Phase III IDEF Registry: Difference between revisions
Jump to navigation
Jump to search
(Created page with "Project details for Phase III are to be tracked here. Phase II IDEF Registry is where the prior phase was tracked. ==Requirements Documents for Phase III== * Interop ...") |
No edit summary |
||
Line 4: | Line 4: | ||
==Requirements Documents for Phase III== | ==Requirements Documents for Phase III== | ||
*[https://tcwiki.azurewebsites.net/index.php?title=Framework_Profile Framework Profile] | |||
* | |||
===Updates completed in Phase II=== | |||
* Interop [[file:Interop_Requirements_Update.docx]] | * Interop [[file:Interop_Requirements_Update.docx]] |
Revision as of 18:49, 7 January 2019
Project details for Phase III are to be tracked here.
Phase II IDEF Registry is where the prior phase was tracked.
Requirements Documents for Phase III
Updates completed in Phase II
- Interop File:Interop Requirements Update.docx
- Privacy File:Privacy Requirements Update.docx
- Security File:Secure Requirements Update.docx
- Usable File:Usable Requirments Update.docx
Archive of Files
Open Issues
after discussions with the team here are a few more thoughts:
- There will be multiple identifier frameworks which have their own set of identity requirements.
- Some of the frameworks will be IDEF compliant.
- All IDESG compliant frameworks will provide a machine-readable method to determine if a web site is a member of the framework
- Especially at the start most frameworks will not be IDEF compliant.
- How should an IDEF compliant entity deal with identifiers that are:
- from within their own framework, ie within Healthcare or within the education internet 2 framework,
- from an external framework that is still IDEF compliant, ie a student being transfer from a school client to the healthcare hospital or from a VA hospital with a PIV card to a public hospital that cannot read it
- from an external framework is is not IDEF compliant, ie from a social network site like Google, FB, Microsoft, etc.
- There is no advice available for entities that do not normally interact with the user on recovery and redress
- No standard has been found that helps to describe how a site with no user connectivity can meet any privacy or security guideline.