Overview#
Data Accuracy information relevant or pertaining to determining if the
data is accurate
Data Accuracy may include Data Provenance
Verified attributes allow
RPs to make informed decisions around whether or not to trust the
data value during
Access Control Policy evaluation. In addition, understanding who verified an
data value may influence the
Relying Party’s decision about whether or not to accept an
data value as part of an access control decision. The verifier metadata element is intended to answer this "who" question. Namely: did the organization that established the data value perform the verification themselves or was the verification done at a later date by the
AP?
Acceptable values for this metadata field include:
Verification Method#
The
Verification Method
metadata element contains information on the process used to confirm that an data value is both true and, in the case of
attribute Value Assertion belongs to the specified
individual. This is sometimes necessary to support an
authorization decision, but may not always be required.
The acceptable values for verification method are intended to provide insight into the verification processes used by providers and enable greater confidence in a given attribute’s value. This is particularly beneficial if there are multiple providers for instances of a single attribute. Recommended values for this element are:
- Document Verification - The data value was verified by inspecting a document that is acceptable to the Relying Party (e.g., Driver License, medical record, utility bill). Transactional participants may want to determine the types of acceptable documents for Attribute Value verification in advance.
- Record Verification - The data value was verified against an authoritative record or database. For the purposes of this schema, the term "authoritative" is used consistently with its definition in NIST.SP.800-63.
- Document Verification with Record Verification - The attribute value was verified against both an acceptable document and an authoritative record or database.
- Proof-of-Possession - Confirmation of an individual’s ability to demonstrate possession of a device or account is used to verify an Attribute Value. Certain attributes and their values, such as phone numbers and email addresses, can be verified by direct communication (SMS, voice, or email) with the entity to which the value is attributed. This method of verification may not be applicable to all attribute values. However, to a certain set of attributes, this is a legitimate approach to determining that the attribute's value is both valid and associated with the appropriate individual.
- Not Verified - The attribute’s value has not been verified.
There might be more information for this subject on one of the following: