| A | B | C | D | E | F | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z | |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 | Comment Template for: Attribute Validation Services for Identity Management: Architecture, Security, Privacy, and Operational Considerations | ||||||||||||||||||||||
2 | Please submit responses to digital_identity@nist.gov by December 2, 2024. | ||||||||||||||||||||||
3 | |||||||||||||||||||||||
4 | Organization: | Kantara Initiative - ANCR WG | |||||||||||||||||||||
5 | Name of Submitter/POC: | ||||||||||||||||||||||
6 | Email Address of Submitter/POC: | ||||||||||||||||||||||
7 | |||||||||||||||||||||||
8 | Comment # | Section | Page # | Line # | Comment (Include rationale for comment) | Suggested Change | |||||||||||||||||
9 | Comments directly related to current WG efforts. | ||||||||||||||||||||||
10 | |||||||||||||||||||||||
11 | 0 | Generally the document takes the view that the citizen and their attributes are something that the government controls and validates on the behalf of organizations using the AVS. This makes it very difficult to talk about transparency, security, and privacy as the perspective is not that of the citizen/PII Principal. The ANCR WG is focused on developing technical solutions that address the identity, security, and privacy requirements of the PII Principal. The first set of comments below highlight examples of where this is believed to be the case in the document, and comments and suggested changes to try to address this. | |||||||||||||||||||||
12 | 217 | ||||||||||||||||||||||
13 | 1 | 1.1 | 1 | 228 | "to facilitate greater use of government data in a manner that preserves user privacy while also enabling increased equity by providing access to a broader array of authoritative data sets: Comment: Preserves privacy, and the term user, is not consistent, for multiple reasons. 1. privacy as a state is not defined, 2. the term user in the context of privacy, means the service is using an attribute of a citizen, 3. in the context of the NIST context for AVS, refers to preserving the state of data protection security, of a citizens data." | recommend "in a manner that preserves the security of citizen data, while also enabling increased equity by providing access to a broader array of authoritative data sets, through user controlled and asserted attributes that can be verified for both a purpose and with the lawful basis of consent." | |||||||||||||||||
14 | 2 | 1.2 | 1 | 247 | Introduces 3 archetypal technical models, indicating policy is out of scope, these models being query/API-based models, brokered attribute hubs, and verified attribute models do not refer to authority and attribute control architecture, but the underlying technical process | update architecture model | |||||||||||||||||
15 | 3 | Abstract | 4 | 80 | The abstract does not sufficiently recognize the fact that attributes are sensitive personal information. In many cases it is the citizen that is trying to use their attributes and asserting them, and also that citizen rights needs to be respected in this process. | Consider use of the word citizen in place of user when possible. | |||||||||||||||||
16 | 4 | Abstract | 4 | 88 | Referring to attributes as government data, | "that provides security and privacy in the use of citizen attributes." | |||||||||||||||||
17 | 5 | Abstract | 4 | 89 | Use of the term equity is questionable | "increases equity through transparency, notice, consent and personal data control." | |||||||||||||||||
18 | 23 | 2 | 3 | 273 | In reference to "Furthermore, it sets the stage for ecosystem-wide set of capabilities that can provide the flexibility needed to promote user choice, consent, and interoperability of reliable identity and authorization attributes beyond today's constrained processes." | Since consent is called out as a specific capability it is important to improve the understanding and basis for lawful and usable consent. | |||||||||||||||||
19 | 6 | 2.1.1 | 3 | 293 | It is critical that "identity proofing" take place not only of individuals but also of organizations as entities, whether they be AVS provider, relying party, or the service provider (if different than the relying party). In this case identity proofing is expanded to including the proofing of authority. This should take place at the very beginning of the process or engagement with an individual citizen as the PII Principal as they provide PII Controllers and PII Processor through notices that convey the legally required transparency with regards to risk involved for the purpose and justification. | Includes somewhere the need for identity assurance on the part of all parties involved, and the need for them to be fully known.. | |||||||||||||||||
20 | 7 | ||||||||||||||||||||||
21 | 8 | 2.2 | 7 | 361 | with the consent of the SSN holder needs to be expanded | With notice or purpose, justification, and the identification of the entity requesting the attribute verification and then the consent of the citizen for the verification of name, DOD, and SSN. | |||||||||||||||||
22 | 9 | 2.2 | 7 | 361 | this provides an example of where notice and consent receipts can be used | Reference to notice and consent receipts as technologies and standards that can be adopted to address the operational requirements of validation services. | |||||||||||||||||
