The page as a whole or parts of it is only allowed to be used for evaluating SpreadsheetConverter . All publishing on a webserver, for other purposes than evaluation, requires a license of SpreadsheetConverter .

Identity Quality Calculation            
PROPRIETARY AND CONFIDENTIAL. PATENT PENDING. Copyright © 2008 The Village Group, Inc.  
   
Choose the ONE that is closest by placing a Y in the corresponding space under “Determined Value.” (If you choose more than one, the one with the highest weighting will be recorded.) Determined Value Weighting of This Value Score  
The identity is not "owned" but is simply a username that was created by the user for access to a particular application or set of applications.  
The identity was established by, and is owned by, a principal relying party such as an employer, strictly for use in a single application provided by the principal relying party  
The identity was established by, and is owned by, a principal relying party such as an employer, strictly for use in the principal relying party's limited set of applications.  
The identity was established by, and is owned by, a principal relying party such as an employer, strictly for use in the principal relying party's local area network.  
The identity was established by, and is owned by, a principal relying party such as an employer, strictly for use in the principal relying party's local and wide area network.  
The identity was established by, and is owned by, an independent enrollment authority only for use in the network of one principal relying party such as an employer.  
The identity was established by, and is owned by, an independent enrollment authority only for principally for the benefit of one principal relying party such as an employer but is available for use elsewhere.  
The identity is owned by a government entity.  
The identity is "user centric SSO", established by the user, with ownership not specified.  
The ownership of the identity is explicitly that of the user, for use in applications and networks of multiple relying parties.  
The identity is owned by a bank or financial services firm, for use in the accounts with an available cash balance; the bank or financial services firm is the sole relying party.  
The identity is owned by a bank or financial services firm, for use in the accounts with an available cash balance and also for use in applications and networks of multiple relying parties.  
The ownership of the identity is explicitly that of the user, for use in applications and networks of multiple relying parties, at least one of which is a bank account or other financial services account with an available cash balance.  
    The Quality of Ownership Score of this Identity is  
   
Enter T beside each criterion that is true. Determined Value Weighting of This Value Score  
Certified copy of birth certificate sent directly from registry to enrollment officer at enrollee request  
Certified copy of birth certificate sent directly to enrollment officer by EO request  
Procedure supervised by CEP-certified Enrollment Officer  
CEP-Approved PII Corroboration Procedure Used?  
voice recording of enrollment procedure  
Database records of voice recording of authenticatable separate digits 0-9  
video recording of enrollment procedure  
Signed time and date stamp  
Signed GPS location  
If Remote:  
CEP-Approved email address lightweight validity check  
CAPCHA used in lightweight enrollment form  
CEP-Approved cookie placement procedure  
MAC and IP addresses of enrollee client device recorded  
CEP-Approved two-channel (net+phone) lightweight validity check  
One Government-Issued Photo ID faxed?  
One Government-Issued Photo ID presented to camera?  
Two Government-Issued Photo IDs faxed?  
Two Government-Issued Photo IDs presented to camera?  
If Face-To-Face:  
CEP-Approved Affidavit and Oath by Notary, JP, or Commissioner of Deeds?  
CEP-Approved Affidavit and Oath by Signing Agent or Immigration / Consular Official?  
CEP-Approved Affidavit and Oath by Tabelio Officer or Latin Notary?  
One Fingerprint recorded?  
Two fingerprints recorded?  
ten fingerprints recorded?  
face?  
Iris  
Retina  
Voice  
dna?  
hand?  
    Maximum Possible  
    “Normalization Constant”  
    Raw Quality of Enrollment Score  
    The Quality of Enrollment Practices Score of this Identity is  
   
Choose the ONE that is closest by placing a Y in the corresponding space under “Determined Value.” (If you choose more than one, the one with the highest weighting will be recorded.) Determined Value Weighting of This Value Score  
No certification  
Identity provided by IdP  
Identity Provided by and attested by IdP  
Identity Provided by IdP via X.509 certificate  
Identity Provided by and attested by IdP via X.509 certificate  
Identity Provided by and attested by CA via X.509 certificate  
Identity Provided by and attested by WebTrust Audited General Purpose CA via “Level 1” X.509 certificate  
Identity Provided by and attested by WebTrust Audited General Purpose CA via “Level 2” X.509 certificate  
Identity Provided by and attested by WebTrust Audited General Purpose CA via “Level 3” X.509 certificate  
Identity Provided by and attested by WebTrust Audited General Purpose CA via “Level 4” X.509 certificate  
Identity Provided by and attested by WebTrust Audited Personal Identity CA via X.509 certificate  
Identity Provided by and attested by WebTrust Audited Personal Identity CA representing Duly Constituted Public Authority via 1024 bit X.509 certificate  
Identity Provided by and attested by WebTrust Audited Personal Identity CA representing Duly Constituted Public Authority via 2048+ bit X.509 certificate  
    The Quality of Attestation Score of this Identity is  
   
