Access Age Restricted Content Use Case

From IDESG Wiki
Jump to: navigation, search

Add a Comment

To add a comment, you will need to be logged on to the wiki. If you are logged on, click the button below to add a comment. The comment will be appended to the Discussion page for disposition by the reviewer. <inputbox> type=comment editintro=Comment_Instructions preload=Comment_Preload buttonlabel=Post a Comment on the Discussion Page default=Talk:Access Age Restricted Content Use Case hidden=yes </inputbox>

Use Case Metadata


Access Age Restricted Content Use Case


Use Case Lifecycle Status

Contributed Working Draft Committee Review Compilation Approval Publication
This use case has been approved in version 1.2. This page may have been updated since the 1.2 document was approved.


Nym Issues Group and Use Case AHG

Use Case Content

Use Case Description

Enable individuals to prove that the are within a certain age range without disclosing their identity. This could be to support COPPA safe harbor provisions by verifying minority status without identification, or to enable adults to access mature content with privacy.


  • Subscriber is a human wishing to access a service with age restrictions without revealing their identity.
  • Relying Party needs to provide access only to individuals within a specified age range.
  • Attribute Provider provides an age verification service.

Goals / User Stories

  • Enable individuals to prove that the are within a certain age range without disclosing their identity.
  • No identity information about adult must be verifiable but age.


  • Individuals/subscriber do not have a credential.
  • Attribute Provider may be a credential issuer.
  • Individuals are willing to share identity information with Attribute Provider in order to obtain anonymous age verified access to Relying party.
  • During enrollment, Subscriber undergoes Identity Proofing that includes verification of their Date of Birth.

Process Flow

Proof of Age Process Flow

  1. Subscriber registers with Attribute Provider
  2. Attribute Provider creates a claim that satisfies the relying party but does not include the birth date.

Verification of Age Process Flow

  1. Subscriber attempts to access age-restricted content on the Relying Party.
  2. Service provider discovers the attribute provider by either:

a. Subscriber informs Service Accept. 2. Service provider discovers the attribute provider by either:

   a.Subscriber informs Service Provider of Attribute Provider, or 
   b.Service Provider queries for Attribute Provider that can verify Subsrciber.
  1. Relying Party requests a claim from the Attribute Provider of the required age range.
  2. Subscriber proves to attribute provider that it owns the birth date information in the AP.
  3. Attribute Provider locates Subscriber’s Date of Birth and calculates whether Subscriber is in the required age range.
  4. Attribute Provider provides a claim to Relying Party with confirmation or denial that the Subscriber falls in the required age range.

Success Scenario

The use case is successful when the Relying Party can verify whether Subscribers are in the specified age range.

Failure Scenario

  • Relying Party is unable to find an Attribute Provider to vouch for the Subscriber’s age.

Error Conditions

  • Wrong requirement is sent or the wrong attribute is sent.


Related to Identity Proofing Use Case, Verify Identity Claim Use Case

References and Citations

NSTIC Strategy (p. 2, p. 11, p. 23, p. 38) Children’s Online Privacy Protection Act (COPPA)

NSTIC Guiding Principles Considerations

Privacy Considerations

Security Considerations

User Experience/Usability Considerations

Interoperability Considerations

Domain Expert Working Group Considerations


Health Care

Derived Requirements