Identity Assurance Framework

 

Additional Requirements for Credential Service Providers: US Federal Privacy Criteria

 

 

Version: 2.0

Date: 2012-02-15

Editor:   David Wasley, Internet 2
Joni Brennan, Kantara Initiative

Contributors:

http://kantarainitiative.org/confluence/x/GQAGAw

Status: This document is a Kantara Initiative Report , approved by the Identity Assurance WG (see section 3.8 of the Kantara Initiative Operating Procedures)

Abstract:

This K a n t a r a I n i t i a t i v e Additional Requirements f o r Credential Service Providers (CSPs) describes criteria that must be met by CSPs t h a t are certified under the Kantara Identity Assurance Framework (IAF) and d e s i r e additional cer t i f i c a t i o n f o r i n t er o p er a t i o n w i th U S F e d er a l A g e n c y a p p li c a t i o n s u n d e r t h e O p e n G ov er n m e n t p r og r a m .
 

Note: On 12 July 2011, the Kantara Assurance Review Board unanimously voted to accept the FICAM Privacy Guidance for Trust Framework Assessors and Auditors   Version 1.0 as an assessment guide applicable to these US Federal Privacy Criteria. That document should be reviewed and considered by Assessors and Auditors when determining whether an Applicant CSP should be approved against the criteria described in this document, and during re-assessment audits required for renewal of a certification. The full FICAM Privacy Guidance document can be found on the Federal Identity Management home page or by following this link : http://www.idmanagement.gov/drilldown.cfm?action=openID_openGOV

 

Filename: Kantara Initiative_IAWG_US FPC Report_v2.0doc

 


Notice:

T h i s do c u me n t h a s b e e n p r e p a r e d b y P a r t i c i p a n t s o f K a n t a ra I n iti a t i v e . P e r m i s s i o n i s h e r e b y g r a n t e d t o u s e t h e d o c u me n t s o l e l y f o r t h e p u r po s e o f i m p l eme n t i n g t h e S p e c i f i c a t i o n . N o r i g h t s a r e g r a n t e d t o p r e p a r e d e r i v a t i v e w o r k s o f t h i s S p ec i f i c a t i o n .

E n t it i e s s e e k i n g p e r m i s s i o n t o r e p r o d u c e p o r t i on s o f t h i s d o c u m e n t f o r o t h e r u s e s m u s t

c o n t a c t K a n t a ra I n i ti a t i v e t o d e t e r m i n e w h e t h e r a n a p p r o p r i a t e l i c e n s e f o r s u c h u s e i s a v a il a b l e .

 

  I m p l e m e n t a t i o n o r u s e o f c e r t a i n e l eme n t s o f t h i s do c u me n t m a y r e q u i re l i ce n s e s und e r t h i r d p a r t y i n t e l l e c t u a l p r o p e r t y r i g h t s , i n c l u d i n g w i t ho u t l i m i t a t i o n , p a t e n t r i g h t s . T h e P a r t i c i p a n t s o f a n d a n y o t h e r c o n t r i b u t o r s t o t h e S p e c i f i c a t i o n a r e n o t a n d s h a l l n o t b e h e l d r e s pon s i b l e i n a n y m a n n e r f o r i d e n t i f y i n g o r f a il i n g t o i d e n t i fy a n y o r a l l s u c h t h i r d p a r t y i n t e l l e c t u a l p r o p e r t y r i g h t s T h i s S p e c i f i c a t i o n i s p r o v i d e d " A S I S , " a n d n o P a r t i c i p a n t i n t h e K a n t a ra I n iti a t i v e m a k e s a n y w a rr a n t y o f a n y k i n d , e x p r e ss e d o r i m p l i e d , i n c l u d i n g a n y i m p l i e d w a rr a n t i e s o f m e r c h a n t a b i li t y , n o n - i n fr i ng em e n t o f t h i r d p a r t y i n t e l l e c t u a l p r o p e r t y r i g h t s , a n d f i t n e s s f o r a p a r t i c u l a r p u r po s e . I m p l em e n t e r s o f t h i s S p ec i f i c a t i o n a re a d v i s e d t o r e v i e w t h e K a n t a ra I n iti a ti v e s w e b s i t e ( h tt p : / / www . k a n t a r a i n i t i a t i v e . o r g ) f o r i n f o r m a t i o n c o n c e r n i n g a n y N ece s s a ry C l a i m s D i s c l o s u r e N o t i ce s t h a t h a v e b e e n r e ce i v e d b y t h e K a n t a ra I n iti a t i v e B o a r d o f T r u s t e e s .

