Information and Identity Governance – ID Governance

What is identity governance?

  • 36. How do definitions, objectives and levels of assurance (from anonymous, through pseudonyms, self-asserted, balance of probability to beyond reasonable doubt) vary by purpose and why?
  • 37. Does current legislation on the matter recognize the different levels of identity effectively?
  • 38. Which stakeholders need what, what is the value to them and who is willing to pay what to achieve that value?
  • 39. Define a comprehensive set of use cases of identity systems, and estimate the associated values with each case.

Many identity system proposals make assumptions on restricted use cases, so having a taxonomy of uses would make it possible to compare the scope of different proposals. Estimates of the national value of each use case would help prioritise activities. (e.g. there are significantly different requirements needed for low-value on-line purchase and for national border control).

  • 40. What is the current state of play in different organisations and jurisdictions with regard to primary identity management activities:
  • a. What is identity proofing, and vetting, where is it really needed and how can it be performed with a high level of assurance?
  • b. Define the full management life-cycle around the issuance, post-issuance management and revocation of identity credentials?
  • c. their use to assert securely an identity physically and electronically (authentication) in both autonomous and federated environments?
  • d. the design, implementation, operation, accreditation and certification of infrastructures and services that provide trusted identity credentials?
  • e. the design, implementation, operation, accreditation and certification of infrastructures and services that use trusted identity credentials within and between organisations?
  • f. the establishment and operation of an independent audit regime to evidence compliance to relying parties and regulators, ensuring privacy and preventing fraud and theft?
  • g. their use of assured identities to support authorisation activities?
  • 41. What is the current state of play with regard to operational electronic identity systems? Numbers covered, volume and values of transactions relying on them, perceived security etc.?
  • a. What is the current state of play regarding regulatory systems?
  • b. What is the current state of play regarding interoperability between identity systems and the regulatory issues across boundaries across systems?