Subscriber Accounts

This section is normative.

Subscriber Accounts

The CSP SHALL establish and maintain a unique subscriber account for each active subscriber in the CSP identity system from the time of enrollment to the time of account closure. The CSP establishes a subscriber account to record each subscriber as a unique identity within its identity service and to maintain a record of all authenticators associated with that account.

The CSP SHALL assign a unique identifier to each subscriber account. The identifier SHOULD be randomly generated by the CSP system and of sufficient length and entropy to ensure uniqueness within its user population and to support federation with RPs, where applicable. The identifier MAY be used as a subject identifier in the generation of assertions, consistent with [SP800-63C].

At a minimum, the CSP SHALL include the following information in each subscriber account:

• The unique identifier associated with the subscriber account
• Any subject identifiers established for the subscriber, including any RP specific subject identifiers
• A record of the identity proofing steps completed for the subscriber, including:
  • The type and issuer of identity evidence
  • The type of proofing (Remote Unattended, Remote Attended, Onsite Attended, Onsite Unattended)
  • The validation and verification methods used
  • The use of a trusted referee or other exception handling process
  • The use of an applicant reference, including a unique identifier for the applicant reference
• Maximum IAL successfully achieved for the identity proofing of the subscriber
• Records of any applicant consent agreements related to the collection and processing of information about the applicant, including biometrics, throughout the subscriber account lifecycle
• All authenticators currently bound to the subscriber account, whether registered at enrollment or subsequent to enrollment
• Attributes that were validated during the identity proofing process or in subsequent transactions to support RP access

Subscriber Account Access

The CSP SHALL provide the capability for subscribers to authenticate and access information in their subscriber account.

For subscriber accounts that contain PII, this capability SHALL be accomplished through AAL2 or AAL3 authentication processes using authenticators registered to the subscriber account.

Subscriber Account Maintenance and Updates

The CSP SHALL provide the capability for a subscriber to request the CSP to update information contained in their subscriber account. The CSP MAY provide a mechanism for subscribers to update any non-core attributes directly.

The CSP SHALL validate any changes to core attribute information maintained in the subscriber account.

The CSP SHALL provide notice to the subscriber of any updates made to information in the subscriber account.

The CSP SHALL provide the capability for the subscriber to report any unauthorized access or potential compromise to information in their subscriber account.

Subscriber Account Suspension or Termination

The CSP SHALL promptly suspend or terminate the subscriber account when one of the following occurs:

• The subscriber elects to terminate their subscriber account with the CSP.
• The CSP determines that the subscriber account has been compromised.
• The CSP determines that the subscriber has violated the policies or rules for participation in the CSP identity service.
• The CSP determines that the subscriber account is inactive in accordance with the policies or rules established by the CSP.
• The CSP receives notification of a subscriber’s death from an authoritative source.
• The CSP receives a legal instrument from a court to terminate a subscriber’s account.
• The CSP ceases identity system and services operations.

The CSP SHALL provide notification to the subscriber that their subscriber account has been suspended or terminated. Such notices SHALL include information about why the account was suspended or terminated, reactivation or renewal options, and any options for redress if the subscriber thinks the account was suspended or terminated in error.

The CSP SHALL delete any personal or sensitive information from the subscriber account records following account termination in accordance with the record retention and disposal requirements, as documented in its practices statement Sec. 3.1.1.