ISO IEC TS 29003:2018 pdf free.Information technology一Security techniques一Identity proofing.
4.4.2 Authoritative evidence
A subject can use various identifying attributes to create identities in different contexts. For each identifying attribute, there can be authoritative evidence available. That is evidence recognized as the point of truth for the identifying attribute, often characterized as being the very first instance of identity establishment (i.e. the first identity proofing the person is the subject of) and/or controlled by legislation.Examples of national authoritative evidence are given in A11.
4.4.3 Corroborative evidence
Where the proofing party does not have access to authoritative evidence for an identifying attribute (or does not need to for the LoIP desired), the residual risk may be mitigated by verifying against corroborative evidence. Where corroborative evidence stores identifying attributes from authoritative evidence, the attributes are not recognized as authoritative. Examples of national corroborative evidence are given in A.1.
4.5 Actors
4.5.1 General
Checking the evidence of identity involves relationships between subject, proofing party and potentially a verifier. Evidence of identity performs a role in this process.
4.5.2 Subject
The subject or other applicant applies for the subject to undergo identity proofing by the proofing party. An application may be made by either the subject of the application or a person acting on their behalf. Identity proofing is carried out on the subject by the proofing party.
4.5.3 Proofing party
A proofing party establishes the validity of the claimed identifying attributes of the subject in accordance with the LoIP required. Identity information verification is performed against evidence of identity for each identifying attribute.
The proofing party chooses to:
— examine evidence of identity, which contains identifying attributes and, for each attribute, determines whether to accept the attribute; or
— verify the presented identifying attributes with a service provider who has authorized access to the evidence for this purpose. The service provider provides a response to the proofing party.
A proofing party that is carrying out identity proofing relies on the accuracy and integrity of the proofing information in the evidence of identity to which it refers.
4.5.4 Verifier
A verifier is an entity, system, device or software that has the ability to answer a verification request from a proofing party. They can include entities such as authoritative parties or other parties that control evidence. The subject themselves can be a verifier if they can activate evidence to respond.
The response provided by the verifier does not necessarily include a verification judgement but can be proofing information which enables the proofing party to make their judgement on whether successful verification has occurred.
4.6 Evidence of identity strength considerations
Unless the identity proofing event is the inaugural establishment of identity for the subject, some evidence (documents, digital identities, etc.) can be the product of an earlier formal identity proofing process. Registration of birth is an example of an inaugural event where there is no previous identity proofing activity for the subject.
The proofing party should evaluate the earlier identity proofing event to determine the extent to which the evidence can be accepted for the current identity proofing event and LoIP, and any further validation that can be necessary.
Not all evidence of identity issued is able to be used in subsequent identity proofing outside the context in which it was issued. It is possible that evidence does not contain any proofing information and/or cannot be linked to proofing information that is externally accessible. Physical documents presented as evidence of identity can include anti-tampering and anti-counterfeit features. Where appropriate and practical, the verification of identity information in physical evidence of identity includes the checking of the anti-tampering and anti-counterfeit features. Electronic forms of evidence of identity can be obtained in a manner that tampering and counterfeiting can be detected.ISO IEC TS 29003 pdf download.