Choose the ONE that is closest by placing a Y in the corresponding space under “Determined Value.” (If you choose more than one, the one with the highest weighting will be recorded.) Determined Value Weighting of This Value Score  
Credential stands by itself and is not associated with an identity from an identity assertion network  
Credential is assertable only as a username in a single organizational network  
Credential is assertable only on a single online resource such as a Web site  
Credential is assertable only through a proprietary group of online resources such as a group of related Web sites or a federated identity network  
Credential is assertable only through a proprietary group of online resources using SAML  
Credential is assertable through OpenID, CardSpace or Liberty Alliance  
Credential is assertable through I-Name  
Credential is assertable through multiple identity assertion networks  
Credential is assertable through all current identity assertion networks  
    The Quality of Means of Assertion Score of this Identity is  
   
Choose the ONE that is closest by placing a Y in the corresponding space under “Determined Value.” (If you choose more than one, the one with the highest weighting will be recorded.) If multiple key pairs are used, the “credential private key” is the private key that is used for routine authentication, not the foundational private key. Determined Value Weighting of This Value Score  
Credential is a simple assertion (serial number, url, uri, etc.) with no use of asymmetric cryptography (no x.509 identity certificate.)  
Credential private key is stored on the hard drive of a network-connected computer running a personal computer operating system without firewall protection  
Credential private key is stored on the hard drive of a network-connected computer running a personal computer operating system with an intrusion prevention mechanism whose quality has been verified by the enrollment officer  
Credential private key is stored in a verified “sandbox” area on a device such as a mobile phone but without isolation from the device's general operating system  
Credential private key is stored in a verified isolated device with a separate operating environment on a device such as a mobile phone, isolated from the device's general operating system, as verified by the enrollment officer  
Credential private key is stored in a verified isolated device with a separate operating environment on a device such as a mobile phone, isolated from the device's general operating system; all cryptographic operations are performed in the isolated portion of the device, as verified by the enrollment officer. Use of the private key is enabled by input of passcode from the keypad of the mobile device.  
Credential private key is stored in a verified isolated device with a separate operating environment on a device such as a mobile phone, isolated from the device's general operating system; all cryptographic operations are performed in the isolated portion of the device, as verified by the enrollment officer. Use of the private key is enabled by input of passcode or biometric on the isolated portion of the device and not from the keypad or biometric input of the mobile device.  
Credential private key is stored in a verified isolated device with a separate operating system that meets the “Osmium” standard for isolated cryptographic operating systems or an equivalent standard for HSM devices on a device such as a mobile phone, isolated from the device's general operating system; all cryptographic operations are performed in the isolated portion of the device, as verified by the enrollment officer. Use of the private key is enabled by input of both a passcode and a biometric on the isolated portion of the device and not from the keypad or biometric input of the mobile device.  
Credential private key is stored in a verified isolated device with a separate operating system that meets the “Osmium” standard for isolated cryptographic operating systems or an equivalent standard for HSM devices on a device such as a mobile phone, isolated from the device's general operating system; all cryptographic operations are performed in the isolated portion of the device, as verified by the enrollment officer. Use of the private key is enabled by input of both a passcode and a biometric on the isolated portion of the device and not from the keypad or biometric input of the mobile device. Additionally, the isolated device has a display, circuitry and Osmium-grade software that is suitable for image-verification of a remote facility for authenticity  
Credential private key is stored in a verified isolated device with a separate operating system that meets the “Osmium” standard for isolated cryptographic operating systems or an equivalent standard for HSM devices on a device such as a mobile phone, isolated from the device's general operating system; all cryptographic operations are performed in the isolated portion of the device, as verified by the enrollment officer. Use of the private key is enabled by input of both a passcode and a biometric on the isolated portion of the device and not from the keypad or biometric input of the mobile device. Additionally, the isolated device has a display, circuitry and Osmium-grade software that is suitable for image-verification of a remote facility for authenticity; and a system in which the verification image exists only in encrypted form, with all cleartext versions of the image having been destroyed  
In addition to the choice above, if multiple key pairs are used in this credential choose either of the following cases by placing a Y in the corresponding space under “Determined Value.”    
(Additional point score) Are multiple key pairs used in the establishment and operation of this identity, that is, key pairs that are separate from an archived foundational private key?  
(additional point score) Are separate keys pairs used for signing, authentication, and encryption, with different key pairs used for different types of token usage (single factor, two factor, three factor, four factor) all bound to an archived foundational private key?  
    The Quality of this Identity's Credential is  
   
