Privacy Req 10: Difference between revisions
Mary Hodder (talk | contribs) (updated SG for phase II) |
(No difference)
|
Revision as of 20:45, 13 June 2018
<< Back to Baseline Functional Requirements Index
PRIVACY-10. USER OPTION TO DECLINE
USERS MUST have the opportunity to decline registration; decline credential provisioning; decline the presentation of their credentials; and decline release of their attributes or claims.
SUPPLEMENTAL GUIDANCE
Regarding "personal information", see Appendix A, and PRIVACY-1 (DATA MINIMIZATION).
Although an entity's digital identity management functions and transactions should provide an opportunity to the USER to decline to provide personal information or consent to its use, that decision may appropriately result in the partial or complete failure of the entity's intended transaction. (See USABLE-4 (NAVIGATION), USABLE-5 (ACCESSIBILITY) and USABLE-6 (USABILITY FEEDBACK).)
REFERENCES
Further reference materials to aid organizations interested in conforming to these Requirements can be found at the wiki page Supplemental Privacy Guidance; this has been archived at https://workspace.idesg.org/kws/public/download.php/56/Supplemental-Privacy-Guidance.docx
APPLIES TO ACTIVITIES
REGISTRATION, CREDENTIALING, AUTHENTICATION, AUTHORIZATION
KEYWORDS
APPLIES TO ROLES
1 - RELYING PARTIES
2 - IDENTITY PROVIDERS
3 - Attribute Providers
4 – Intermediaries
5 - Credential Service Providers (where there is user interaction)
Quick Links: SALS | Baseline Functional Requirements v1.0 | Glossary |