 

T h e c o n t e n t o f t h i s d o c u m e n t i s c o py r i g h t o f K a n t a ra I n i ti a t i v e . © 2 01 2 K a n t a ra I n i ti a t i v e .

 

1         
INTRODUCTION

K a n t a r a I n i t i a t i v e Additional Requirements f o r Credential Service Providers ( C S P s) describes criteria that must be met by CSPs t h a t are certified u nd e r t h e Identity Assurance Framework ( I A F) and desire additional certification f o r i n t er o p er a t i o n w i th U S F e d er a l A g e n c y a p p li c a t i o n s u n d e r t h e O p e n G ov er n m e n t p r og r a m .

 

T h ese additional criteria s u pp l eme n t t h e K a n t a ra I A F l e v e l o f a s s u r a n c e r e q u i r eme n t s f o un d i n t h e Service Assessment Criteria ( S A C) . The r e q u i r em e n t s f o un d i n t h e I A F S A C and t h ese additional criteria a p p l y only to CSPs, not to R e l y i n g P a r t ies ( R P s ). T h e K a n t a ra I n i t i a ti v e I d e n t i t y As s u r a n c e P r o g r a m , a c t i n g i n t h e c a p ac i t y o f a T r u s t F r ame w o rk P r o v i d e r t o t h e U S F e d e r a l G o v e r n me n t , a s s u me s t h a t a l l U S A g e n c y R P a p p l i c a t i on s w il l o p e r a t e i n c o m p l i a n c e with a l l U S F e d e r a l p r i v ac y a n d i d e n t i t y m a n a g e me n t p o l i c i e s , l a w s a n d r e g u l a ti on s which include privacy protections for citizen personally identifiable information (PII).

 

2          Identity Subject Privacy Requirements

T h e C r e d e n ti a l S e r v i c e P r o v i d e r m u s t a ss e r t a n d c o m p l y w i t h a n I d e n tit y S u b j e c t (Subject) p r i v ac y p o l i c y t h a t p r o v i d e s f o r a t l e a s t t h e f o l l o w i n g :

 

2.1   I n f o r m e d C o n s e n t A t t h e ti m e t h e S u b j e c t i n i ti a t e s r e g i s t r a t i o n , t h e C S P m u s t p r o v i d e t h e S u b j e c t a g e n e r a l d e s c r i p t i o n o f t h e s e r v i c e a n d ho w i t o p e r a t e s i n c l u d i n g w h a t i n f o r m a t i o n , i f a n y , m a y b e r e l e a s e d b y d e f a u l t t o a n y R e l y i n g P a r t y .  I f t h e S u b j e c t i n d i c a t e s i n t e n t t o u s e t h e s e r v i c e t o g a i n a cce s s t o F e d e r a l go v e r n m e n t a p p l i c a ti on s , the CSP m u s t m a k e a v a il a b l e t o t h e S ub j e c t a description of w h a t a dd i t i on a l i n f o r m a t i o n , i f a n y , m a y b e r e l e a s e d t o s u c h a p p l i c a t i on s . T h e S u b j e c t m u s t i n d i c a t e c o n s e n t t o t h e s e p r o v i s i o n s b e f o r e r e g i s t r a t i o n c a n b e c o m p l e t e d .

