Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This Discussion Group


The purpose of this DG is to gather use cases from organizations that perform or require identity assurance.

The DG will create a Report containing the use cases, which will be processed into a format suitable for contribution into the ISO SC 27/WG 5 Study Period to collect and document Use Cases for an Identity Assurance Framework.

The contribution is expected to go via the Kantara Initiative Liaison and may also be contributed to ISO via one or more National Standards Bodies as determined by the DG Participants.

The ISO SC 27/WG 5 Study Period


ISO SC 27/WG 5 “Identity management and privacy technologies” has opened a new Study Period to collect and document Use Cases for an Identity Assurance Framework with a scope of:

To compile a set of business use cases that require identity assurance, which can be analyzed to produce functional requirements for identity assurance. These functional requirements can inform the review of TS 29003 and the contents of a potential Identity assurance framework International Standard, and also inform the evolution of ISO/IEC 29115.

SC 27/WG 5 describes Identity Assurance as:

  1. identity assurance is the term used to describe an assured process where:

    1. An identity is established through verification of a set of identity attributes using acceptable evidence or validated systemically against an authoritative data source; then

    2. This identity is bound to the entity.

    3. The outcome of the process is one or more assured identifiers that can be used as the basis for authentication.

    4. The process and the organization operating the process are assured in accordance with a defined policy that includes:

      1. A governance body or authority;

      2. A policy specification that is systemized in a process;

      3. One or more organizations that operate the process;

      4. The detection of policy violations, anomalies and indicators of compromise, and actions to address them;

      5. One or more organizations that assure and enforce the process and the processing organizations.


See Notes on ISO terminology for a breakdown of this description of Identity Assurance

NOTE: Identity assurance is related to, but not identical to, “Identity Verification” and “Identity Proofing”. Therefore, the DG will seek out use cases from organizations that perform identity verification or identity proofing, in anticipation of discovery of applicable use cases.


Use cases

The DG will collect "use cases" which contain sufficient detail to derive requirements for organizations performing identity assurance processes.

A use case is a description of the possible sequences of interactions between the system under discussion and its external actors, related to a particular goal.

  • The 'system' in our case is the assured process operated by the organization.
  • (To be discussed in DG): The main stakeholder should be either the 'owner'/operator of the assured process; or, the 'customer' of that assured process.
  • The main goal should be to establish an identity, bind it to the entity, and to result in one or more assured identifiers (bullets a, b, c above).
  • The use case is intended to describe the functional behaviour of the system.

See Use Case style and instructions for a longer description about use case writing and suggestions for content and process.

Anticipated DG Participants

The DG wishes to engage organizations in a number of domains including:

  • ID Proofing and Verification services

  • Government registration agencies

  • Private sector registration agencies

  • Law enforcement

  • Border control

  • Passport and Driving License issuers


  • Vendors of passport and ‘official’ credential issuance products and services

    Who should join the DG?
    Companies and organizations that 

    • perform identity proofing or verification services
    • consume and rely on identity proofing or verification services
    • write standards for identity proofing, verification and their assurance


    Which job roles should be represented?

    • Managers of organizational units that are accountable for user registration or enrolment.
    • Purchasing managers who require suppliers to meet standards for identity proofing.
    • Front-line staff whose job function relies directly on assured identities.
    • Some examples: passport and citizenship offices, private sector businesses offering regulated or restricted product sales, law enforcement, border control, vital events departments, driving licenses, identity provider and credential service providers, healthcare services, blockchain identity companies. 

    Timeframe


    The ISO Study Period deadline for contributions is February 24, 2019.

    This means that this DG must have its report completed and agreed by mid-February at the latest.

    Panel

    Chair:

    Andrew Hughes

    Teleconference info:

    Wednesdays, 60 minutes, on GTM2:
    11:00 Pacific Time
    14:00 Eastern Time
    19:00 UTC

    Dial In Information:

    https://global.gotomeeting.com/join/132339365 

    You can also dial in using your phone. 
    United States: +1 (646) 749-3117 

    Access Code: 132-339-365 

    More phone numbers 
    Australia: +61 2 8355 1038 
    Austria: +43 7 2081 5337 
    Belgium: +32 28 93 7002 
    Canada: +1 (647) 497-9373 
    Denmark: +45 32 72 03 69 
    Finland: +358 923 17 0556 
    France: +33 170 950 590 
    Germany: +49 693 8098 999 
    Ireland: +353 15 295 146 
    Italy: +39 0 230 57 81 80 
    Netherlands: +31 202 251 001 
    New Zealand: +64 9 913 2226 
    Norway: +47 21 93 37 37 
    Spain: +34 932 75 1230 
    Sweden: +46 853 527 818 
    Switzerland: +41 315 2081 00 
    United Kingdom: +44 330 221 0097 

    First GoToMeeting? Let's do a quick system check:https://link.gotomeeting.com/system-check 

    Panel

    Navigate space

    Page Tree Search
     
    Page Tree

    Section
    bordertrue
    Column

    Recent space activity

    Expand

    Recently Updated

    Column

    Space contributors

    Contributors
    modelist
    scopedescendants
    limit5
    showLastTimetrue
    orderupdate