Interop Req 5

From IDESG Wiki
Revision as of 04:01, 28 June 2018 by Omaerz (Talk | contribs) (15 revisions imported: Initial Upload of old pages from IDESG Wiki)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

<< Back to Baseline Functional Requirements Index

INTEROP-5. DOCUMENTED PROCESSES

Entities MUST employ documented business policies and processes in conducting their digital identity management functions, including internally and in transactions between entities.

SUPPLEMENTAL GUIDANCE

This Requirement is that entities shall document business policies and procedures that are employed for identity management functions related to the transmission, receipt, and acceptance of data between systems. Having documented procedures is a necessary prerequisite for transparency and accountability, quality control, auditability, and ease of interoperability among federated communities.

However, this Requirement does not mandate adoption of any specific policies and procedures, or any specific systematic approaches to procedures. Rather, the entity making this assertion should simply affirm that it does maintain such documents in writing, and can make them available as described. The obligation for policies to be transparent to USERS in this context includes prospective users such as eligible applicants.

Regarding "digital identity management functions", see Appendix A.

REFERENCES

Reference examples for requirements that entities maintain written policies and procedures generally:

Reference example of a federation's published policies, see: https://www.incommon.org/policies.html

APPLIES TO ACTIVITIES

REGISTRATION, CREDENTIALING, AUTHENTICATION, AUTHORIZATION, INTERMEDIATION

KEYWORDS

NOTICE, INTEROPERABILITY, POLICIES, PROCESS, TRANSACTION



Quick Links: SALS | Baseline Functional Requirements v1.0 | Glossary |