23 | 10 | ||||||||||||||||||||||
24 | 11 | 2.2 | 7 | 361 | SSNVS equivalent should exist for the EINs acting as AVS, RPs and their service providers | add EIN and entity verification as operational validation services | |||||||||||||||||
25 | 12 | 2.2 | 7 | 366 | This is where there are requirements on the part of the RP to present a notice which includes purpose and justification included in the notice of risk inclusive of the PII Controller and PII Processor (entity) information and other required disclosures. | Add a first step which is a notice that is presented before any PII is collected. This can also refer to the Transparency Performance Indicators (TPIs) being published by the Kantara Anchored Notice and Consent Work Group. This includes the timing of notice which is critical as to whether there exists valid consent for the use of any personal identifiers. | |||||||||||||||||
26 | 13 | 2.2 | 7 | 372 | This does not cover how to govern the RP use and duty of care with regard to the data. | this is generally missing throughout the document | |||||||||||||||||
27 | 14 | 2.3 | 9 | 420-424 | This is a very important statement about the technical infrastructure that needs to be put in place in the UCVA archetype and architecture. | Mention of some of the specific infrastructure required that includes trust registries and validation of controller (entity) attributes that can be consolidation into a user-controlled and created controller credential. | |||||||||||||||||
28 | 622-625 | editor added an ANCR comment | editor added an ANCR recommendation | ||||||||||||||||||||
29 | 15 | 4.2 | 16 | 631 | The references here to trust specifically point at trust in data, trust is more overarching and requires trust in authority, trust in the system and process, and trust in individuals (particularly those with privileged access). | first sentence High quality data requires trust not only in the accuracy of data but also, importantly, trust overall at a system level, and in the policy and procedures that dictate its governance as necessary to instill confidence in providers and in citizens interacting with these systems that are safeguarding their data. | |||||||||||||||||
30 | 672 | "Comprehensive validation rules and checks help enforce existing data quality standards. Such rules can include format checks, range validations, referential integrity checks, and other business-specific rules. An AV service may be designed to apply these rules systematically across all relevant data attributes." | |||||||||||||||||||||
31 | 16 | 4.3 | 17 | 685 | Data is useful to all the stakeholders, and if possible should include the PII Principal in the maintenance process. | First sentence ... in a way that is accessible and useful to an organization and its stakeholders. | |||||||||||||||||
32 | 17 | 4.4 | 18 | 723 | 800-53 is organization and data centric and does not address personal data control and governance risk management vectors, and is limited in its details related to notice and consent. | Find a place in the document to include these risk assessment and management techniques. | |||||||||||||||||
33 | 733 | Metadata Comment here | |||||||||||||||||||||
34 | 18 | 5.3 | 21 | 824 | Buy-in comes at the end of a process in which the stakeholders mentioned, and needs to be initiated as early as possible in the implementation of an attribute validation service. | First sentence ... is critical and needs to take place early in the process of establishing an AVS and maintained throughout its lifecycle. | |||||||||||||||||
35 | 19 | 5.4 | 21 | 880 | Even in the case of RP as the user of the AVS they will still be doing so in providing a service to the individual citizen and therefore the PII Principal must be central in the risk perspective and the assessment of impacts, particularly since today terms and conditions push the liability and its management on the individual. This paragraph seems not to be able to make up its mind, perhaps this should be related to type of risk such as identity risk, security risk, surveillance risk, and privacy risk across stakeholders and perspectives inclusive of the legal obligations. | Second sentence ..., and the anticipated impact should be considered separately and evaluated as well as evaluated as whole. | |||||||||||||||||
36 | 907 | ||||||||||||||||||||||
37 | 908-911 | ||||||||||||||||||||||
38 | 20 | 5.5 | 23 | Notational | The end-user in the case of the AVS as represented here is the RP. This is a problem throughout the document as the services here are not IT services which are typically something that is used by a data subject. Here there clearly could be multiple types of users of an AVS, that being the agency, an RP other than an agency and the citizen. | Change last sentence to: An AVS must provide a notice of risk and transparency with regards to the purpose and details on the part of the data controller and data processes this allows an individual an understanding and assessment of risk. With this in hand it is then possible to ensure privacy and for the individual to consent to the use of the attributes by the AVS. (as an example of clear notice which is not described). Again this is one of the core use cases for which the notice and consent receipts and records developed in the ANCR WG are targeted. | |||||||||||||||||
