This document defines the tScheme criteria against which organisations must be successfully assessed in order to be eligible for a Grant of Approval for the provision of Services to Government, individuals, system objects, corporate entities and other relying parties for the management of the lifecycle of credentials used to enable the authentication of the identity of individuals.
The criteria given in this Approval Profile are related to the provision of Services that manage the lifecycle of issued credentials. Such Services cover:
- the receipt of requests to revoke, suspend or otherwise change a credential’s status;
- the authentication and authorisation of such requests;
- the determination of a decision to change a credential’s status and associated actions;
- notification of status change to credential owners.
In the overall design of an Identity Provider Service there is likely to be some flexibility as to where the lifecycle management of credentials and, if applicable, additional attributes is performed. It will either be part of the Identity Provider Service itself or it will be performed by the appropriate registration service. It could also be a mixture of both with some registration service providers managing the lifecycle of credentials/attributes of their registrants with the remaining registrants managed by the overall Identity Provider Service. It is thus up to the Identity Provider Service to demonstrate that, as part of its overall Assessment, the relevant criteria in this Profile are satisfied for all their issued credentials and, if applicable, all associated additional attributes.
The full Profile is available as a PDF document free of charge for non-commercial use. To track access, you must register (free of charge) – this entitles you to access the restricted Approvals Profiles page. To register for access to the Profiles please click here. Already registered? Login, then access the files here.