Policy Statements

Policy #1:

The international businesses and government communities must collaborate to define and promote global standards for the development of internationally trusted and interoperable baseline electronic credentials used to authenticate, with appropriate levels of assurance, a person’s identity. Organizations should be able to incorporate credentials based on these standards into both new and existing instruments of identity authentication—such as e-passports, national ID cards, driver’s licenses, and credit cards.

Policy #2:

Standards for electronic credentials must be built on the business uses for authentication and not just the underlying core technologies.  They should promote common approaches for how organizations across different industries create credentials and use them within their various business and government operations.  Therefore, standards must address data elements, verification procedures and management requirements necessary to create credentials protected by design and ongoing maintenance from tampering and misuse.  Standard practices must accommodate varying organizational identity management requirements ranging from one- to three-factor authentication.

Policy #3:

To address privacy concerns and create a climate of consumer confidence and trust, organizations issuing electronic credentials must demonstrate and publicize the safeguards used to protect an individual’s personal information.  Furthermore, organizations need to adhere to a code of conduct, based on best practices, which requires them to clearly define and present to the public the uses of and benefits from electronic credentialing prior to requesting any personal data necessary to create these instruments.