Privacy Req 10

From IDESG Wiki
Jump to navigation Jump to search

<< Back to Baseline Functional Requirements Index

PRIVACY-10. USER OPTION TO DECLINE

USERS MUST have the opportunity to decline registration; decline credential provisioning; decline the presentation of their credentials; and decline release of their attributes or claims.

SUPPLEMENTAL GUIDANCE

Regarding "personal information", see Appendix A, and PRIVACY-1 (DATA MINIMIZATION).

Although an entity's digital identity management functions and transactions should provide an opportunity to the USER to decline to provide personal information or consent to its use, that decision may appropriately result in the partial or complete failure of the entity's intended transaction. (See USABLE-4 (NAVIGATION), USABLE-5 (ACCESSIBILITY) and USABLE-6 (USABILITY FEEDBACK).)

REFERENCES

Further reference materials to aid organizations interested in conforming to these Requirements can be found at the wiki page Supplemental Privacy Guidance; this has been archived at https://workspace.idesg.org/kws/public/download.php/56/Supplemental-Privacy-Guidance.docx

APPLIES TO ACTIVITIES

REGISTRATION, CREDENTIALING, AUTHENTICATION, AUTHORIZATION

KEYWORDS

CHOICE, CONSENT, PRIVACY

APPLIES TO ROLES

1 - RELYING PARTIES
2 - IDENTITY PROVIDERS
3 - Attribute Providers
4 – Intermediaries
5 - Credential Service Providers (where there is user interaction)



Quick Links: SALS | Baseline Functional Requirements v1.0 | Glossary |