Search results

...the [http://openid.net/specs/openid-connect-core-1_0.html Open ID Connect standard] claims. In those cases the lower case underline separate name was converte

* A minimalist standard taxonomy of data type is presented for user choice. * The RP uses a standard protocol and taxonomy to request the information needed from the user.

'''Category''': Security Requirements Standard '''Security''': The document is an information security standard. The document specifies security requirements on the

...S 140-2 and a framework for testing whether implementations conform to the standard. Every assertion from FIPS 140-2 is identified and given a requirement num

'''Title''': Digital Signature Standard

'''Security''': The document is an information security standard.

auditing of compliance with privacy policies. The standard permits card issuers to maintain a documentary '''Interoperability''': The purpose of the standard is to promote interoperability among PIV system components, across

**Chat from Paul Knight: Please also add brief entry per standard in Standards Inventory list at https://wiki.idesg.org/wiki/index.php?title= (note the "Add Standard" button there. The other two standards will be submitted shortly by Mary, I

*This isn't part of a standard, it's part of Best Practices. In order to have interop you have to have ag

...the form. It was for ergonomics of human-system interaction. Ergonomic standard to improve Human Computer Interaction (HCI). Mary will submit the forms la ...://wiki.idesg.org/wiki/index.php?title=Category%3AStandards (note the "Add Standard" button there

advance encryption standard (AES) ...ipher that can encrypt (encipher) and decrypt (decipher) information. This standard specifies the Rijndael algorithm, a symmetric block cipher that can process

<nowiki>An XML-based standard defining a means for making assertions about events, attributes, and policy Information Technology Security Evaluation (equivalent to ISO standard 15408).

=== STANDARD ===

:* NIST 800-63-2 (Standard approval) :* ISO/IEC 27001 (Standard approval)

A '''"Definition"''' is a piece of text - as you would find typically in a standard dictionary - that sufficiently explains the concept and (ideally) distingui

...tandards adopted by the IDESG plenary, along with metadata about each such standard as specified by the IDESG Standards Coordinating Committee (SCC) Charter. ...ations only and are neither mandatory nor normative. Within the IDESG, any standard that is normatively referenced within an IDEF document MUST have been appro

'''Category''': Document Development Standard [[Category:Document Development Standard]]

'''Description''': A standard framework for Certificate Policies (CPs) and Certification Practice Stateme '''Security''': The document is an information security standard.

'''Category''': Naming Standard Specification [[Category:Naming Standard Specification]]

'''Category''': Document Development Standard '''Terms''': [[Standard]], [[International Standard]], [[International Standard]], [[Technical Specification]], [[Technical Report]], [[Guide]], [[Publicly

The intention of this International Standard, when used in conjunction with the information security objectives and cont This International Standard does not replace applicable legislation and regulations, but can assist by

'''Description''': This International Standard provides a high-level framework for the protection of personally identifiab

ISO/IEC 27001 is the best-known standard in the family providing requirements for an information security management '''Security''': A commonly used standard used for online systems.

...d, protect the confidentiality of data. While not specifically a “privacy” standard, the controls address access and encryption of sensitive information which

...dations] were published in 1984 (Red Book). They were designed to become a standard for identifying users, but that role has been assumed by internet email add There is an internet standard that requires the user select, or be assigned, an unique identifier called

eventually through standard development organizations and adoption by the IDESG.

...nclude standards that are not relevant to security. Anyone can nominate a standard to the Standards Committee, but the Security Committee as a whole should no

**ISO 29115 the Security Committee had already submitted this standard to the Standards Committee. ...OK to include if there are no endorsement of products. We have a minimum standard for quality and it has to help people in a more general way. Mary will add

...ncil will be making some recommendations on the process; this is the first standard brought forward and is getting a lot of visibility.

...the impact? One idea to think about for UXC is commenting on 800-63-3. The standard changes to four levels of authentication to a two position grid. The origi

*Action: Tom Jones will look at the standard for UX; Ellen volunteered to answer any additional questions at next week� ...at the reports that are generated for the usage logs. They are a default standard for what WordPress does. We could make a recommendation on what the log re

...and submitted with the nominated standard. Appears anyone can nominate a standard. ...se with Cathy Tilton to familiarize himself with the process to nominate a standard.

