Privacy Req 4: Difference between revisions
Mary Hodder (talk | contribs) (updated SG phase II) |
m (13 revisions imported: Initial Upload of old pages from IDESG Wiki) |
||
(One intermediate revision by one other user not shown) | |||
Line 14: | Line 14: | ||
See Requirements [[Privacy Req 1|PRIVACY-1 (DATA MINIMIZATION)]] and [[Privacy Req 2|PRIVACY-2 (PURPOSE LIMITATION)]] on the application of limitations to, and scope of, individual transactions and data exchanges. | See Requirements [[Privacy Req 1|PRIVACY-1 (DATA MINIMIZATION)]] and [[Privacy Req 2|PRIVACY-2 (PURPOSE LIMITATION)]] on the application of limitations to, and scope of, individual transactions and data exchanges. | ||
See | === Supplemental Information === | ||
Credentials bound to identifiers, like attributes bound to identifiers, carry increased risk of inappropriate disclosure when stored. See generally [[Privacy_Req_1|PRIVACY-1]]. This requirement PRIVACY-4 assumes that the privacy risk analysis required by [[Privacy_Req_5|PRIVACY-5]] will inform an entity's decisions about credential retention. | |||
=== References and Guidance (non-normative) === | |||
See [[Privacy_Req_2|PRIVACY-2]] and [[Privacy_Req_3|PRIVACY-3]]. | |||
Latest revision as of 04:03, 28 June 2018
<< Back to Baseline Functional Requirements Index
PRIVACY-4. CREDENTIAL LIMITATION
Entities MUST NOT request USERS’ credentials unless necessary for the transaction and then only as appropriate to the risk associated with the transaction or to the risks to the parties associated with the transaction.
SUPPLEMENTAL GUIDANCE
Intermediaries may not have a direct relationship with individuals whose data moves through their systems, but should facilitate endpoints' ability to conform to this Requirement.
See the IDESG Functional Model for definition of Transaction Intermediation for the scope of “intermediaries.” The functional model describes Transaction Intermediation as “Processes and procedures that limit linkages between transactions and facilitate credential portability." This includes functions defined as “Blinding,” “Psuedonymization/Anonymization,” and “Exchange.”
See Requirements PRIVACY-1 (DATA MINIMIZATION) and PRIVACY-2 (PURPOSE LIMITATION) on the application of limitations to, and scope of, individual transactions and data exchanges.
Supplemental Information
Credentials bound to identifiers, like attributes bound to identifiers, carry increased risk of inappropriate disclosure when stored. See generally PRIVACY-1. This requirement PRIVACY-4 assumes that the privacy risk analysis required by PRIVACY-5 will inform an entity's decisions about credential retention.
References and Guidance (non-normative)
REFERENCES
Further reference materials to aid organizations interested in conforming to these Requirements can be found at the wiki page Supplemental Privacy Guidance; this has been archived at https://workspace.idesg.org/kws/public/download.php/56/Supplemental-Privacy-Guidance.docx
APPLIES TO ROLES
1 - RELYING PARTIES
2 - IDENTITY PROVIDERS
3 - Attribute Providers
4 – Intermediaries
5 - Credential Service Providers (where there is user interaction)
APPLIES TO ACTIVITIES
REGISTRATION, CREDENTIALING, AUTHENTICATION, AUTHORIZATION, INTERMEDIATION
KEYWORDS
CREDENTIAL, IDENTIFIER, LIMITATION, PRIVACY, PURPOSE, RISK
Quick Links: SALS | Baseline Functional Requirements v1.0 | Glossary |