Search results

# Relying Parties can get the level of assurance that they need for authentication the user's identifiers. ...be able to provision one. See his evolving work with the emergency contact use case at http://controls.azurewebsites.net

==Full Title of Use Case== # Patient can always get their own data, but only after strong authentication. This data will include a list of existing consent grants. The patient alwa

==Full Title of Use Case== ...ately address patient data or other providers, like lab services, that may use the same or different EHRs.

==Full Title of Use Case== * This use can can easily be extended to other sources of user-provided information, b

==Full Title of Use Case== # Patient can always get their own data, but only after strong authentication. This data will include a list of existing consent grants. The patient alwa

# Creation of a profile for the use of the [[UXC NSTIC Principles]] in the US Healthcare community. ...it has been tried. (It has only worked where some enterprise required its use.)

...rity assurance as well as a paradigm of federated frameworks that we could use in our framework design. *In all cases that are known in 2018, a natural person is required to take responsibility

...online and be able to download it and and share it with others. In those cases trust must be established and shared within the ecosystem by digital means. ...ment and software may need to be checked for compliance and trust prior to use by the patient. For the purposes of this document, all hardware and softwar

...and correction procedures based on user's providing more than one means of authentication to their account. There are a variety of use cases that most of us experience on a steady basis that need to establish as user

In some ways this is similar to existing use case that discuss privacy enhancing technology, but the purpose is quite di ==When to use this Pattern (Context)==

# The user gets to select which of their identifiers they wish to use with the web site. ...tions at that point in time. The current state of the web is recognized as use case 6, Contract of Adhesion.

In some ways this is similar to the existing use case that discusses privacy enhancing technology, but the purpose of the pa ===When to use this Pattern (Context)===

...{ This just provides access to ALL DATA, which should not be needed in all cases. Note that patient's do not actually have access to ALL DATA. Expemptions ...f research might be considered. (In any case we should avoid any alternate use of the term "scope".)

...fact that many people do. We have seen many cases, and one of the symbolic cases is the death of a 23-year-old reality TV actress who was stormed by a mob o ...emble them with the claims that it is authoritative, for example, the user authentication result, and signs them and provides it to D. To make this possible, the use

...[Mobile Driver's License Criteria]] for a high level of [[Identity]] and [[Authentication]] [[Level of Assurance|Assurance]]. ...uding the purpose and scope of data requested, to the mDL holder and never use blanket terms and conditions in lieu of informed consent.</blockquote>

# User selects to use a federated sign in process. (Note that this process may be a related hospi # The user continues onto the authentication steps.

...usted Identifiers in Cyberspace) for healthcare industry makes application authentication assurance statements available at all times for [[Trustworthy Healthcare Pr ...iving care and the one that "owns" the rights to the information. (In some cases the patient allows other users access to their PHI.)

...view of this Identity Wiki extends to the use cases across a range of use cases. This wiki page focuses on the interactions of the patient and their guardi * The majority of the focus will be on the use of a smart phone by the patent to provide a high assurance identifier from

===Use Cases=== * [[Delegate Credentials Use Case]]

This Wiki Page was created to track the use of [https://tcwiki.azurewebsites.net/index.php?title=Self-issued_Identifier .... It is recognized that other use cases also exist, but it seems that this use case covers all the issues.

* This use case was written as the 21th Century Cures act was approved in 2020-05-01 f ...should be able to down load data from and EHR to the patient. The primary use case will focus on that decision by the EHR to allow downloads.

[[Public Health Centers]] as a [[Vulnerable Populations]] use case of the Identity Ecosystem Framework. ...ation at large as well as the vulnerable population have cell phones, this use case will focus on vulnerable patients that have access to a cell phone. Th

...rity of a stand-alone Token to provide high assurance of (1) Identity, (2) Authentication and (3) Federation in high volume, universally accessible web services. ...et. (Shakespeare) A lot of discussion has been focused on the adjective to use the [[Authorization]] Tokens, when the problem is that these tokens provide

*This concept of [[Distributed Identity Proofing]] is described here as a use case for attaining IAL2 identifier assurance in a [[Trustworthy Healthcare ...s [[Guardian]] (parent or other) is acting on the patient's behalf in this use case, but that should have no appreciable impact on the flow described here

...s Act Final Rule] which supports seamless and secure access, exchange, and use of electronic health information ...with the same rejection as was evidenced in earlier attempts at TLS client authentication.

==Full Title of Use Case== ...e needs of the Healthcare community for identity proofing with dual factor authentication (IAL2) and user credential protection (AAL2) in connecting to a Health Info

==Full Title of Use Case== ...eeds of the US Healthcare community for identity proofing with dual factor authentication (IAL2) and user credential protection (AAL2).

...d be only for the duration of a session, but all current IDEF profiles use cases are longer than that. ...granted by the user during registration is some sort of (1) identifier (2) authentication method and (3) email or sms phone number. (these could all be pseudonymous)

...l]] proposal to a broader audience of teams interested in high assurance [[Authentication]]. ...ovide a trust and credentialed Identifier Provider that also performs user authentication.

