Talk:PIV-I Enrollment for Educational Institutions Use Case

From IDESG Wiki
Jump to: navigation, search

(TCJ) - The statement "The card would establish a person’s electronic credentials" is not exactly correct as the CA is the actor that established a person's creds. I think you mean "The card is a protected store of a person’s electronic credentials"

(ss) While I understand that this is a high level Use Case I have the following questions: Is one vendor providing all of the steps: · Bind intrinsic or extrinsic attribute to an identity, · Authenticate person, · Authenticate website, · Authenticate device, · Authenticate organization, · Remote high value transactions, · Verify attribute binding? If not what is the relationship between them. Use Case:What kind of educational institution is it and what is the relationship between the educational institution and the enrollee? How are the elements of the contractual agreement between the Educational Institution and the enrollee disclosed? Is there informed consent? To what standard? How is the person’s identity established? I have many more questions of this type but since this is a very high level use case I will leave off this kind of question here. Goals: What are the immediate and potential benefits to the enrollee? To the Educational Institution? Without knowing the intended benefits, the value proposition cannot be determined by the enrollee? Is Tim’s privacy protected or can the actors in the use case aggregate, buy, sell, the enrollees’ information? What is the certification standard for the Education Institution or the PIV-I issuer? How is liability administered? How can it be enforced? If the enrollee pays tuition to the Educational Institution is there any conflict of interest in providing the fee based service to the same student? How old is the student? What training and safeguards are in place for the Education Institution’s representative that scans and transmits finger prints and photographs? What is the“fulfillment house” and what is the relationship between the Educational Institution and the fulfillment house?

(TCJ) The following definition is not clear to me. I think you are using the term claim incorrectly, but I can't tell from this what you mean. Also there seems to be confusion between credential and claim. Maybe we should talk. ..tom jones Claimant who desires to assert a claim against the electronic credential

Domain Specific Comments

Security Review

Security related comments.

Legal and Contracts Review

Legal and contracts related comments.

Privacy Review

Privacy related comments.

User experience

User experience related comments.

Economic Inclusion

Economic inclusion comments.

High Level Use Case Questions

The following are high level questions that reviewers have been asked to consider. Reviewers are encouraged to add their answers in the section below each question.

Why do you think a solution to this use case would create positive public attention?

List responses here.

How do you think this use case could be user to influence other IDESG work products?

List responses here.

Is there another use case (not on the list) that you believe would be a better choice? If so, please describe it.

List responses here.

Suggest ways that this use case could be improved.

List responses here.

Other observations about the use case

List responses here.