How to Use the Registry

Invitation to Apply

Identity Ecosystem Service Providers (Service Providers) are encouraged to use the Baseline Requirements as guidance for the competencies necessary for full participation in a safer online Identity Ecosystem.  Service Providers who voluntarily participate in the IDEF Registry assist IDESG by sharing information about the feasibility and status of industry adoption of NSTIC’s goals.

IDESG recognizes variations among Service Provider organizations and operations and offers these options to provide flexibility and choice in the self-assessment and reporting process for the Service they are providing.  The IDESG IDEF Registry accommodates self-reports from Service Providers at any level of progress in implementing the Baseline Requirements.

HOW A SCORE IS CALCULATED

What is Included in the Score

A Service’s total score is based on the number of Baseline Requirements assessed and the answer for each which is given a number of points. The overall points are added up and divided by the total possible points to create a percentage.  This calculation is also done for each of the principle areas – Privacy, Security, Interoperability, and Usability based on the requirements that cover each area.

There are currently 45 Baseline Requirements that make up the Identity Ecosystem Framework (IDEF) – 15 for Privacy, 15 for Security, 8 for Interoperability and 7 for Usability. Each requirement applies to one or more Core Operations – Registration, Authentication, Credentialing, Authorization, Transaction Intermediation; and one or more Roles performed in online transactions – Relying Parties or Identity Providers including Attribute Providers, Intermediaries, and Credential Service Providers.

Requirements that are not relevant to the specific service being assessed are not counted against the total score. At the beginning of the Registry Form, the applicable Core Operations and Roles are selected so that only the related requirements, as determined by IDESG, are available to be assessed.  During the assessment, it may be determined by the Registrant that a requirement is not relevant for a particular service and can be marked Not Applicable and won’t be counted in the score calculations.

What is included in the score is all applicable requirements, those that 1) apply to the Core Operations and Roles of the service, and 2) are determined to apply to the specific service by the Registrant.

Score Details

Each requirement status is given a set number of points. The points are added up and divided by the total possible points, to create a percentage.  We show an overall score as well as a score for each of the four principle areas as outlined in the NSTIC Principles – Privacy, Security, Interoperability, and Usability.  In the score details view (coming soon) you can also view the score for each of these four areas which is based on the number of relevant requirements answered and the points for each of those answers.

Totals possible points:

• Privacy – 15 requirements, 1500 total points possible
• Security – 15 requirements, 1500 total points possible
• Interoperability – 8 requirements, 800 total points possible
• Usability – 7 requirements, 700 total points possible
• TOTAL – 45 requirements, 4500 total points possible

Examples Score

SCORE

SCORE DETAIL

OVERALL SCORE: 100%

Total 4500 out of a possible 4500 points*

* A note about the Total Possible Points: Requirements determined by IDESG as Not Applicable to the Core Operations and Roles that are selected by the Registrant in Part 2 of the form, or were determined to be Not Applicable by the Registrant in Part 3 of the form, are not included in the total possible points calculation.

Another Example:

SCORE

SCORE DETAIL

OVERALL SCORE: 80%

Total 3450 out of a possible 4100 points*