Review of BIAS

OASIS BIAS Integration Technical Committee:

Attached are my 35 embedded comments for the public review of the Biometric Identity Assurance Services (BIAS) SOAP Profile, Version 1.0; overall I have the following general comments:

1. There are numerous inconsistencies with field types, such as;

§ There are at least three different definitions for Score (integer, string, unsignedLong)

§ There are many uses of integer for range values, what does a negative or “0” value mean?

§ Some status codes are numeric values while others are strings, the implementation should be consistent

2. There are no security requirements, everything is optional, which contradicts the American National Standard X9.84 Biometric Information Management and Security and ISO 19092 Financial Services — Biometrics — Information Assurance; the Technical Committee needs to integrate the X9.84 and ISO 19092 requirements into BIAS

3. To achieve interoperability, the error codes and error handling for each BIAS operation need to be enumerated; there are simply too many instances where things could easily go wrong and yet the logic flows are not well defined

Please note that I did not mark every similar instance of inconsistent field types, the comments should be interpreted as applying to the whole document and as such the inconsistencies should be researched and addressed.

Thank you,

Jeff Stapleton

CTO, Cryptographic Assurance Services LLC

4101 West Green Oaks Blvd., Suite 305, PMB 150

Arlington, TX 76016

(817) 446-5881 office

(817) 682-1318 mobile

bias-comment message