This part of the iSHARE Scheme Trust Framework is considered normative and is therefore compliant with RFC 2119.
| Excerpt |
|---|
This chapter summarises the responsibilities and functional requirements per role:
|
One requirement to any legal entity fulfilling a role is that they MUST provide a unique identifier.
...
Please refer to the detailed Operation descriptions for what criteria need to be met to be admitted to the iSHARE network.
| Anchor | ||||
|---|---|---|---|---|
|
The Service Consumer-role is fulfilled by a legal entity that consumes a service, such as data, as provided by a Service Provider.
...
- iSHARE adherence is REQUIRED.
| Anchor | ||||
|---|---|---|---|---|
|
The Service Provider-role is fulfilled by a legal entity that provides a service, such as data, for consumption by a Service Consumer.
...
- iSHARE adherence is REQUIRED;
- All user interfaces available in an iSHARE context MUST comply with the iSHARE's user interface requirements.
| Anchor | ||||
|---|---|---|---|---|
|
The Entitled Party-role is fulfilled by a legal entity that has one or more rights to a service provided by a Service Provider, for example to data. These rights, or entitlements, are established in a legal relation between the Entitled Party and the Service Provider.
...
Please refer to the detailed Operation descriptions for what criteria need to be met to be admitted to the iSHARE network.
| Anchor | ||||
|---|---|---|---|---|
|
The Identity Provider-role is fulfilled by a legal entity whose tooling identifies and authenticates humans (and specifically, Human Service Consumers representing Service Consumers). An Identity Provider:
...
- The Identity Provider MUST have a clear agreement with the authorising entity concerning the process of allowing the registering, updating or removing of an authorisation;
- The Identity Provider MUST prevent that a revoked authorisation is processed as a valid authorisation;
- The Identity Provider MUST ensure that the identification and authentication process conforms to the Level of Assurance requested by the Service Provider;
- The Identity Provider MUST conform to the service levels for Certified Parties as described here;
- The Identity Provider MUST NOT claim accordance with a Level of Assurance for which it has not been certified by the Scheme Owner;
- The processes of the Identity Provider MUST be in accordance with the Level of Assurance for which the Identity Provider has been certified;
- iSHARE certification is REQUIRED;
- All user interfaces available in an iSHARE context MUST comply with the iSHARE's user interface requirements.
| Anchor | ||||
|---|---|---|---|---|
|
Different humans might hold identifiers at different Identity Providers. Also, Service Providers might need to connect to several Identity Providers. To make sure Service Providers do not need a relation with each Identity Provider individually, an Identity Broker is introduced. The Identity Broker-role is fulfilled by a legal entity that provides Service Providers access to different Identity Providers, and that offers humans the option to choose with which Identity Provider to identify and authenticate themselves throughout the iSHARE Scheme.
...
- The Identity Broker MUST provide users an interface to select their Identity Provider;
- The Identity Broker MUST conform to the service levels for Certified Parties as described here;
- The Identity Broker MUST NOT claim accordance with a Level of Assurance for which it has not been certified by the Scheme Owner;
- The processes of the Identity Broker MUST be in accordance with the Level of Assurance for which the Identity Broker has been certified;
- iSHARE certification is REQUIRED;
- All user interfaces available in an iSHARE context MUST comply with the iSHARE's user interface requirements.
| Anchor | ||||
|---|---|---|---|---|
|
The Authorization Registry-role is fulfilled by a legal entity who provides solutions for Adhering Parties for the storage of delegation information. An Authorization Registry:
...