IDEF Credential Limitation, v1.0
Specifies requirements in accordance with Identity Ecosystem Framework (IDEF) requirement PRIVACY-4: CREDENTIAL LIMITATION.
                Assessment Step
| 
                                            1
                                         Credential Limitation (CredentialLimitation) Does the entity refrain from requesting users' credentials unless necessary for the transaction and then only as appropriate to the risk associated with the transaction or to the risks to the parties associated with the transaction? 
                                                            Artifact
                                                         A1 Provide evidence (e.g. organizational policies, procedures, compliance/assessment reports, etc.) and supporting notes as appropriate to support the assessor's response to this assessment step. | 
Conformance Criteria (1)
| Credential Limitation Entities MUST NOT request users' credentials unless necessary for the transaction and then only as appropriate to the risk associated with the transaction or to the risks to the parties associated with the transaction. 
                                            Citation
                                         
                                                    IDEF
                                                 
                                                    Page 12
                                                 | 
