[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Review of BIAS
OASIS BIAS Integration Technical Committee: Attached are my 35 embedded comments for the public review
of the Biometric Identity Assurance Services (BIAS) SOAP Profile,
Version 1.0; overall I have the following general comments: 1.
There are numerous inconsistencies with field types,
such as; § There
are at least three different definitions for Score (integer, string,
unsignedLong) § There
are many uses of integer for range values, what does a negative or “0”
value mean? § Some
status codes are numeric values while others are strings, the implementation
should be consistent 2. There are no security
requirements, everything is optional, which contradicts the American National
Standard X9.84 Biometric Information Management and Security and ISO
19092 Financial
Services — Biometrics — Information Assurance; the Technical
Committee needs to integrate the X9.84 and ISO 19092 requirements into BIAS 3. To achieve interoperability,
the error codes and error handling for each BIAS operation need to be
enumerated; there are simply too many instances where things could easily go
wrong and yet the logic flows are not well defined Please note that I did not mark every similar instance of
inconsistent field types, the comments should be interpreted as applying to the
whole document and as such the inconsistencies should be researched and addressed.
Thank you, Jeff
Stapleton CTO,
Cryptographic
Assurance Services LLC 4101
West Green Oaks Blvd., Suite 305, PMB 150 Arlington,
TX 76016 (817)
446-5881 office (817)
682-1318 mobile |
biasprofile-1.0-wd-07(jjs).doc
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]