About
ID Ecosystem Steering Group
How to Use the Registry
Invitation to Apply
Identity Ecosystem Service Providers (Service Providers) are encouraged to use the Baseline Requirements as guidance for the competencies necessary for full participation in a safer online Identity Ecosystem. Service Providers who voluntarily participate in the IDEF Registry assist IDESG by sharing information about the feasibility and status of industry adoption of NSTIC’s goals.
IDESG recognizes variations among Service Provider organizations and operations and offers these options to provide flexibility and choice in the self-assessment and reporting process for the Service they are providing. The IDESG IDEF Registry accommodates self-reports from Service Providers at any level of progress in implementing the Baseline Requirements.
HOW A SCORE IS CALCULATED
What is Included in the Score
A Service’s total score is based on the number of Baseline Requirements assessed and the answer for each which is given a number of points. The overall points are added up and divided by the total possible points to create a percentage. This calculation is also done for each of the principle areas – Privacy, Security, Interoperability, and Usability based on the requirements that cover each area.
There are currently 45 Baseline Requirements that make up the Identity Ecosystem Framework (IDEF) – 15 for Privacy, 15 for Security, 8 for Interoperability and 7 for Usability. Each requirement applies to one or more Core Operations – Registration, Authentication, Credentialing, Authorization, Transaction Intermediation; and one or more Roles performed in online transactions – Relying Parties or Identity Providers including Attribute Providers, Intermediaries, and Credential Service Providers.
Requirements that are not relevant to the specific service being assessed are not counted against the total score. At the beginning of the Registry Form, the applicable Core Operations and Roles are selected so that only the related requirements, as determined by IDESG, are available to be assessed. During the assessment, it may be determined by the Registrant that a requirement is not relevant for a particular service and can be marked Not Applicable and won’t be counted in the score calculations.
What is included in the score is all applicable requirements, those that 1) apply to the Core Operations and Roles of the service, and 2) are determined to apply to the specific service by the Registrant.
Score Details
Each requirement status is given a set number of points. The points are added up and divided by the total possible points, to create a percentage. We show an overall score as well as a score for each of the four principle areas as outlined in the NSTIC Principles – Privacy, Security, Interoperability, and Usability. In the score details view (coming soon) you can also view the score for each of these four areas which is based on the number of relevant requirements answered and the points for each of those answers.
Points for each Status
- Fully Implemented = 100 points
- Implementation Underway = 75 points
- Under Consideration = 50 points
- Not Under Consideration = 0 points
- Not Applicable = N/A – Not included in the total score calculation
Percentage and Associated Color
- 100 – 91%
- 90 – 81%
- 80 – 71%
- 70 – 41%
- 40 – 0%
Totals possible points:
- Privacy – 15 requirements, 1500 total points possible
- Security – 15 requirements, 1500 total points possible
- Interoperability – 8 requirements, 800 total points possible
- Usability – 7 requirements, 700 total points possible
- TOTAL – 45 requirements, 4500 total points possible
Examples Score
SCORE
SCORE DETAIL
OVERALL SCORE: 100%
Total 4500 out of a possible 4500 points*
PRIVACY SCORE: 100%
1500 out of a possible 1500 points*
15 Fully Implemented = 1500 points
0 Implementation Underway = 0 points
0 Under Consideration = 0 points
0 Not Under Consideration = 0 points
0 Not Applicable = n/a
1500 out of a possible 1500 points*
15 Fully Implemented = 1500 points
0 Implementation Underway = 0 points
0 Under Consideration = 0 points
0 Not Under Consideration = 0 points
0 Not Applicable = n/a
SECURITY SCORE: 100%
1500 out of a possible 1500 points*
15 Fully Implemented = 1500 points
0 Implementation Underway = 0 points
0 Under Consideration = 0 points
0 Not Under Consideration = 0 points
0 Not Applicable = n/a
1500 out of a possible 1500 points*
15 Fully Implemented = 1500 points
0 Implementation Underway = 0 points
0 Under Consideration = 0 points
0 Not Under Consideration = 0 points
0 Not Applicable = n/a
USABILITY SCORE: 100%
700 out of a possible 700 points*
7 Fully Implemented = 700 points
0 Implementation Underway = 0 points
0 Under Consideration = 0 points
0 Not Under Consideration = 0 points
0 Not Applicable = n/a
700 out of a possible 700 points*
7 Fully Implemented = 700 points
0 Implementation Underway = 0 points
0 Under Consideration = 0 points
0 Not Under Consideration = 0 points
0 Not Applicable = n/a
INTEROPERABILITY SCORE: 100%
800 out of a possible 800 points*
8 Fully Implemented = 800 points
0 Implementation Underway = 0 points
0 Under Consideration = 0 points
0 Not Under Consideration = 0 points
0 Not Applicable = n/a
800 out of a possible 800 points*
8 Fully Implemented = 800 points
0 Implementation Underway = 0 points
0 Under Consideration = 0 points
0 Not Under Consideration = 0 points
0 Not Applicable = n/a
* A note about the Total Possible Points: Requirements determined by IDESG as Not Applicable to the Core Operations and Roles that are selected by the Registrant in Part 2 of the form, or were determined to be Not Applicable by the Registrant in Part 3 of the form, are not included in the total possible points calculation.
Another Example:
SCORE
SCORE DETAIL
OVERALL SCORE: 80%
Total 3450 out of a possible 4100 points*
PRIVACY SCORE: 82%
1150 out of a possible 1400 points*
8 Fully Implemented = 800 points
2 Implementation Underway = 150 points
4 Under Consideration = 200 points
0 Not Under Consideration = 0 points
1 Not Applicable = n/a
1150 out of a possible 1400 points*
8 Fully Implemented = 800 points
2 Implementation Underway = 150 points
4 Under Consideration = 200 points
0 Not Under Consideration = 0 points
1 Not Applicable = n/a
SECURITY SCORE: 100%
1200 out of a possible 1200 points*
12 Fully Implemented = 1200 points
0 Implementation Underway = 0 points
0 Under Consideration = 0 points
0 Not Under Consideration = 0 points
3 Not Applicable = n/a
1200 out of a possible 1200 points*
12 Fully Implemented = 1200 points
0 Implementation Underway = 0 points
0 Under Consideration = 0 points
0 Not Under Consideration = 0 points
3 Not Applicable = n/a
USABILITY SCORE: 50%
350 out of a possible 700 points*
0 Fully Implemented = 700 points
0 Implementation Underway = 0 points
7 Under Consideration = 350 points
0 Not Under Consideration = 0 points
0 Not Applicable = n/a
350 out of a possible 700 points*
0 Fully Implemented = 700 points
0 Implementation Underway = 0 points
7 Under Consideration = 350 points
0 Not Under Consideration = 0 points
0 Not Applicable = n/a
INTEROPERABILITY SCORE: 88%
750 out of a possible 800 points*
6 Fully Implemented = 600 points
2 Implementation Underway = 150 points
0 Under Consideration = 0 points
0 Not Under Consideration = 0 points
0 Not Applicable = n/a
750 out of a possible 800 points*
6 Fully Implemented = 600 points
2 Implementation Underway = 150 points
0 Under Consideration = 0 points
0 Not Under Consideration = 0 points
0 Not Applicable = n/a
* A note about the Total Possible Points: Requirements determined by IDESG as Not Applicable to the Core Operations and Roles that are selected by the Registrant in Part 2 of the form, or were determined to be Not Applicable by the Registrant in Part 3 of the form, are not included in the total possible points calculation.