...imary use case is smart phones running iOS or Android operating systems in use by the patient or their guardian. ...phone use can be included in a comprehensive plan for patient matching and authentication, but since 84% of patients in early 2020 have smart phones, that is the foc

== Use Case Metadata == A general use case which all other use cases can depend (unless they chose not to.)

...ling also might happen at the same entity, but possibly more than once. An authentication process might involve interactions between different entities/roles (IdP, R #Bridge use cases with Functional Model - in terms of functions and roles<br/>

== Use Case Metadata == ====Use Case Lifecycle Status====

...an inter-operable identity commonly used across identity systems, via the use of common standards used by identity providers and relying parties in order ...user has the right to know what data is held about them and to control the use of that data.

...ed at an Identity Provider (IdP). This has lead to a back-lash against the use of the term identity in the technical community. This model uses the term Identifier in places where other models use the term Identity for reasons that should be clear towards the end of the

...been proposed in the [[Functional Requirements]]. This page describes the use of design patterns for user experiences in parts of an Identity Ecosystem a The rationale for the use of patterns as the building blocks for the identity ecosystem was made nice

IRS Identity Theft Use Case -- to prevent filing of fraudulent returns '''Use Case Description''':

The ID Ecosystem root use case is designed to encompass all use cases envisioned by the NSTIC principles '''Use Case Description''':

Health IT Record Location Service Use Case ==Use Case Description==

Generalized Presumptive Authentication presumes that the user needs to sign on with an identity that is known to t [[Category:Authentication Design Pattern]]

...for UXC is commenting on 800-63-3. The standard changes to four levels of authentication to a two position grid. The original four were based on an OMB memo? and w ...y to describe that project is coordinating with TFTM on the UX side on the use of the mark and how it works on our sites and on other sites.

<center>'''E-Authentication Federation Interim Legal Document Suite'''</center> <center>'''Electronic Authentication Partnership (EAP) Trust Framework'''</center>

<center>'''E-Authentication Federation Interim Legal Document Suite'''</center> <center>'''Electronic Authentication Partnership (EAP) Trust Framework'''</center>

Use cases or user experiences can be created at any level within the taxonomy of requ This requirements doc is informed by the efforts of the use case and user experience committee.

== Use Case Metadata == Four Party Authentication and Authorization

'''Use Case Description''': ...ites, either internal or external to the employer's enterprise. While this use case focuses on the employee-employer relationship, it would work equally w

...s discussion – topics are proceeding, Adam will post Sal’s meeting notes. Use case selection to be discussed later today. #Gap Analysis – 14 current use Cases will be examined using gap analysis templates (on-line wiki sources), or ot

#**Without another plan, could present the state of work related to use case analysis relative to draft functional elements. #*Possible missing functions – contextual or step-up authentication, non-authentication attribute verification requests

##USE Case Gap Analysis with 4-party Authentication ##Use Case Mapping Template is included [not actually a Gap Analysis, but will he

== Use Case Metadata == ...aim from a remote device attribute provider to validate the source of user authentication.

'''Use Case Description''': '''Use Case Category''': Trust/Assurance, Authentication, Interoperability, Privacy

# The terms of use of each Trustmark will evolve as user and regulatory understanding grows. ==When to use this Pattern (Context)==

...y capability for users to help them select appropriate providers for their use. An example design shows that the user-oriented and service-oriented functi ...oes need to be described in any specification of trust frameworks. In some cases it is the guardian of the user that needs to be involved in the trust decis

== Use Case Metadata == Privacy enhancing technology generic use case. In some ways this is similar to the functional models produced in oth

== Use Case Metadata == ====Use Case Lifecycle Status====

...t identifying any subject actors. Verb modifiers may be used to refine the use case. Examples: authenticate to system with trusted identity, authenticate Use Case Category:

==Full Title of Use Case== '''Use Case Category''':

The goals set out the needs and constraints on an example for use by a Relying Party (RP) systems design. # Support two factor authentication.

'''Use Case Description''': This use case describes an educational institution as a PIV-I Electronic Credential

...]], [[Two Party Delegation]], [[Three Party Authentication]], [[Four Party Authentication and Authorization]], [[Blacklist]], [[Reliability Scoring]], [[Credential R ...r of Identity Management Systems (IDMSs) are being deployed worldwide that use different technologies for the population of their users. With the diverse

...>Proposed</span> This Use Case is under development by members of the use cases ad hoc group. '''Use Case Description''':

'''Use Case Description''': Medicare Patient logs into MyMedicare.gov site to acce '''Use Case Category''': Authentication

...ing instructions, package/deliverable description, purpose, who and how-to-use, request/next actions, etc. #**#Authentication, with and without intermediary

*This is a joint meeting of the Security Committee and Use Case Committee intended to clarify questions that have developed during the *Use Cases

#*Attribute use case status - has sent out practice statement and request for comments. Req #Discuss completion of Use Case Analyses

...from Tom Jones: For the UXC evaluation of the changes to NIST SP 800-63 on authentication **Action: Tom to create a new page on the wiki User Authentication Experience – how an individual will understand their state.