...ted (3) distinguish among a standard and how to test a standard; does each standard that we have, come with an associated test plan. All three valid, but purpo ...ho are going to attest to our requirements, that if they implement a given standard they already attest to a set or all of our requirements.

...given feedback to this section on users with disabilities. There is an ISO standard in terms of user that would be helpful to look at. Mary added “reasonab

...il for consideration. Lacking any other standards, they are recommending a standard Level Of Assurance (LOA) 3 for accessing their own protected health informa ...uss. Adam Madlin will follow-up with Adrien to discuss his opinion on this standard and will report back to the Security Committee.

...catalogue_detail.htm?csnumber=58625 (keep).Ann will request review copy of standard; UXC to add as SCC inventory. **8. Mary to ask for MA for ISO Standard Review copy (keep)

...-profit alliance. Being used worldwide. UK Government is using FIDO as a standard and is something this group should be considering. https://fidoalliance.or ...a smart chip. It is simple for people to enroll and it is portable. This standard fits under the GSMA umbrella of standards.

*Security Committee submission of standard

...king on supplemental guidance and a new reference page. They will vote on standard 80063 and the committee is recommending approval.

**Mary has asked for a copy of the third standard on usability and is waiting for a response.

# Ellen suggests possible standard for SCC to review. This was in a response to ARR request. Wait until she

...ew is that assurance should be left to market and not formalized in single standard. There seemed to be a consensus on this among those present. ...tory and business relationships, or don't. There is no contract or formal standard involved. This is an example of actual practice. David also noted that OI

**Mary has asked for a copy of the third standard on usability and is waiting for a response. The two standards applications

4. Ellen suggests possible standard for SCC to review. This was in a response to ARR request. Wait until she

** Is there a standard re: how and when to destroy?

...urity''': The document provides test resources for an information security standard.

...ity Domain]], [[Security Policy]], [[Security Strength]], [[Semantics]], [[Standard]], [[Store (key/metadata)]], [[Suspended State]], [[Syntax]], [[Trust]], [[

* [[ISO/IEC 29115 Entity Authentication Assurance]] was derived from this standard. [[Federal Information Processing Standard]], [[Guessing Entropy]],

'''Category''': Document Development Standard [[Category:Document Development Standard]]

The complete SAML 2.0 Standard is a set of specifications that includes: ...df Executive Overview] is available as a non-technical introduction to the Standard as well as a [http://www.oasis-open.org/committees/download.php/27819/sstc-

'''Security''': The document defines terms used in an information security standard.

'''Category''': Document Development Standard [[Category:Document Development Standard]]

5. Intellectual Property Control (IPC) Profile Version 1.0 OASIS Standard, 19 January 2015 6. Export Compliance-US (EC-US) Profile Version 1.0 OASIS Standard, 19 Jan 2015

'''Title''': Extensible Name Language (xNL) Standard Description Document for W3C DTD/Schema '''Category''': Naming Standard Specification

#** in fact, how we define the best approach, using a standard tool or methodology, etc. may be an area where we could use SME from the se

...vents/media-resources/protectingconsumer-privacy/do-not-track Do Not Track standard work at the W3C: http://www.w3.org/2011/tracking-protection/ *The Kantara Consent & Information Sharing Work Group (CISWG) now has a draft standard for informing the user of the status of the user stipulations. That draft i

'''Security''': The document is an information security standard.

'''Title''': OpenID Connect Standard 1.0 '''URL''': http://openid.net/specs/openid-connect-standard-1_0.html (deprecated, now just links to the following:

'''Category''': Credential Requirements Standard

# No standard has been found that helps to describe how a site with no user connectivity

# The RP uses a standard protocol and taxonomy to request the information needed from the user. ...and other token types. Token composition is not well defined in any extant standard and needs to be addressed by the ecosystem.

