ISO IEC 24760-2:2015 pdf free
ISO IEC 24760-2:2015 pdf free.Information technology一Security techniques一A framework for identity management
An identity management authority is associated with a domain of applicability with the duty and capabilities to define and adjust business objectives for identity management in that domain and set management policies to meet these objectives.
An identity management authority uses policies to regulate the use of registered identity information.
Policies may specify levels of service to provide including the level of assurance on identity information that may be provided by the identity management system. Policies may also specify how to obtain authorisation for access and modification of identity information in unforeseen circumstances.
The identity management authority shall define identity management objectives for a domain of applicability served by the identity management system operating under its authority. The identity management authority shall specify policies to meet identity management objectives for an associated domain.
Responsibilities of an identity management authority include
一to create, modify or revoke operational policies,
一to ensure legal and regulatory compliance of the policies and operation of the identity management system,
一to require and approve modification of mechanisms to establish a required level of assurance in entity authentication for access to identity information and system control functions
一to respond to incidents,
一to approve changes in the type of information recorded in the identity register
一to initiate regular audits, and
一to evaluate audit reports, in particular on the effectiveness of policies,
An identity management authority may enter into formal association with one or more other identity management authorities to form a “federation.”
NOTE The purpose is to extend the domain of applicability for principals with the other domains of applicability in a federation. This extension is achieved with strictly controlled sharing of identity information.
In a federation, responsibilities of each identity management authority include:
一to provide a level of assurance of identity information that meets the specified requirement of any other member of the federation,
一to maintain control over access to the identity information contained in its identity management system,
一to ascertain that the level of assurance realized by any other member of the federation in authorizing access to identity information in the federated identity management systems meets its requirements for access to its own identity information,
一to operate with common policies for information sharing, and
一to specify policies to maintain its trust in the level of assurance of identity authentication.ISO IEC 24760-2 pdf download.