39 | |||||||||||||||||||||||
40 | |||||||||||||||||||||||
41 | 21 | 5.5 | 23 | 907 | The representation of consent here is more in line with idea of permissions in an identity management system than consent. For example providing notice is required by ensuring privacy, or obtaining informed consent. | ||||||||||||||||||
42 | 917-932 | must be used as an example of framework that can be used - | see ANCR WG TPR Comments | ||||||||||||||||||||
43 | 923 | existing consent paradigm does not work in favor of users. | existing consent permission paradigm (vocabulary and data control ontology) does not work in favor of users. enable Citizens to control identifiers, that are data protected . | ||||||||||||||||||||
44 | 22 | 5.5 | 24 | 926 | The use of the term privacy notice is problematic as it is often conflated with privacy policies on the part of the PII Controllers. The notice is not only related to the purpose but also to the risk (scope of disclosure) that exists when being identified and that can only be represented once the AVS (controllers and processors) has conducted the risk assessment and put in place transparency (notifications) for security and privacy countermeasures. Without this there is no possibility for their to be valid consent for AVS | Again, with regards to the mention of the importance of transparency, the ANCR WG TPIs provide some useful guidance on how to assess this. A TP-R is created by assessing the indicators of valid consent, how well it performs, and integrity of its security, | |||||||||||||||||
45 | 928 | ||||||||||||||||||||||
46 | 936 | ||||||||||||||||||||||
47 | line936. " ensure compliance with existing mandates and best practices related to, for example, meaningful notice and active consent? This is especially relevant for upstream and downstream systems where consent may be nonexistent or implied." ANCR TP-R is a way to capture the performance of notice, to support continuously improving transparency. | ||||||||||||||||||||||
48 | 24 | The Term Consent is used in numerous ways, this comment aims to provide general comments applicable to referenced types of consent in this document, the assumptions being, consent refers to the lawful basis of consent, as identified in ISO/IEC 29100 and Convention 108+ / GDPR , in the content of this report, consent as a legal basis is reviewed to provide this comment in order to indicate transparency required from an identification processes to be valid for consent. used for this 361 Consent-Based SSN Verification (CBSV) Service, for clarity, is this referring to the use of an SSN Card for self-identification and verification ? if so this is dependent on the quality of digital transparency and notice, where it is standard or not. All references here, require a digital identification to be apart of the purpose of use and access, and should incorporate a standard transparency mechanism that is proportionate to attributes and their use as identifiers, Address all of these terms with a measure of the validity, quality, usefulness, usability , and assurance of a consent mechanism, 918 - weak or unclear consent, is not consent, it is permission, 924 Proper Consent, 936 Enhanced Consent, 1817 - "user consent protocol 1999 - meaningful and active consent 2003.— is an example of active consent (as opposed to passive implied consent) "- adequate or enhanced consent is to ensure the public is aware of what could potentially happen to (or is happening to) their information before that information is collected.) " | |||||||||||||||||||||
49 | 25 | 6.4.1 | 28 | 1042 | Secretaries of State and their respective corporation divisions establish the requirements for organizations to be in good standing, For example here in MA a certificate of good standing is available to attest to this. In addition there are legal requirements associated with privacy and security frameworks as well as international standards that could be used to address this. | Self-enrollment for organizations is challenging as most IT infrastructure and services are focused on authenticating individuals and not on the data controllers and data processing. | |||||||||||||||||
50 | 26 | 6.6 | 31 | 1123 | test engineers can test privacy as well, e.g. measure transparency and notice. | ... automated unit, integration, security, and privacy tests. | |||||||||||||||||
51 | 27 | 6.7 | 32 | 1157 | A point of contact will also need to meet operational cybersecurity and privacy requirements. | add this at some point in the document | |||||||||||||||||
52 | 28 | 6.7 | 32 | 1170 | This seems to place the burden of discovering errors on the individual. | Start with this. Inevitably validated information will contain errors, even after best efforts on the part of the AVS. When errors are discovered either by the AVS operator, AVS users and/or individuals the AVS provider will need to establish clear redress... | |||||||||||||||||
53 | 29 | 7.1.1 | 34 | 1237 | This seems to suggest that attributes are only used for proofing and not for authentication or authorization at transaction time. | The user may submit their attributes as part of the proofing process that can be later used for authentication and authorization in coordination with the AVS. | |||||||||||||||||
