IDENTITY ASSURANCE FRAMEWORK:
US Federal Privacy Profile
Date: 2009 -11-23
Editor: David Wasley
Filename: Identity Assurance Framework- US Federal Privacy Profile v.1DRAFT
This document has been prepared by Participants of Kantara Initiative. Permission is hereby granted to use the document solely for the purpose of implementing the Specification. No rights are granted to prepare derivative works of this Specification. Entities seeking permission to reproduce portions of this document for other uses must contact Kantara Initiative to determine whether an appropriate license for such use is available.
Implementation or use of certain elements of this document may require licenses under third party intellectual property rights, including without limitation, patent rights. The Participants of and any other contributors to the Specification are not and shall not be held responsible in any manner for identifying or failing to identify any or all such third party intellectual property rights. This Specification is provided "AS IS," and no Participant in the Kantara Initiative makes any warranty of any kind, expressed or implied, including any implied warranties of merchantability, non-infringement of third party intellectual property rights, and fitness for a particular purpose. Implementers of this Specification are advised to review the Kantara Initiative’s website (http://www.kantarainitiative.org/) for information concerning any Necessary Claims Disclosure Notices that have been received by the Kantara Initiative Board of Trustees.
The content of this document is copyright of Kantara Initiative. © 2009 Kantara Initiative.
Proposed Kantara Initiative Privacy Profile for CSPs that desire certification for interoperation with the US Federal Agencies under the GSA ICAM program.
FOR DISCUSSION & FURTHER REVIEW
[Ed note: Context and background to be added; linkage with Kantara IAF to be described; etc.]
- Informed Consent – CSP must inform the Identity Subject what information, if any, may be released by default to any Relying Party and must make available to the Identity Subject what additional information, if any, may be released to Federal government applications before any Identity Subject information is transmitted to any government applications.
Identity Provider should provide a mechanism for Identity Subjects to deny release of individual attributes for specific or any government applications unless required by their job duties. Such denial may result in a denial of service unless alternate means of access are provided by the application.
- Optional Participation – Identity Subjects that are members of an organization that provides identity services as part of its business processes should be allowed to Opt Out of using that organization’s identity services to gain access to government applications if such access is not required by their job duties or there is alternate means of access to the government application.
- Minimalism – Identity Provider must transmit only those attributes that are explicitly requested by the Federal RP application or required by the Federal identity assertion profile.
- Unique Identity -- Federal applications that do not require personally identifiable identity information (PII) must be given a persistent abstract identifier unique to the individual Identity Subject. When allowed by the technology, the CSP must create a unique identifier for the Identity Subject that is also unique to each Federal application.
- No Activity Tracking – CSPs must not disclose information regarding Identity Subject activities with any Federal application to any party or use the information for any purpose other than to support proper operation of the identity service, except as required by law.
- Adequate Notice – Identity Provider must provide Identity Subjects with adequate notice regarding their identity services and federated authentication. Adequate Notice includes a general description of the service and how it operates.
In addition, unless specifically forbidden by law or regulation, Identity Subjects should be able to obtain easily a record of their use of the service within the most recent 6 months for access to Federal government applications including authentication events, any identity transaction(s) with government applications, and a description of any disclosure or transmission of PII to any government application.
- Termination – In the event an Identity Provider ceases to provide this service, the Provider shall continue to protect any sensitive data including PII and destroy it as soon as its preservation is no longer required by law or regulation.