IDEF Attribute Minimization, v1.0

Specifies requirements in accordance with Identity Ecosystem Framework (IDEF) requirement PRIVACY-3: ATTRIBUTE MINIMIZATION.

Assessment Steps (3)

1
Evaluation of Transaction Requirements for Claims vs. Attributes (EvaluationofTransactionRequirementsforClaimsvsAttributes)
Does the entity evaluate the need to collect specific attributes in a transaction, as opposed to claims regarding those attributes?
Artifact
A1
Provide evidence (e.g. organizational policies, procedures, compliance/assessment reports, etc.) and supporting notes as appropriate to support the assessor's response to this assessment step.
2
Use of Claims Wherever Feasible (UseofClaimsWhereverFeasible)
Wherever feasible, does the entity collect, generate, use, transmit, and store claims about users rather than attributes?
Artifact
A1
Provide evidence (e.g. organizational policies, procedures, compliance/assessment reports, etc.) and supporting notes as appropriate to support the assessor's response to this assessment step.
3
Transmission and Binding of Claims Wherever Feasible (TransmissionandBindingofClaimsWhereverFeasible)
Wherever feasible, does the entity transmit attributes as claims and bind transmitted credentials and identities to claims instead of actual attribute values?
Artifact
A1
Provide evidence (e.g. organizational policies, procedures, compliance/assessment reports, etc.) and supporting notes as appropriate to support the assessor's response to this assessment step.

Conformance Criteria (1)

Attribute Minimization
Entities requesting attributes MUST evaluate the need to collect specific attributes in a transaction, as opposed to claims regarding those attributes. Wherever feasible, entities MUST collect, generate, use, transmit, and store claims about users rather than attributes. Wherever feasible, attributes MUST be transmitted as claims, and transmitted credentials and identities MUST be bound to claims instead of actual attribute values.
Citation
IDEF
Page 11