54 | 30 | 7.3.3 | 49 | 1780 | Notice and consent standards have existed for some time, and are being further defined, such as the work in the ANCR WG. | Include a reference to the ISO standards (29184, 27560), the Kantara Consent Receipt v1.1 and the ANCR WG TPIs, we champion standard transparency, using a common framework, as a baseline. which has now happened with standards and in law. | |||||||||||||||||
55 | |||||||||||||||||||||||
56 | 31 | 7.3.4 | 54 | 1991 | Inadequate consent is addressed by the ANCR TPI work, as notice and transparency are critical precursors to consent. Again, multiple definition of consent are used throughout and would benefit from definition. Also, again, ideally consent is obtained before versus at the time of collection, since at the time of collection surveillance is already underway of the individuals. This timing of notice, is TPI 1 and is a measure of both notice and consent performance. This is referred as adequate or enhanced consent here. While the distinction is appreciated this is really the only valid form of consent. In many other cases the preconditions and legal basis for consent does not exist. | The W3C Data Privacy Vocabulary (DPV) is one source of definitions and is another useful reference. | |||||||||||||||||
57 | |||||||||||||||||||||||
58 | WG General Comments | ||||||||||||||||||||||
59 | |||||||||||||||||||||||
60 | 1 | Abstract | i | 82 | "Attributes and the processes for validating and asserting them are essential for securely identifying individuals and can also be utilized for authorization and other purposes." Before validating and asserting an "Attribute", the attribute must have been created through some process - an attribute has a contingent etiology which spans many disciplines and dimensions before it can be validated and asserted. In the past, when information resources were comparatively static and the associated "literacies" were isolated to a small group, this may have seemed natural - simply assume the attribute is well-formed statically and dynamically and agreed upon and that such form will be stable and consistently applied over an indefinite period. The pace of socio-cultural-technical change and our ubiquitous accompaniment by machine intelligences operating across "spectra of attribution" beyond our access may render this a quaint supposition - speaking more to nostalgia than to anticipation of technological advancements and increased capacities. | The document appears to elide any discussion of how attributes become attributes - either add a reference citing the standards and/or process of originating "attributes" or consider whether there may be a gap in establishing necessary processes for rendering this standard well-founded. If origination of attributes is considered too far afield - then perhaps at least address some minimal adequacy and quality criteria for establishing sufficiency and well-formedness of attributes and hooks into references speaking to the "lifecycle of an attribute" - so that some guidance is available when one or more attributes proves inadequate or defective - or when important attributes are found absent or unavailable - either entirely so, or within the present context. Also consider addressing issues of ambiguity and contradiction both in the: - semantics of an attribute - the valid / proper usage of an attribute - issues of "off-label" usage "in the wild" | |||||||||||||||||
61 | 2 | 6.4.1 | 28 | 1036 | Putative consequent does not follow from the premise, "Since AVSs are not typically offered directly to the public" false implication of causality or some such logical or other dependency relation - these are speaking to different contingent aspects of different contexts / situations. | Seperate the concerns / ameliorate the "dis-implication" - by rephrasing. Also, since there is apparently a desire to address "AVSs are not typically offered directly to the public" - perhaps expand on this matter separately speaking to principles of AVS access/availability and any anticipation of their evolution. | |||||||||||||||||
62 | 3 | 7.3 | 43 | 1594 1645 | The section situates itself largely in the context of physical documents. Is it the case that we can anticipate . User-Controlled Verified Attributes (UCVAs) which are not originated in physical documents. Also - at risk of itemizing several distinct comments in one - would like to point out: - The implication that the attributes/claims - for being "a digitally signed copy of their verified attributes or claims" - enable the "unbundling" of the content-set of a given physical document could be made more explicit - (somewhat also encouraging adoption of the capability(?)). A knowledgeable reader infers that the benefits suggested derive from the greater atomization of the attribute presentation - no need to rely on inference. - Speaking of inference, one could infer from the section that User-Controlled Verified Attributes (UCVAs) are not anticipated to arise outside the context of a "modernized - phygital" rendering of the attributes/claims based on a paper artifact. I do not see a basis for this - perhaps statements somewhere are warranted that the very same benefits of . User-Controlled Verified Attributes (UCVAs) will apply widely and beyond this paper digitalization context. | Here or in the suitable section, yet discovered: - Qualify that the physical document digitization is simply illustrative and that this . User-Controlled Verified Attributes (UCVAs) capability is expected to apply well beyond and in ways difficult to anticipate - but represents a critical tool to achieving these .... benefits. - More explicit explication of the linkages - "a digitally signed copy of their verified attributes or claims" as enabling greater atomization of attributes and claims and, therefore also contributing to collective system capacity for applying principles of data-minimization central to many relevant ... - Keep the last paragraph of the section largely as expressed - elaborate where informs more fully based on reliable/stable standards / project-identifiers - owing to importance of fostering and facilitating progress in this crucial basal capacity. Note: Re: "In recognition of this potential" - the above comments and suggestions are intended to expand this potential - lending greater weight to such recognition. | |||||||||||||||||
63 | 4 | 7.3.1.1. | 46 | 1678 | Re: "A comparable framework has yet to emerge in the U.S." - the field is advancing very rapidly, is still the case? | Ensure accuracy of statement at publication (and no one in the US has as yet written anything comparable to the DIACC guidance cited?). | |||||||||||||||||
64 | 5 | ||||||||||||||||||||||
65 | 6 | 7.3.2. | 1751 1762 | Can anything more be said along these lines at time of publication? Any reference to emerging SDO or otherwise sourced standards and protocols which could see adoption? What do alternatives look like - are there standards and protocols for these - or, does the absence of adequate digital elements disqualify such duty of care and commensurate analytic treatment and SDO engagement? In other comments the suggestion is made to reinforce the linkages between a given section and important canonical principles of DP, security, privacy.. - are there any such principles that can be referenced here? Principles that may be more readily and fully enacted by attending to the section guidance. For use cases beyond mobile driver’s licenses, it is not yet known which standards and protocols will be most widely adopted by issuers or RPs. Also, government AVSs will need to continue to provide alternative paths for users who are unable or unwilling to take advantage of UCVAs. . At a minimum, alternatives will need to be provided for those individuals who will not be able to utilize UCVAs or who chose not to do so due to security or privacy concerns. | For maximum impact - and to meet administrative-social-legal obligations as well - it is timely now to encourage the accommodation of usable alternatives to the mainstream commercially sourced capabilities - and even non-digitized / digitally or partially digitally transformed workflows for an extended period of time (a couple or several of decades). Even if many specifics remain to be determined - as these sections highlight - can not some broader perspective on the matter produce expanded discussion and guidance? The matter profoundly affects seniors and others who can be anticipated to face challenges in acquiring and applying digital agency - and as the pace of change increases, such considerations are likely to prove of perennial concern for achieving equitable access - on a rolling basis - i.e. getting off to a good start in this is a long lever for ALL stakeholders. "Difference" is universal and underpinning of resilient, anti-fragile ecosystems. | ||||||||||||||||||
66 | 7 | 1.1 | 1 | 240 | identity proofing (data validation), awkward or inappropriate use of the term validation. | perhaps "verification", the proofing process is the validation that results from the verification of the data. Validation is used for authentication in support of authorization. | |||||||||||||||||
67 | 8 | 2 | 3 | 261-268 | These seem to be two different types of "validation", in one case there is an authoritative source in which the validation is binary and therefore as earlier mentioned perhaps the term verification may be more appropriate. Validation is typically the process of determining whether or not something is true, in context (including at the moment). The idea that credit files are high fidelity data, might be challenged as these sources have little to no oversight or review by individuals unless an awkward process is followed and in many cases also include a fee, and further as pointed out can use proprietary approaches on vast amounts of data. While widely used the results are mixed, including the danger of centralized data, that magnify the threat in case of a breach (e.g. Experian 2022). | AVSs are critical to the functioning of identity management systems and services and are core government services that have existing for decades. (replace first sentence). Independently, the commercial sector has depended on AVSs for delivering services such as credit scores, using proprietary means to evaluate, process, and score vast amounts of data collected from open and closed sources. | |||||||||||||||||