 

C S P s s h o u l d p r o v i d e a me c h a n i s m f o r S ub j e c t s t o d e n y r e l e a s e o f i n d i v i d u a l a tt r i b u t e s t o F e d e r a l g o v e r n m e n t a p p l i c a t i on s , a s s p e c i f i e d a n d s p e c i f i c a l l y a c c o m m o d a t e d f o r i n t h e I C A M a p p r o v e d A u t h e n t i c a t i o n S c h em e b e i n g u t il i z e d b y t h e C S P . It i s r e c og n i z e d , a n d t h e S u b j e c t s h o u l d b e c a u ti on e d t h a t s u c h d e n i a l m a y r e s u l t i n a d e n i a l o f s e r v i c e b y t h e a pp li c a t i o n u n l e s s a l t e r n a t e me a n s o f a c c e s s a re p r o v i d e d t o t h e S u b j e c t b y t h e a pp l i c a t i o n i t s e l f .

 

If Subjects are allowed to establish a continuing approval or denial for release of certain attributes, for example to avoid being asked anew each time, then there must be some mechanism by which an Subject can alter or withdraw any of those established preferences.

 

N o t e : C S P s a r e n o t e xp e c t e d t o p r o v i d e s u c h a m ec h a n i s m f o r a tt r i b u t e - l e v e l o p t - o u t f o r S u b j e c t s w h e n t h e I d e n t i t y S u b j e c t i s e n g a g i n g w i t h a g ov e r n m e n t a pp l i c a t i o n o n b e h a l f o f t h e i r em p l oy e r o r u n i v e r s i t y .  However, the a tt r i b u t e s r e q u i r e d b y t h e R P a p p l i c a t i o n t o c o m p l e t e t h e t r a n s a c t i o n must be p r e - a rr a ng e d b y p o l i c y a g r ee d t o b e t w e e n t h e C S P a n d t h e R P w e l l i n a d v a n c e o f t h e t r a n s a c t i o n and must comply with section 2.3 below .

 

2.2   O p t i o n a l P a r t i c i p a t i o n S ub j ec t s t h a t a r e me m b e r s , f o r e x a m p l e e m p l oy ee s , f a c u l t y , o r s t ud e n t s , o f a n o r g a n i z a t i o n t h a t p r o v i d e s i d e n t i t y s e r v i c e s a s p a rt o f i t s b u s i n e s s p r o c e ss e s s h o u l d b e a ll o w e d t o o p t - o u t o f u s i n g t h a t o r g a n i z a t i o n s i d e n ti t y s e r v i c e s t o g a i n acce s s t o g o v e r n m e n t a p p l i c a t i on s i f s u c h a c ce s s i s n o t r e q u i r e d b y t h e i r o r g a n i z a t i o n a l r e s p o n s i b i lit i e s o r t h e r e i s a n a lt e r n a t e m e a n s o f acce s s t o t h e g o v e r n m e n t a p p l i c a t i o n .

 

2.3   M i n i m a li s m CSP m u s t t r a n s m i t o n l y t h o s e a tt r i b u t e s t h a t a r e e x p l i c it l y r e q u e s t e d b y t h e F e d e r a l R P a p p l i c a t i o n o r r e q u i r e d b y t h e F e d e r a l i d e n ti t y a ss e r t i o n p r o f i l e .

 

2.4   U n i q u e I d e n t i t y - - F e d e r a l a p p l i c a t i o n s t h a t d o n o t r e q u i r e PII m u s t b e g i v e n a p e r s i s t e n t a b s t r a c t i d e n t i f i e r un i q u e t o t h e i n d i v i d u a l S ub j e c t . W h e n a l l o w e d b y t h e t e c hn o l o g y , t h e C S P m u s t c r e a t e a un i q u e i d e n t i f i e r f o r t h e S u b j e c t t h a t i s a l s o un i q u e t o e a c h F e d e r a l a p p l i c a t i o n .

 

2.5   N o A c t i v i t y T r a c k i n g C S P s m u s t no t d i s c l o s e i n f o r m a t i o n r e g a r d i n g S u b j e c t a c t i v i t i e s w i t h a n y F e d e r a l a p p l i c a t i o n t o a n y o t h e r p a r t y o r u s e t h e i n f o r m a t i o n f o r a n y p u r po s e o t h e r t h a n p r o b l e m r e s o l u t i o n t o s upp o rt p r o p e r o p e r a t i o n o f t h e i d e n ti t y s e r v i c e , o r a s r e q u i r e d b y l a w .

