Privacy Req 3 Supplemental Guidance
Error creating thumbnail: File missing |
This article is under construction and should not be considered complete.
Last modified by Omaerz |
<< Back to Privacy Requirement 3
These links are provided as additional informative resources relevant to parties conducting self-assessments (and other identity stakeholders) when applying and evaluating IDEF Baseline Requirement PRIVACY-3.
Supplemental Information
IDENTITY-PROVIDERS (and any other entities releasing attributes MUST provide the opportunity for attributes to be released as claims as well as detailed attributes; see also PRIVACY-1 on granularity of requests to support data minimization by requesters, generally.
Attribute providers may be required by their own business processes to collect and store, although not necessarily transmit, attributes in their attribute form, in which case significant alteration or filtering may be required when that data is re-used or transmitted to others.
References and Guidance (non-normative)
- NIST SP 800-162: Attribute Based Access Control Definition and Considerations (2014), pages 26, 28, 31: http://csrc.nist.gov/publications/nistpubs/800-162/sp800_162_pre-publication.pdf