proposers must be Kantara Initiative Members - current members list