Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • The relying party should only request the data that is required for the transaction.
  • The user must have an assurance that they are releasing their data to the intended relying party behind the identity reader.  Essentially, the terminal should be under the relying party's control
  • The value of the intent to retain flag must match the use of the data received and should be consistent with their identity privacy policy.
  • The relying party must maintain an identity specific data use policy that clearly indicates what dat is being requested, and why it's being requested.  This identity data use policy should include why it's being stored and for how long it will be stored.
  • The relying party must adhere to the ISO18013-5 mDL standard in order to properly interface with the mobile devices.
  • If the relying party can satisfy the use case transaction requirements via the device retrieval method outlined in ISO18013-5, the relying party should use the device retrieval method in order to request the data that is required for the transaction.







FIC Recommendations:  Relying Party Handling of Transaction Data  

...