04_V_AC Contextually appropriate Verifier Identification
Statement: Verifiers shall identify themselves to the user with enough detail to provide confidence in the transaction.
Review Meeting(s): 2022-07-06 Meeting notes
Status: Candidate
Contextual appropriate Verifier Identification | |
---|---|
Statement (Single phrase or sentence) | Verifiers shall identify themselves to the Holder with enough detail in the context of the transaction to help the Holder to make a decision to proceed with the transaction. |
Description | In order for the Holder to proceed with a transaction, the first step is that the Verifiers should identify themselves in context. A context might be admission to a stadium. Another context might be a medical office. The Holder can verify that they are in the stadium or the doctor’s office themselves and the Holder Agent should be able to validate that. |
Scope (applies to) | Part A: Verifiers Part B: Issuers Part C: Providers |
Select the Primary Consideration | CC (Consent and Choice) PL (Purpose legitimacy and specification) CL (Collection limitation) DM (Data minimization) UR (Use, retention, and disclosure limitation) AQ (Accuracy and quality) OT (Openness, transparency, and access) IA (Individual access & participation) AC (Accountability) IS (Information Security) PS (Privacy compliance) |
Reference | 04_V_AC |
Other considerations | CC (Consent and Choice) PL (Purpose legitimacy and specification) CL (Collection limitation) DM (Data minimization) UR (Use, retention, and disclosure limitation) AQ (Accuracy and quality) OT (Openness, transparency, and access) IA (Individual access & participation) AC (Accountability) IS (Information Security) PS (Privacy compliance) |
Related Requirements | |
Explanatory Notes (Text or Link) | @Tom Jones to add some details about what context means One in person context might be an office where the …. Verifiers must share a form of identification (e.g. certificate) with a provider during a presentation so that a user can reliably identify the requesting party. The form of identification should be unique to the verifier and challenging to fake, such that the provider should have high confidence in the identity of the verifier. Verifiers should provide levels of assurance about their identity based on the operational context. @Tom Jones reminds us that provider is an inappropriate term and that we had talked about using 'platform'
Level of Assurance for Vefifier needed: @PeterD (Deactivated) Do we need any suggestions? @Christopher Williams i.e. leave the specification generic Discussion:
To be continued
|