Privacy Req 15ng

From IDESG Wiki
Revision as of 04:02, 28 June 2018 by Omaerz (talk | contribs) (10 revisions imported: Initial Upload of old pages from IDESG Wiki)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

<< Back to Baseline Functional Requirements Index

PRIVACY-15. ATTRIBUTE SEGREGATION

Wherever feasible, identifier data MUST be segregated from attribute data.

SUPPLEMENTAL GUIDANCE

First of all it must be understood that any user attribute can be used to narrow the pool of potential real world human beings to the point where the real world identity can be determined. That said, there are a set of user identifiers which must be protected from disclosure above more general user information. An example of the identifiers that need special protection inlcude:

  1. Legal Name
  2. Social Security Number
  3. Street address of domicile
  4. Cell phone number
  5. Email address

When recent identity protocols (like OpenID Connect) are used it is technically possible to authenticate a user with no user identifiers or attributes at all. In that case the user identifiers in the protocol between digital entities should be opaque to the extent that any party outside of the Identity Provider and the Relying party will not be able to use those identifiers in any other context. In that case other baseline requirements will apply.

REFERENCES

Further reference materials to aid organizations interested in conforming to these Requirements can be found at the wiki page Supplemental Privacy Guidance; this has been archived at https://workspace.idesg.org/kws/public/download.php/56/Supplemental-Privacy-Guidance.docx

APPLIES TO ACTIVITIES

REGISTRATION, CREDENTIALING, AUTHORIZATION

KEYWORDS

ARCHITECTURE, ATTRIBUTE, IDENTIFIER, PRIVACY, PROCESS




Quick Links: SALS | Baseline Functional Requirements v1.0 | Glossary |