NIEF ICAM Privacy Profile for IDPOs, v1.0

Profile of ICAM privacy requirements from the NIEF Privacy Policy, version 2.0 that apply to Identity Provider Organizations (IDPOs).
Identifier https://trustmark.nief.org/tpat/tips/nief-icam-privacy-profile-for-idpos/1.0/
Publication Date 2021-08-27
Issuing Organization
NIEF Support help@nief.org No telephone No Mailing Address
Keywords There are no keywords.
Legal Notice This artifact is published by the National Identity Exchange Federation (NIEF). This artifact and the information contained herein is provided on an "AS IS" basis, and NIEF disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, NIEF disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein.
Loading...

Trust Expression:

TD_ICAMPrivacyRunTimeOptInforFederatedICAMTransactions and TD_ICAMPrivacyRunTimeSelectiveOptOutofAttributeSharing and TD_ICAMPrivacyMinimalICAMAttributeRelease and TD_ICAMPrivacyLimitationonUseofEndUserICAMActivityData and TD_ICAMPrivacyLimitationonDisclosureofEndUserICAMActivityData and TD_ICAMPrivacyAdequateNoticeofFederatedAuthentication and TD_ICAMPrivacyTerminationofICAMServices

References (7)

 TD  ICAM Privacy - Run-Time Opt-In for Federated ICAM Transactions, v1.0
Description Defines privacy requirements related to run-time opt-in by end-users for Federated ICAM transactions.
ID TD_ICAMPrivacyRunTimeOptInforFederatedICAMTransactions
Provider Reference
 TD  ICAM Privacy - Run-Time Selective Opt-Out of Attribute Sharing, v1.0
Description Defines privacy requirements related to run-time selective opt-out by end-users for attribute sharing during Federated ICAM transactions.
ID TD_ICAMPrivacyRunTimeSelectiveOptOutofAttributeSharing
Provider Reference
 TD  ICAM Privacy - Minimal ICAM Attribute Release, v1.0
Description Defines privacy requirements for Federated ICAM transactions, related to minimal release of ICAM attributes about end-users.
ID TD_ICAMPrivacyMinimalICAMAttributeRelease
Provider Reference
 TD  ICAM Privacy - Limitation on Use of End User ICAM Activity Data, v1.0
Description Defines privacy requirements related to limitations on the use of end-user ICAM activity data.
ID TD_ICAMPrivacyLimitationonUseofEndUserICAMActivityData
Provider Reference
 TD  ICAM Privacy - Limitation on Disclosure of End User ICAM Activity Data, v1.0
Description Defines privacy requirements related to limitations on the disclosure of end-user ICAM activity data to third-parties.
ID TD_ICAMPrivacyLimitationonDisclosureofEndUserICAMActivityData
Provider Reference
 TD  ICAM Privacy - Adequate Notice of Federated Authentication, v1.0
Description Defines privacy requirements related to adequate notice to end-users for federated authentication events.
ID TD_ICAMPrivacyAdequateNoticeofFederatedAuthentication
Provider Reference
 TD  ICAM Privacy - Termination of ICAM Services, v1.0
Description Defines privacy requirements related to the termination of and end-user's ICAM services by an organization.
ID TD_ICAMPrivacyTerminationofICAMServices
Provider Reference

Terms (7)

Term Name Abbreviations Definition
Credential Service Provider CSP An equivalent term for an Identity Provider Organization (IDPO).
Federated Identity, Credential, and Access Management Federated ICAM Describes activities involving the reuse of previously issued local credentials, such that end-users can use those locally issued credentials to access remote resources through a federated "Single Sign-On" (SSO) protocol.
ICAM Attribute A piece of data about an end-user that can be transmitted from one system to another, for the purpose of enabling the receiving system to make access control decisions and take other actions (e.g., audit logging) related to that end-user.
Identity Provider Organization IDPO An organization that vets individuals, collects attributes about these individuals, and maintains those attributes in an accurate manner. An IDPO typically operates one or more Identity Provider (IDP) systems that support a Single Sign-On (SSO) protocol such as the Security Assertion Markup Language (SAML) or OpenID Connect (OIDC). An IDPO is also sometimes called a Credential Service Provider (CSP).
Identity, Credential, and Access Management ICAM Describes acitivites related to identify-proofing end-users, issuing authentication credentials to end-users, lifecycle-managing the issued credentials, and using the issued credentials as part of a strategy whereby end-users' access to sensitive resources is controlled in accordance with applicable policies.
Personally Identifiable Information PII Information which can be used to distinguish or trace an individual's identity, such as their name, social security number, biometric records, etc. alone, or when combined with other personal or identifying information which is linked or linkable to a specific individual, such as date and place of birth, mother's maiden name, etc.
Service Provider Organization SPO An organization that manages one or more sensitive data resources or applications, and offers access to those resources or applications for federated users from partner organizations, subject to applicable access controls. An SPO typically operates one or more Service Provider (SP) systems that support a Single Sign-On (SSO) protocol such as the Security Assertion Markup Language (SAML) or OpenID Connect (OIDC).
Also available as XML or JSON