This document defines the tScheme criteria against which organisations must be successfully assessed in order to be eligible for a Grant of Approval for the provision of services to Government, individuals, system objects, corporate entities and other relying parties for the validation of credentials to enable the authentication of the identity of individuals.
The criteria given in this Approval Profile are related to Services that are established to enable an individual to register with an Identity Provider in order to gain the means of transacting electronically with relying parties. These relying parties, who will be either Trust Service Providers or some other kind of service providers, need to be able to trust that ultimately they are transacting with the individual from whom the electronic transaction appears to originate. The Identity Provider links an electronic identity with a real-world identity. The End User presents proof of their real-world identity (e.g. documentation such as Passport, Driving Licence or pre-existing electronic evidence) to the Identity Provider so that they can validate and verify the registrant’s claimed real-world identity, issue them with a credential and then (if appropriate) pass authentication information to support credential validation to a Credential Validation Service Provider. No specific constraint of scope is intended in this Profile on how these processes could be carried out.
For some simple credentials, such as those based on PIN and Password, all that the credential validation service does is to confirm that the credential is valid and has not been suspended or revoked; for more sophisticated credentials, such as Chip & PIN smartcards, the credential validation service can support a Challenge/Response function to provide additional assurance that the credential is being used by an End User that knows how to access the credential. However, assurance that it is the correct End User depends on the strength of the registration process and on the security applied to prevent improper access to the credential. These factors are out of scope for the credential validation service.