Interop Req 4
<< Back to Baseline Functional Requirements Index
INTEROP-4. STANDARDIZED DATA EXCHANGES
This Requirement is that entities must use public open STANDARDS when conducting data interface and exchange transactions with THIRD-PARTIES. It does not require that entities must be capable to use all interface STANDARDS, but must be capable of using at least one. Sufficient options exist among nonproprietary published methods today.
This Requirement addresses transmission and exchange data protocols, reliable messaging, and database/repository/registry transactions, within which entities may offer, seek and obtain identity data. Please note, however, that this Requirement does not address formats or expressions for the identity data itself (which are addressed by INTEROP-2 (THIRD-PARTY CREDENTIALS) and INTEROP-3 (STANDARDIZED CREDENTIALS)), nor transport or protective methods and protocols (which are addressed separately in the IDESG Security Requirements SECURE-1 through SECURE-15)).
Regarding "digital identity management functions", see Appendix A.
Reference for open standards: OMB Circular A-119: Federal Participation in the Development and Use of Voluntary Consensus Standards and in Conformity Assessment Activities, https://www.whitehouse.gov/omb/circulars_a119
Reference for roles, functions, and operations, IDESG Functional Model, https://workspace.idesg.org/kws/public/download.php/53/IDEF-Functional-Model-v1.0.pdf
Reference examples for interface and exchange protocols:
- SAML 2.0, http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
- XACML 3.0, http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.html
- OAuth 2., http://tools.ietf.org/html/rfc6749.