...
The purpose of this document (Code of Conduct for Relying Parties) is to give supporting guidance to the controlling documents of the Identity Assurance Framework, as developed by the Kantara Initiative, Inc. In certain contexts or domains involving Attribute Providers, it could be extended and modified for use as well.
The document is not intended to be a complete set of requirements for good behaviour of Relying Parties that might span the full extent of an organization's policies, processes and procedures. To do so would have the negative effect of duplicating much of that existing work. This document does indicate the range of topics that would typically address aspects of such a code of conduct.
A complete Code of Conduct for Relying Parties might include Sections for ...A) Data Protection, B) Admin, Record Keeping and Process, C) Audit and Compliance, D) Exit and Off Boarding E) Marketing, plus other aspects applicable to a given context or domain to make it comprehensive .
Assumptions
This Code of Conduct for Relying Parties assumes (1) a set of agreed definitions/terminlogyterminology, (2) Scope and specification of the Replying Party activities, (3) a legal contract in force to make all obligations clear for interpretation, (4) that a federated trust framework is operating, (5) that a quality ISMS is operating in the RP/AP environments..
A typical template As explained above, this Code of Conduct assumes a comprehensive document that additionally whose Table of Contents might include:
...