 

2.6   A d e q u a te N o t i c e A t t h e ti m e a n S ub j e c t i n iti a t e s acce s s t o a F e d e r a l g ov e r n me n t a p p l i c a t i o n , t h a t a p p l i c a t i o n m a y p r o v i d e t e x t t o b e d i s p l a y e d t o t h e S u b j e c t b e f o re a n y P II i s p r o v i d e d t o t h e a p p l i c a t i o n b y t h e C S P . T h a t t e x t m a y i n c l ud e

          a g e n e r a l d e s c r i p t i o n o f t h e a u t h e n t i c a t i o n e v e n t ,

          a n y t r a n s ac t i on ( s ) w i t h t h e F e d e r a l a p p l i c a t i o n ,

          t h e p u r p o s e o f t h e t r a n s a c t i o n ( s ),

      a n d a d e s c r i p t i o n o f a n y d i s c l o s u re o r t r a n s m i s s i o n o f P II t h a t w i l l b e r e qu e s t e d b y t h e F e d e r a l a p p l i c a t i o n .

T h e S u b j e c t s h o u l d b e a ll o w e d t o c a n c e l t h e a c ce s s t r a n s a c t i o n a t t h i s p o i n t .

 

2.7   T er m i n a t i o n I n t h e e v e n t a C S P c e a s e s t o p r o v i d e credential services , t h e CSP must ensure that a n y s e n s it i v e d a t a i n c l u d i n g P II continues to be protected a n d d e s t r oy ed a s s o o n a s it s p r e s e r v a t i o n i s n o l o n g e r r e q u i r e d b y l a w o r r e g u l a t i o n .

 

2.8   C h a n g e s i n t h e S er v i c e If t h e C S P a l t e rs t h e t e r m s o f u s e o f t h e s e r v i c e , p r o m p t n o t i c e m u s t b e p r o v i d e d t o all S u b j e c t s . S u c h n o t i c e m u s t i n c l u d e a c l e a r d e l i n e a ti o n o f w h a t h a s c h a ng e d a n d t h e p u r po s e o f s u c h c h a n g e s .

 

2.9   D i s pu te R e s o l u t i o n C SP s m u s t h a v e a d i s p u t e r e s o l u t i o n p r o ce s s f o r a dd r e s s i n g a n y d i s p u t e r e s u lt i n g f r o m a c o m p l a i n t f i l e d b y a S ub j e c t u tili z i n g i t s s e r v i c e w h o n o ti f i e s t h e C S P r e g a r d i n g a f a il u r e t o c o m p l y w i t h a n y t e r m s i n t h e C S P S e r v i c e D e f i n it i o n r e q u i r e d b y t h e S A C, a n d / o r a n y a d d it i o n a l c r i t e r i a d e f i n e d i n t h i s document . T h e C S P m u s t p r o v i d e e v i d e n c e t o t h e i r K a n t a ra I n i t i a t i v e A cc r e d i t e d Ass e ss o r b o t h o f t h e e x i s t e n c e o f t h i s p r o ce s s a n d i t s c o m p l i a n c e t h e r e t o .

 

2.10    T ec hn o l og y R e qu i r e m e n ts C S P s m u s t use o n e o r m o r e o f t h e IC A M - a pp r o v e d identity assertion protocol profiles w h e n e ng a g e d i n a n y i d e n ti t y t r a n s ac t i o n w i t h g ov e r n m e n t a p p l i c a t i on s . ( S e e h tt p :/ / www . i d m a n a g e m e n t. go v f o r t h e c u r r e n t l i s t o f p r o t o c o l profile s f r o m w h i c h t o c h oo s e . )

 


Acronyms Used in this Document

 

CSP Credential Service Provider

IAF Identity Assurance Framework

ICAM Identity, Credentialing, and Access Management

PII Personally Identifiable Information

RP Relying Party

SAC Service Assessment Criteria

US United States

WG Working Group