...and other token types. Token composition is not well defined in any extant standard and needs to be addressed by the ecosystem.

| OAuth 2 Standard Adoption || [[Standards]] || 10 September 2015 || No privacy issues || 3 No ...www.idecosystem.org/filedepot/folder/161?fid=1631 Privacy Eval of SAML 2.0 Standard]

...Part 164, at §§ 164.502(b) and 164.514(d): "minimum necessary" disclosure standard.

* See the "minimum necessary" disclosure standard in HIPAA regulations for health care transactions, 45 CFR Part 164, at §§

...a user understandable name for a digital entity. In particular there is no standard way for the RP to acquire display name of the IdP using dynamic registratio No widely accepted standard method exists for distinct digital entities in a trust framework to prove t

...k recognized by us and groups / sites such as userexperiencedesigns.com as standard UX and Usability work to support the IDESG and NSTIC Goals.<br />

All these approaches follow the ISO standard [http://www.iso.org/iso/catalogue_detail.htm?csnumber=52075 Human-centred d The ISO standard describes 6 key principles that will ensure a design is user centered:

::• If standard definitions are available, they should be used. ::• Do Not Track standard work at the WC3: http://www.w3.org/2011/tracking-protection/

If standard definitions are available, they should be used.

Do Not Track standard work at the W3C: http://www.w3.org/2011/tracking-protection/

...be very helpful in forming a list of user attributes to be requested in an standard user choice design. Specifically in August 2014 the number of detailed perm

The Abstract from the standard states it best: ...at have blocked standardization of this well-known, and well-regarded (non)standard.

...bally trusted certificate authorities trusted by the browser source. These standard "domain validated" certificates provide no authoritative identity assurance ...dardsaustralia.github.io/infosec/#symbols-and-abbreviated-terms Australian standard] looks like FAPI, but may be more broadly targeted.

...aphic matching, bio-metrics, disease history, whatever (maybe even the old standard, the social security number). * [https://www.iso.org/standard/62653.html ISO 22600-1:2014] Health informatics -- Privilege management and

...ble for query by any potential participant prior to any engagement using a standard web [[API]]. Potential users need to understand the results before they com

# No standard has been found that helps to describe how a site with no user connectivity ...ere is already a relationship with the users, there is no similar metadata standard for open environments.

# Wide implementation is a prerequisite for any standard artifact to gain credence.

(d)Standard: Person or entity authentication. Implement procedures to verify that a per (1)Standard: Transmission security. Implement technical security measures to guard agai

...aphic matching, bio-metrics, disease history, whatever (maybe even the old standard, the social security number).

*[https://protocol.jlinc.org/#4-establishing-a-sisa JLink - establishing a Standard [[Information Sharing Agreement]] web page].

common digital Consent Receipt Format standard. We of a standard ‘Consent Receipt’ schema. The Consent

* iss = issuer unchanged for standard IdP, try to find the right way to identify a self-issued user.

*This page is addressed to the contexts of the evolving standard.

...rd, even, like ladders, which included the manufacturers of ladders in the standard development.

# A Standard or spec or piece of best practice with clear, auditable requirements that h

...velopers to coalesce around the development and implementation of a common standard for application registration with an API's authorization server. - - - Howe

...velopers to coalesce around the development and implementation of a common standard for application registration with an API's authorization server. - - - Howe ...e Health Level 7 (HL7®) Fast Healthcare Interoperability Resources (FHIR®) standard and relevant technical standards.</blockquote>

...r Healthcare]] on this wiki lists other uses states might have for the mDL standard format. Notice in a case like this is difficult as the standard does not even require the mDL reader from reporting the name of the entity

...appear to have working systems in place prior to the completion of the ISO standard.

...r Healthcare]] on this wiki lists other uses states might have for the mDL standard format. ...n is performed algorithmically without the presence of an attendant. Draft standard 18013–5 sets forth requirements specifically for attended verification, b

[[Category: Standard]]

...tly what they intend to do. This is where the Privacy Notice comes in. The standard for this is ISO/IEC 29184, of which I was a project leader. ...to produce different implementations that do not connect each other from a standard. In the case of Open Banking in the UK, it often took weeks for a bank to c