68 | 9 | 2.1 | 3 | 278 | The use of the term accuracy is misleading, in many cases the use of cryptography determines whether something is valid or not, it is binary. Even the comparison of "reliable" data sets is a boolean operation in many cases. Also the term reliable introduces subjectivity that seems misplaced in this context. | Qualify the term accurate to mean "correct in all details" | |||||||||||||||||
69 | 10 | 2.1.1. | 4 | 307 | Some of these attributes are permanent other change over time. | Mention these differences among attributes and the implications. | |||||||||||||||||
70 | 11 | 2.1.2. | 4 | 316 | Should include physical space | data, applications, services, and/or physical spaces. | |||||||||||||||||
71 | 12 | 2.1.2. | 5 | 329 | HR is referred to as an external system, | confirm or explain terminology, perhaps external to the AVS and used as inputs | |||||||||||||||||
72 | 13 | 2.1.3. | 5 | 333 | Not sure why this is presented as a negative, in the majority of cases proofing takes place to facilitate the proper access to systems and services. | none.. | |||||||||||||||||
73 | 14 | 2.1.3 | 6 | 347 | Fraud comes from the other direction, the thing that needs to be identified is the bad actor, using things associated with the data subject for authentication and authorization increases the exploit surface all of which can be correlated for example, so not just for authentication and authorization but also for exploitation (fraud). | Describe the potential reduction in risk by identifying bad actors, as well as determining that they exist as a result of false or incorrect attributes. | |||||||||||||||||
74 | 15 | 3 | 10 | 429 | The sentence seems, or could indicate that all attributes are self-asserted, in the case of verifiable credentials the assertion could be directly to an authoritative source. | change to ..., it is crucial to validate, in the case of self-asserted attributes to validate them against, authoritative data sets and source. | |||||||||||||||||
75 | 16 | 3 | 10 | 440 | The introduction of fuzzy matching, while in some cases useful, it is also confusing, as many attributes are either true or not and not fuzzy in any sense. | at the words where applicable at the start, so.. Where applicable, the addition of simple fuzzy logic.. | |||||||||||||||||
76 | 17 | 3.1 | 11 | 497 | As someone with an apostrophe in their last name and the impact this has as an illegal character in web forms, and given the fact that with regards to names it is more common than the other examples. Suggest to include apostrophe. The same is true for names that include hyphens. | include .. the apostrophe (') as example | |||||||||||||||||
77 | 18 | 4.2 | 16 | 640 | Almost all systems are required to replicate data as system backups. | first sentence Today's digital data is often replicated both in terms of data being backed up as well as replicated in multiple data stores. The data often remains in the data stores even after the period where it is used and needed. | |||||||||||||||||
78 | 19 | 4.3 | 17 | 676 | Refreshing should only need to take place if there is a change in the data. | Refreshing data means importing new or updated data from the original data source... | |||||||||||||||||
79 | 20 | 4.3 | 18 | 700 | This is being presented as a necessary action when inconsistencies or data errors would best be addressed at the time of data input. | First sentence Regularly refreshing data can help improve data integrity of a data set by identifying... | |||||||||||||||||
80 | 21 | 5.4 | 23 | 898 | Perhaps also the prevent, address fraud seems to be more focused and reacting to fraud than taking measure that reduce it. | is expected to address and prevent. | |||||||||||||||||
81 | 22 | 6.3 | 28 | 1010 | There exist the capability to cache responses to standard AVS queries, much the same way that the Online Certificate Status Protocol works, regardless of whether the AVS is cloud or on-premise. | Include a mention of the ability to cache responses. | |||||||||||||||||
82 | 23 | 6.4 | 28 | 1029 | Access control must also apply to privileged users | Access control and the risk and countermeasures required increases in complexity... | |||||||||||||||||
83 | 24 | 6.4.1 | 28 | 1036 | Check grammar of the sentence, in any case it is difficult to understand. | ||||||||||||||||||
84 | 25 | 6.4.1 | 29 | 1058 | EV certificates often are only used for websites and the Object Identifiers (OIDs) are not specific to the risks associated with the service. Certificate Transparency standards partially address this. | EV certificates can be used to mitigate some of the risk. (added the word some). | |||||||||||||||||
85 | 26 | 7.1.1 | 35 | 1275 | Data stores can also stored responses as mentioned earlier, as in Over_18 | add sentence at the end. The data stores can also contain responses as opposed to the actual data, e.g. Over_18 versus DOB. | |||||||||||||||||
86 | |||||||||||||||||||||||
87 | |||||||||||||||||||||||
88 | |||||||||||||||||||||||
89 | |||||||||||||||||||||||
90 | |||||||||||||||||||||||
91 | |||||||||||||||||||||||
92 | |||||||||||||||||||||||
93 | |||||||||||||||||||||||
94 | |||||||||||||||||||||||
95 | |||||||||||||||||||||||
96 | |||||||||||||||||||||||
97 | |||||||||||||||||||||||
98 | |||||||||||||||||||||||
99 | |||||||||||||||||||||||
100 | |||||||||||||||||||||||