IDEF Knowledge Base |
Contact

IDEF Registry

Future.Proof.Positive

IDEF Knowledge Base

IDEF Baseline Functional Requirements v1.1

Table of Contents: IDEF Baseline Functional Requirements v1.1

Below is the list of the titles of each of the Requirements and Best Practices comprising the IDEF Baseline Functional Requirements v1.1. Each title on this page provides a link to a separate page on this website (wiki) containing the text of the item.

Additional commentary and supplemental material is in development and will be linked to each requirement page. In the requirement text: (a) Short titles for each item are included for indexing and ease of reading, but are not considered normative. (b) Certain words are CAPITALIZED for ease of review and identifying specific roles, but that capitalization is not considered normative.

A formal printed version of these same Requirements as approved, with IDESG logos, can be downloaded from:  IDEF-Baseline-Requirement-v1.0-with-Supplemental-Guidance-FINAL-10152015

Scope

The National Strategy for Trusted Identities in Cyberspace (NSTIC) envisions widespread, trusted identity exchanges using federated methods that are secure, interoperable, privacy-enhancing and easy to use.  Realization of that vision will require companies, agencies and individuals to perform at a new level.  The Requirements are our first step towards that goal, by describing a set of functions that parties must be able to fulfill, and a set of criteria for assessing those capabilities.

The Requirements are an informed step forward in privacy, security, interoperability and usability based on the work of the IDESG’s diverse membership of practitioners expert in their respective fields.

Identity Ecosystem stakeholders can use the Requirements to identify and measure capabilities and services today and identify others to implement.  IDESG‘s Identity Ecosystem Framework (IDEF) includes guidance, listing and self-reporting facilities, in its IDEF Registry.  The IDEF Registry supports reporting by identity service providers of their self-assessments.  IDESG plans include an option to expand this program to also accommodate third-party certification, based on execution of the initial listing and IDESG’s outreach, activities and stakeholder input.

Interpretation

IDESG has approved and provided a Glossary of Terms for the IDEF program, and a list of certain definitions, linked below. Defined terms that are used in these Requirements are hyperlinked, in the Requirement text displayed in this wiki, to the relevant definitions.

Requirements

Privacy

PRIVACY-1. DATA MINIMIZATION
PRIVACY-2. PURPOSE LIMITATION
PRIVACY-3. ATTRIBUTE MINIMIZATION
PRIVACY-4. CREDENTIAL LIMITATION
PRIVACY-5. DATA AGGREGATION RISK
PRIVACY-6. USAGE NOTICE
PRIVACY-7. USER DATA CONTROL
PRIVACY-8. THIRD-PARTY LIMITATIONS
PRIVACY-9. USER NOTICE OF CHANGES
PRIVACY-10. USER OPTION TO DECLINE
PRIVACY-11. OPTIONAL INFORMATION
PRIVACY-12. ANONYMITY
PRIVACY-13. CONTROLS PROPORTIONATE TO RISK
PRIVACY-14. DATA RETENTION AND DISPOSAL
PRIVACY-15. ATTRIBUTE SEGREGATION

Security

SECURE-1. SECURITY PRACTICES
SECURE-2. DATA INTEGRITY
SECURE-3. CREDENTIAL REPRODUCTION
SECURE-4. CREDENTIAL PROTECTION
SECURE-5. CREDENTIAL ISSUANCE
SECURE-6. CREDENTIAL UNIQUENESS
SECURE-7. TOKEN CONTROL
SECURE-8. MULTIFACTOR AUTHENTICATION
SECURE-9. AUTHENTICATION RISK ASSESSMENT
SECURE-10. UPTIME
SECURE-11. KEY MANAGEMENT
SECURE-12. RECOVERY AND REISSUANCE
SECURE-13. REVOCATION
SECURE-14. SECURITY LOGS
SECURE-15. SECURITY AUDITS

Interoperability

INTEROP-1. THIRD PARTY AUTHENTICATION
INTEROP-2. THIRD PARTY CREDENTIALS
INTEROP-3. STANDARDIZED CREDENTIALS
INTEROP-4. STANDARDIZED DATA EXCHANGES
INTEROP-5. DOCUMENTED PROCESSES
INTEROP-6. THIRD-PARTY COMPLIANCE
INTEROP-7. USER REDRESS
INTEROP-8. ACCOUNTABILITY

Usability

USABLE-1. USABILITY PRACTICES
USABLE-2. USABILITY ASSESSMENT
USABLE-3. PLAIN LANGUAGE
USABLE-4. NAVIGATION
USABLE-5. ACCESSIBILITY
USABLE-6. USABILITY FEEDBACK
USABLE-7. USER REQUIREMENTS

Best Practices and Potential Future Requirements

Defined Terms