Identity Proofing Use Case
- 1 Add a Comment
- 2 Use Case Metadata
- 3 Use Case Content
- 4 NSTIC Guiding Principles Considerations
- 5 Domain Expert Working Group Considerations
- 6 Derived Requirements
Add a Comment
To add a comment, you will need to be logged on to the wiki. If you are logged on, click the button below to add a comment. The comment will be appended to the Discussion page for disposition by the reviewer.
Use Case Metadata
Use Case Lifecycle Status
|Contributed||Working Draft||Committee Review||Compilation||Approval||Publication|
|This use case has been approved in version 1.2. This page may have been updated since the 1.2 document was approved.|
Use Case Category
Standards Committee Use Cases Ad Hoc Group
Use Case Content
Use Case Description
Identity Proofing is the process by which a Credential Service Provider (CSP) and a Registration Authority (RA) collect and verify information about a person for the purpose of issuing credentials to that person. This verification can be in-person or remote.
- Credential Service Provider.
- Registration Authority.
- Applicant (user).
- There is verifiable information about Applicant that Registration Authority can validate.
- Registration Authority has access to authoritative sources of attribute verification.
- Applicant presents an identity claim to the Registration Authority. This identity claim consists of a set of attributes that Applicant asserts belong to them. These attributes can include legal name, date of birth, address of record, etc. During in person identity proofing, evidence can consist of documents that support the identity claim. During remote identity proofing, evidence is supplied by the applicant to substantiate that the claimed identity belongs to the Applicant.
- Registration Authority validates the claimed identity by checking the attribute claims against authoritative sources of attribute information.
Identity Proofing completes successfully when the Registration Authority accepts or rejects the applicant’s identity claim.
- Applicant does not have address of record.
- Applicant cannot supply verifiable attributes.
- Registration Authority’s verification processes fails.