Usable Best Practice A

From IDESG Wiki
Jump to: navigation, search

<< Back to Baseline Functional Requirements Index

USABLE-BP-A. RECOMMENDED ATTRIBUTE REQUIREMENTS QUERY

Entities conducting digital identity management functions SHOULD offer persistent opportunities for USERS to document and communicate their unique requirements about their attributes and how they are used. Entities SHOULD provide good-faith responses to those communications about requirements, before the USER is asked to agree to share their attributes.

SUPPLEMENTAL GUIDANCE

As a general principle, consent choices or other similar must-see-this-first information should be exchanged in a first encounter, and then honored in and presented in a consistent manner thereafter.

Suggested ways for User Experience mitigation include pop-up boxes or email responses to requests. Links to information for additional use and adequate time to read should be included in the process for users.

Entities should state clearly in an easy to find manner to users whether identity information is being used.

Special attention should be paid to the unique dynamics and vulnerabilities for users around attribute exchanges, particularly toward transparency of communications.

See the related user-requests gathering processes described in USABLE-7 (USER REQUESTS).

Use Cases

The committee has started to collect use cases for this section. Please contribute to the Use Cases on the Discussion tab above.

APPLIES TO ACTIVITIES

REGISTRATION, CREDENTIALING, AUTHENTICATION, AUTHORIZATION

KEYWORDS

ACCOMMODATION, ATTRIBUTE, CHOICE, CONSENT, MINIMIZATION, USABILITY


Quick Links: SALS | Baseline Functional Requirements v1.0 | Glossary |