Choose the ONE that is closest by placing a Y in the corresponding space under “Determined Value.” (If you choose more than one, the one with the highest weighting will be recorded.) Determined Value Weighting of This Value Score  
AL Code 0: No assumption of liability by any party  
AL Code 1: Used only for certificates produced by non-notarial enrollment processes: Enrollment Officer assumes at least $5,000 liability for the integrity of the enrollment process, meaning that the enrollment officer takes responsibility for the subject's correct identity.  
AL Code 2: The enrollment was notarial, which means enrollee is under penalty of perjury for any false information in oath and affidavit and the enrolling notary (not necessarily the same person as the enrollment officer) assumes criminal liability against fraudulent enrollment. However, no financial liability is assumed.  
AL Code 3: The enrollment was notarial, and the subject assumes at least $10,000 liability for acts of fraudulent enrollment; however, such liability is not covered by insurance or bond.  
AL Code 4: The enrollment was notarial, and the subject assumes at least $5,000 bonded or insured liability for acts of fraudulent enrollment.  
AL Code 5: The enrollment was notarial, the subject, enrolling notary and enrollment officer (if different from enrolling notary) each assumes at least $5,000 bonded or insured liability for acts of fraudulent enrollment.  
AL Code 6: The enrollment was notarial, the subject, enrolling notary and enrollment officer (if different from enrolling notary) each assumes at least $25,000 bonded or insured liability for acts of fraudulent enrollment.  
AL Code 6: The enrollment was notarial, the subject, enrolling notary and enrollment officer (if different from enrolling notary) each assumes at least $25,000 bonded or insured liability for acts of fraudulent enrollment; and the subject assumes at least $100,000 liability, bonded or insured, for any fraudulent act committed with the use of this identity credential or any derivative credential or certificate.  
AL Code 7: The enrollment was notarial, the subject, enrolling notary and enrollment officer (if different from enrolling notary) each assumes at least $25,000 bonded or insured liability for acts of fraudulent enrollment; and the subject assumes at least $1,000,000 liability, bonded or insured, for any fraudulent act committed with the use of this identity credential or any derivative credential or certificate.  
AL Code 8: Enrollment Officer verifies initially and at least yearly thereafter that the subject of the identity certificate carries a bond of $5 million or more that insures not only the identity of subject but against fraud in all transactions and events that the subject signs with the identity credential or any derivative credential or certificate.  
AL Code 9: Subject is bonded and the bond applies to any instance where the credential is misused; subject assumes liability for any and all misuse of the credential. Bonding events, including commitments regarding the use of the bond, are are signed by the bond issuer and are updated at each bonding or bond usage event; and are made available in an InDoor space to relying parties.  
    The Quality of the Assumption of Liability of this Identity is  
Aggregating the six components of Identity Quality:  
 
   
Adding the six components of Identity Quality, we find that    
  The General Quality of This Identity Is:     on the Identity Quality Scale of 0 to 54.
Relative Identity Quality Calculation        
While the total Identity Quality Score is significant, the importance of each of the six components will vary according to the needs of the relying party. For example, an operator of a social networking facility for children will require a high Enrollment Practices score but may not be very concerned about Assumption of Liability. A facility that enables online real estate transactions will consider Assumption of Liability more important than Means of Assertion. Importance of Quality of Ownership Importance of Quality of Enrollment Practices Importance of Quality of Attestation Importance of Means of Assertion Importance of Quality of Credential Importance of Quality of Assumption of Liability  
To create a Relative Identity Quality score that specifically relates to the needs of your organization, rate the importance of each of the six “dimensions” of identity to your organization, or to a particular application or user group in your organization, on a scale of 0 to 9:  
The mean score of any of the six measures is the mean value between 0 and 9, or 4.5, meaning that a relative importance score of 4.5 would be the value that would not affect the results either way.  
Thus to “normalize” the score such that each relative importance score would not affect the result, each score should be added as a deviation from 4.5, or actual score plus (importance minus 4.5). 7+1-4.5 7+8-4.5 8+5-4.5 4+4-4.5 7+8-4.5 6+9-4.5  
             
Adusting the scores  
             
      The Relative Quality of This Identity For This Application Is:    
             
This will always be an integer, as we are adding six numbers that all end in .5          
However, the relative ID Quality can exceed 54. I guess that's ok.            
             
             
             
             
PROPRIETARY AND CONFIDENTIAL. PATENT PENDING. Copyright © 2008 The Village Group, Inc.  

Run Excel on the web server