Overview#Data Accuracy information relevant or pertaining to determining if the data is accurate
Verifier#Verified attributes allow RPs to make informed decisions around whether or not to trust the data value during Access Control Policy evaluation. In addition, understanding who verified an data value may influence the RP’s decision about whether or not to accept an data value as part of an access control decision. The verifier metadata element is intended to answer this "who" question. Namely: did the organization that established the data value perform the verification themselves or was the verification done at a later date by the AP?
Acceptable values for this metadata field include:
- Origin - The attribute’s value was verified by the entity that issued or created it (e.g., a Social Security Number verified by the Social Security Administration).
- Provider - The attribute’s value was verified by the attribute provider.
- Not Verified - The value of the attribute was not verified.
Verification Method#The Verification Method metadata element contains information on the process used to confirm that an data value is both true and, in the case of attribute Value Assertion belongs to the specified individual. This is sometimes necessary to support an authorization decision, but may not always be required.
The acceptable values for verification method are intended to provide insight into the verification processes used by providers and enable greater confidence in a given attribute’s value. This is particularly beneficial if there are multiple providers for instances of a single attribute. Recommended values for this element are:
- Document Verification - The data value was verified by inspecting a document that is acceptable to the RP (e.g., driver's license, medical record, utility bill). Transactional participants may want to determine the types of acceptable documents for attribute value verification in advance.
- Record Verification - The data value was verified against an authoritative record or database. For the purposes of this schema, the term "authoritative" is used consistently with its definition in NIST.SP.800-63.
- Document Verification with Record Verification - The attribute value was verified against both an acceptable document and an authoritative record or database.
- Proof of Possession - Confirmation of an individual’s ability to demonstrate possession of a device or account is used to verify the attribute's value. Certain attributes and their values, such as phone numbers and email addresses, can be verified by direct communication (SMS, voice, or email) with the entity to which the value is attributed. This method of verification may not be applicable to all attribute values. However, to a certain set of attributes, this is a legitimate approach to determining that the attribute's value is both valid and associated with the appropriate individual.
- Not Verified - The attribute’s value has not been verified.