identity

International standards to consider when designing an identity system

Nat 2011-05-31 No Comments

That's a pretty big title, but of course there's no way I could make a comprehensive list, so I'll just jot down what comes to mind as a starting point. If you have any other ideas, please feel free to add them in the comments section.

◎ International Covenant on Civil and Political Rights and UN Human Rights Committee (ICCPR)

These TermsArticle 16 of the Privacy Act states that “Everyone shall have the right to recognition everywhere as a person before the law.” This “everywhere” should be extended to include digital identity.

◎Privacy Guidelines

OECD's "Guidelines on Privacy Protection and Cross-Border Flows of Personal Information"has compiled guidelines regarding the free flow of personal information domestically and internationally and its restrictions.

◎Machine Readable Travel Document, MRTD)

Regarding identity documents, Japan seems to have its own specifications, except for passports. The International Civil Aviation Organization (ICAO) defines visually and machine-readable documents (passports, visas, etc.). If Japan considers such documents in the future, it may be a good idea to consider adopting ICAO specifications.

◎ISO Standards

Efforts to align with ISO standards for international compatibility and WTO government procurement standards will be important.

  • ISO/IEC 29100 Privacy Framework (FDIS vote)
  • ISO/IEC 29101 Privacy Reference Architecture (CD3 vote)
  • ISO/IEC 29115 Entity Authentication Assurance Framework (CD3 voting)
  • ISO/IEC 24760 A framework for identity management Part 1: Terminology and Concepts (FDIS voting)
  • ISO/IEC 24760 A framework for identity management Part 2: Reference framework and requirements (WD1 comment)
  • ISO/IEC 24760 A framework for identity management Part 3: Practice (WD1 comment)
  • ISO/IEC 29146 A framework for access management (WD5 comments)
  • ISO/IEC 29190 Privacy Capability Assessment Model (WD2 Comments)
  • ISO/IEC 29191 Requirements for partially anonymous, partially unlinkable authentication (CD2 vote)

In addition, related ITU-T standards that have not yet been adopted by ISO include:

  • X.OITF Open Identity Trust Framework

This will likely be brought to ISO after some discussion at ITU-T.

FIPPs: Fair Information Practice Principles

1. Transparency
2. Individual Participation
3. Purpose Specification
4. Data Minimization
5. Use Limitation
6. Data Quality and Integrity
7. Security
8. Accountability and Auditing

First of all, that's all for now...

 

Leave a comment

This site uses Akismet to reduce spam.For details of how to process comment data, please click here.